 Infected W/vundo & Virtumonde, Slowing computer and deleting exe files |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 12 2008, 08:52 AM
Post
#1
|
|
 Member  Group: Members Posts: 16 Joined: 7-January 08 From: North Carolina Member No.: 181,906  |
I have seen this file labeled pmnlm.exe, pmnlm.dll & pmnlm.dll_old. I have tried deleting it manually without success. I have also run vundofix. Here is my log. Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:39:52 AM, on 1/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?rev=10238 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {53AFF78C-310F-4D25-9EBF-198E64D5FE9B} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll (file missing) O2 - BHO: {e443f4ba-1bd4-2339-5cf4-551b22b8224a} - {a4228b22-b155-4fc5-9332-4db1ab4f344e} - C:\WINDOWS\system32\xokrctgh.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183959451312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183959443078 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8849 bytes -------------------- Clueless On The East Coast
|
 |
 
|
|
Jan 18 2008, 10:18 PM
Post
#2
|
|
 Malware Expert Group: Moderator Posts: 10,932 Joined: 28-January 05 From: Holland Michigan USA Member No.: 10,782 |
Hi wolfz_1964 and welcome to the BC HijackThis forum. We need to use a different scanner to see hat else might be in there.
Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop. Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file. Cheers. OT -------------------- I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer  |
|
|
|
|
Jan 19 2008, 08:17 AM
Post
#3
|
|
|
Member Group: Members Posts: 16 Joined: 7-January 08 From: North Carolina Member No.: 181,906 |
Hey OldTimer,
 Thanks for your help. I will be running scan in a couple hours. 
-------------------- Clueless On The East Coast
|
|
|
|
 Jan 19 2008, 11:14 AM
Post
#4
|
|
|
Member Group: Members Posts: 16 Joined: 7-January 08 From: North Carolina Member No.: 181,906 |
Attached the file...just in case  WinPFind35 logfile created on: 1/19/2008 9:45:34 AM WinPFind35U Version Beta25 Folder = C:\Documents and Settings\Mom\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) 1.50 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 58.44% Memory free 2.86 Gb Paging File | 2.35 Gb Available in Paging File | 82.21% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 42.72 Gb Free Space | 76.52% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 232.88 Gb Total Space | 195.26 Gb Free Space | 83.85% Space Free | Partition Type: NTFS Computer Name: MELANIE Current User Name: Mom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] smss.exe -> %System32%\smss -> File not found csrss.exe -> %System32%\csrss -> File not found winlogon.exe -> %System32%\winlogon -> File not found services.exe -> %System32%\services -> File not found lsass.exe -> %System32%\lsass -> File not found svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> File not found -> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> [Wmi] -> File not found svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> File not found -> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] -> [Wmi] -> File not found msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng -> File not found svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> File not found -> %System32%\6to4svc.dll [6to4] -> Microsoft Corporation [Ver = 5.1.2600.2975 (xpsp_sp2_gdr.060816-0059) | Size = 100352 bytes | Modified Date = 8/16/2006 6:58:05 AM | Attr = ] -> %System32%\appmgmts.dll [AppMgmt] -> File not found -> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ] -> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ] -> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ] -> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] -> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ] -> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ] -> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ] -> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 7:59:41 AM | Attr = ] -> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] -> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] -> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 11:39:45 PM | Attr = ] -> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 11:39:45 PM | Attr = ] -> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ] -> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] -> %System32%\hidserv.dll [HidServ] -> File not found -> %System32%\hidserv.dll [HidServ] -> File not found -> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 2:32:34 PM | Attr = ] -> %System32%\wkssvc.dll [LanmanWorkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 7:28:27 AM | Attr = ] -> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] -> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 1:29:46 PM | Attr = ] -> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] -> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] -> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] -> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 5:47:18 AM | Attr = ] -> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 9/3/2002 11:42:48 AM | Attr = ] -> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] -> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] -> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] -> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] -> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ] -> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 2:56:45 AM | Attr = ] -> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 11:27:56 AM | Attr = ] -> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ] -> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> %System32%\wbem\wmisvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> %System32%\mspmsnsv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 8:47:16 PM | Attr = ] -> [Wmi] -> File not found -> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> File not found -> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] -> [Wmi] -> File not found svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> File not found -> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ] -> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] -> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 2:56:45 AM | Attr = ] -> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 3:17:02 PM | Attr = ] -> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 10:35:05 PM | Attr = ] -> [Wmi] -> File not found aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found spoolsv.exe -> %System32%\spoolsv -> File not found umxcfg.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg -> File not found umxfwhlp.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp -> File not found umxpol.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxPol -> File not found umxagent.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxAgent -> File not found explorer.exe -> %SystemRoot%\explorer -> File not found ati2evxx.exe -> %System32%\ati2evxx -> File not found isafe.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe -> File not found ctsvccda.exe -> %System32%\CTsvcCDA -> File not found itmrtsvc.exe -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC -> File not found hpzipm12.exe -> %System32%\HPZipm12 -> File not found svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> File not found -> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 1:16:47 PM | Attr = ] -> [Wmi] -> File not found vetmsg.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg -> File not found mspmspsv.exe -> %System32%\MsPMSPSv -> File not found capfsem.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfsem -> File not found alg.exe -> %System32%\alg -> File not found msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui -> File not found jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched -> File not found cctray.exe -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray -> File not found cavrid.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\cavrid -> File not found capfasem.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfasem -> File not found svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] -> File not found -> %System32%\w3ssl.dll [HTTPFilter] -> Microsoft Corporation [Ver = 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] -> [Wmi] -> File not found ctfmon.exe -> %System32%\ctfmon -> File not found ccprovsp.exe -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp -> File not found cappactiveprotection.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection -> File not found ppctlpriv.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv -> File not found winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U -> File not found [Win32 Services - Non-Microsoft Only] (6to4) IPv6 Helper Service [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found (Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg -> File not found (AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state -> File not found (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx -> File not found (AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (CaCCProvSP) CaCCProvSP [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp -> File not found (CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe -> File not found (CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc -> File not found (ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv -> File not found (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw -> File not found (COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost -> File not found (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA -> File not found (CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin -> File not found (dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found (Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services -> File not found (EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache -> File not found (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi -> File not found (ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC -> File not found (lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (LanmanWorkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found (mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc -> File not found (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc -> [Folder | Modified Date = 7/8/2007 10:30:59 PM | Attr = ] (MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec -> File not found (NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde -> File not found (NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde -> File not found (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass -> File not found (Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost -> File not found (Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass -> File not found (NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services -> File not found (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12 -> File not found (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found (PPCtlPriv) PPCtlPriv [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv -> File not found (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found (RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found (RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr -> File not found (RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found (RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator -> File not found (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp -> File not found (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found (SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr -> File not found (Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv -> File not found (srservice) System Restore Service [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found (SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\supportsoft\bin\ssrc -> File not found (SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost -> File not found (SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc -> File not found (TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found (Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (UmxAgent) HIPS Event Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxAgent -> File not found (UmxCfg) HIPS Configuration Interpreter [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg -> File not found (UmxFwHlp) HIPS Firewall Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp -> File not found (UmxPol) HIPS Policy Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxPol -> File not found (upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found (UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups -> File not found (VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg -> File not found (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc -> File not found (W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng -> File not found (winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %System32%\MsPMSPSv -> File not found (WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found (WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv -> File not found (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk -> File not found (wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found (WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found (xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi -> File not found (ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec -> File not found (AFD) AFD Networking Support Environment [Kernel | System | Running] -> %System32%\drivers\afd -> File not found (agp440) Intel AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\agp440 -> File not found (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac -> File not found (atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi -> File not found (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag -> File not found (atinrvxx) ATI WDM Rage Theater Video [Kernel | On_Demand | Running] -> %System32%\drivers\atinrvxx -> File not found (ATITUNEP) ATI WDM TV Tuner [Kernel | Auto | Running] -> %System32%\drivers\atintuxx -> File not found (ativraxx) ATI WDM Rage Theater Audio [Kernel | On_Demand | Running] -> %System32%\drivers\atinraxx -> File not found (ATIXSAudio) ATI WDM TV Audio Crossbar [Kernel | Auto | Running] -> %System32%\drivers\atinxsxx -> File not found (Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc -> File not found (audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub -> File not found (Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep -> File not found (Bridge) MAC Bridge [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge -> File not found (BridgeMP) MAC Bridge Miniport [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge -> File not found (cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k -> File not found (CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %System32%\drivers\ccdecode -> File not found (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio -> File not found (Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs -> File not found (Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctsfm2k -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot -> File not found (dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio -> File not found (dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload -> File not found (DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\dmusic -> File not found (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud -> File not found (E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325 -> File not found (Fastfat) Fastfat [File_System | Disabled | Stopped] -> %System32%\drivers\fastfat -> File not found (Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\fdc -> File not found (Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips -> File not found (Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %System32%\drivers\flpydisk -> File not found (FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr -> File not found (Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk -> File not found (gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\gameenum -> File not found (Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc -> File not found (hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\hidusb -> File not found (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZid412 -> File not found (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZipr12 -> File not found (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZius12 -> File not found (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWBS2 -> File not found (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP -> File not found (HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\drivers\http -> File not found (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt -> File not found (Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntelIde) IntelIde [Kernel | Boot | Running] -> %System32%\drivers\intelide -> File not found (intelppm) Intel Processor Driver [Kernel | System | Running] -> %System32%\drivers\intelppm -> File not found (ip6fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ip6fw -> File not found (IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv -> File not found (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip -> File not found (IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat -> File not found (IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec -> File not found (IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum -> File not found (isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp -> File not found (Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass -> File not found (kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %System32%\drivers\kmixer -> File not found (KmxAgent) KmxAgent [Kernel | System | Running] -> %System32%\drivers\KmxAgent -> File not found (KmxCF) KmxCF [Kernel | Auto | Running] -> %System32%\drivers\KmxCF -> File not found (KmxCfg) KmxCfg [Kernel | On_Demand | Running] -> %System32%\drivers\KmxCfg -> File not found (KmxFile) KmxFile [Kernel | System | Running] -> %System32%\drivers\KmxFile -> File not found (KmxFw) KmxFw [Kernel | System | Running] -> %System32%\drivers\KmxFw -> File not found (KmxSbx) KmxSbx [Kernel | Auto | Running] -> %System32%\drivers\KmxSbx -> File not found (KmxStart) KmxStart [Kernel | Boot | Running] -> %System32%\drivers\KmxStart -> File not found (KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd -> File not found (L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %System32%\drivers\L8042Kbd -> File not found (L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042MOU -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidKE -> File not found (LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidUsbK -> File not found (LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE -> File not found (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk -> File not found (mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd -> File not found (Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem -> File not found (MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %System32%\drivers\MODEMCSA -> File not found (Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass -> File not found (mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid -> File not found (MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %System32%\drivers\mountmgr -> File not found (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav -> File not found (MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb -> File not found (Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs -> File not found (MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mskssrv -> File not found (MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspclock -> File not found (MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspqm -> File not found (mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios -> File not found (MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> %System32%\drivers\mstee -> File not found (Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup -> File not found (MVDCODEC) ATI WDM Specialized MVD Codec [Kernel | Auto | Running] -> %System32%\drivers\atinmdxx -> File not found (NABTSFEC) NABTS/FEC VBI Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\nabtsfec -> File not found (NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis -> File not found (NdisIP) Microsoft TV/Video Connection [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndisip -> File not found (NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi -> File not found (Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio -> File not found (NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan -> File not found (NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy -> File not found (NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios -> File not found (NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\drivers\netbt -> File not found (nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmnt -> File not found (Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs -> File not found (Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs -> File not found (Null) Null [Kernel | System | Running] -> %System32%\drivers\null -> File not found (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt -> File not found (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd -> File not found (OMCI) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\drivers\omci -> File not found (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctoss2k -> File not found (P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\P16X -> File not found (Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\drivers\parport -> File not found (PartMgr) Partition Manager [Kernel | Boot | Running] -> %System32%\drivers\partmgr -> File not found (ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\parvdm -> File not found (PCDCODEC) ATI WDM Specialized PCD Codec [Kernel | Auto | Running] -> %System32%\drivers\atinpdxx -> File not found (PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci -> File not found (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PCIIde) PCIIde [Kernel | Boot | Running] -> %System32%\drivers\pciide -> File not found (Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\PFMODNT -> File not found (PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp -> File not found (Processor) Processor Driver [Kernel | System | Stopped] -> %System32%\drivers\processr -> File not found (PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink -> File not found (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20 -> File not found (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %System32%\drivers\rasacd -> File not found (Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %System32%\drivers\rasl2tp -> File not found (RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %System32%\drivers\raspppoe -> File not found (Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %System32%\drivers\raspti -> File not found (Rdbss) Rdbss [File_System | System | Running] -> %System32%\drivers\rdbss -> File not found (RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\drivers\rdpcdd -> File not found (RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd -> File not found (redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\drivers\redbook -> File not found (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv -> File not found (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM -> File not found (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL -> File not found (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv -> File not found (serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\serenum -> File not found (Serial) Serial port driver [Kernel | System | Running] -> %System32%\drivers\serial -> File not found (Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy -> File not found (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (SLIP) BDA Slip De-Framer [Kernel | On_Demand | Stopped] -> %System32%\drivers\slip -> File not found (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter -> File not found (sr) System Restore Filter Driver [File_System | Disabled | Stopped] -> %System32%\drivers\sr -> File not found (Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv -> File not found (streamip) BDA IPSink [Kernel | On_Demand | Stopped] -> %System32%\drivers\streamip -> File not found (swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum -> File not found (swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi -> File not found (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio -> File not found (Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip -> File not found (Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip6 -> File not found (TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe -> File not found (TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp -> File not found (TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd -> File not found (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (tunmp) Microsoft Tun Miniport Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tunmp -> File not found (Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update -> File not found (usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbccgp -> File not found (usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci -> File not found (usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub -> File not found (usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Running] -> %System32%\drivers\usbprint -> File not found (usbscan) USB Scanner Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbscan -> File not found (USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Running] -> %System32%\drivers\USBSTOR -> File not found (usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci -> File not found (VET-FILT) VET File System Filter [Kernel | System | Running] -> %System32%\drivers\vet-filt -> File not found (VET-REC) VET File System Recognizer [Kernel | System | Running] -> %System32%\drivers\vet-rec -> File not found (VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %System32%\drivers\veteboot -> File not found (VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %System32%\drivers\vetefile -> File not found (VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %System32%\drivers\vetfddnt -> File not found (VETMONNT) VET File Monitor [Kernel | System | Running] -> %System32%\drivers\vetmonnt -> File not found (VgaSave) VGA Display Controller. [Kernel | System | Running] -> %System32%\drivers\vga -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap -> File not found (Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT -> File not found (WSTCODEC) World Standard Teletext Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\wstcodec -> File not found (WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfPf -> File not found (WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfRd -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found ATIModeChange -> %System32%\Ati2mdxx -> File not found cafwc -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\cafw -> File not found capfasem -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfasem -> File not found capfupgrade -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade -> File not found CAVRID -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\cavrid -> File not found cctray -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray -> File not found Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR -> File not found SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched -> File not found Windows Defender -> %ProgramFiles%\Windows Defender\MSASCui -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ctfmon.exe -> %System32%\ctfmon -> File not found *MultiFile Done* -> -> < Windows NT\\Load [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> C:\WINDOWS\system32\pmnlm.exe -> %System32%\pmnlm.exe -> File not found *MultiFile Done* -> -> < Windows NT\\Load [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> C:\WINDOWS\system32\pmnlm.exe -> %System32%\pmnlm.exe -> File not found *MultiFile Done* -> -> *MultiFile Done* -> -> *MultiFile Done* -> -> < Run [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ctfmon.exe -> %System32%\ctfmon -> File not found *MultiFile Done* -> -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> -> %AllUsersStartup%\desktop -> File not found < Dad Startup Folder > -> C:\Documents and Settings\Dad\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Dad\Start Menu\Programs\Startup\desktop -> File not found < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop -> File not found < Hope Startup Folder > -> C:\Documents and Settings\Hope\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Hope\Start Menu\Programs\Startup\desktop -> File not found < Jennifer Startup Folder > -> C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Jennifer\Start Menu\Programs\Startup\desktop -> File not found < Mom Startup Folder > -> C:\Documents and Settings\Mom\Start Menu\Programs\Startup -> -> %UserStartup%\desktop -> File not found < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> %System32%\ntsd [Debugger] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ] {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer -> File not found *MultiFile Done* -> -> *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %System32%\userinit -> File not found *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %System32%\logonui -> File not found *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %System32%\rundll32 -> File not found Control_RunDLL "sysdm.cpl" -> %System32%\sysdm -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] PFW -> %System32%\UmxWNP.dll -> CA [Ver = 6, 0, 0, 5 | Size = 79368 bytes | Modified Date = 5/18/2007 2:30:00 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < HOSTS File > (223027 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.rr.com/flash/index.cfm?rev=10238 -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Start Page -> http://www.rr.com/flash/index.cfm?rev=10238 -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Proxy |