Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe


  • This topic is locked This topic is locked
7 replies to this topic

#1 smokingjoey

smokingjoey

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 17 April 2007 - 08:58 PM

I am having serious issues on this PC for the last week. I've done a lot of googling and searching this site, but I can't seem to find a solution for this malware problem.

Boot computer normally, sign in (Dell Dimension, XP HOME 2002 SP 1)

Checking Task Manager, DFDDDE1-F440-11D2-9540-0040052FC4F9 is running at startup under Applications. I kill the application.

Within a few minutes, SVCHOST.EXE starts using >90% CPU Time. This happens when I open Outlook or IE.
Sometimes it just starts spontaneously. I can kill the process, but it occassionally recurs. Once it has occurred, my computer is affected by:

Loss of sound card till reboot
Cannot switch users within XP, must log fully out
display colors are changed
difficulty accessing backup drive using USB ports
User Names for almost all Image Names disappear in Task Manager/Processes


Possibly related:

Cannot download windows updates including SP 2, get a 0x8024402C error. I am getting assistance from MS in the form of an executable to use in Safe Mode, but I want to make sure my computer is clean first.


I have tried, in no particular order:

McAfee (updated)
AdAware SE (updated)
drweb-cureit, and moved the incurable files
Ewido on-line several times
Manually wiping all cookies with BCWipe
MS knowledgebase articles to allow Windows update to function
VundoFix cannot find any files
ZoneAlarm is running
Spybot


DFDDDE1-F440-11D2-9540-0040052FC4F9 is not in startup, cannot be found in the registry, does not exist in any class file.


Windows Performance monitor is running scans and alerts, and tells me that it's always SVCHOST #4 taking over the CPU (Counter: \Process(SVCHOST#4)\% Processor Time has tripped its alert threshold. The counter value of 99.375 is over the limit value of 80.)

Wondering if this is trying to communicate, here's a netstat while the CPU was seized


Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2908 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6646 0.0.0.0:0 LISTENING
TCP 127.0.0.1:4290 127.0.0.1:4294 TIME_WAIT
TCP 127.0.0.1:4292 127.0.0.1:4296 TIME_WAIT
TCP 192.168.2.88:139 0.0.0.0:0 LISTENING
TCP 192.168.2.88:4295 204.127.198.10:110 TIME_WAIT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1039 *:*
UDP 0.0.0.0:1040 *:*
UDP 0.0.0.0:3038 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:2912 *:*
UDP 127.0.0.1:2952 *:*
UDP 127.0.0.1:2965 *:*
UDP 127.0.0.1:2998 *:*
UDP 127.0.0.1:4174 *:*
UDP 127.0.0.1:62515 *:*
UDP 127.0.0.1:62517 *:*
UDP 127.0.0.1:62519 *:*
UDP 127.0.0.1:62521 *:*
UDP 127.0.0.1:62523 *:*
UDP 127.0.0.1:62524 *:*
UDP 192.168.2.88:137 *:*
UDP 192.168.2.88:138 *:*
UDP 192.168.2.88:1900 *:*
UDP 192.168.2.88:6646 *:*



Here's a Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:53:56 PM, on 4/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\lexpps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
F:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
F:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by

Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program

files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat...b?1169870342525
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) -
http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -
http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://wdownload.weatherbug.com/minibug/tr...uginstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A847029-8CA4-49A3-920D-F714B58EFE83}: NameServer = 192.168.2.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco
Systems\VPN Client\cvpnd.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® NetStructure™ VPN Client (ICService) - Unknown owner - C:\Program Files\Intel\Intel
NetStructure VPN Client\icsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Edited by smokingjoey, 17 April 2007 - 09:01 PM.


BC AdBot (Login to Remove)

 


#2 smokingjoey

smokingjoey
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 23 April 2007 - 06:43 PM

Updated information: my work laptop has started to exhibit some of the same behavior today:

Extreme slowness
Loss of sound card till reboot
display colors are changed

On the laptop, the problem starts within a minute or two of bootup. Svchost.exe is not using exhorbitant amounts of CPU, and DFDDDE1-F440-11D2-9540-0040052FC4F9 is not in the Applications tab.

I haven't shared any disks or drives between the two, and have visited only a couple of sites on both. Some are powerhouses (Google, My Yahoo), and others are message boards I've visited for years.

My laptop is XP Professional with SP 2. This weekend, a number of critical patches were downloaded by corporate IT.

I'm not asking for assistance on the laptop, I'm just starting to wonder if we're not facing a nasty new virus.

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:30 AM

Posted 26 April 2007 - 06:55 PM

Hello smokingjoey and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

Just to be sure let's run a different scanner and see if it shows anything.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Boot the computer normally.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Processes group select All.
  • In the Driver Services group select Non-Microsoft.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 smokingjoey

smokingjoey
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 26 April 2007 - 07:44 PM

Hi, OldTimer. Thanks for stepping in to help.

One symptom may be explainable: I watched my processes while killing DFDDDE1-F440-11D2-9540-0040052FC4F9, and it appears to be related to Visioneer's One Touch Scanner, which is in my startup. I've unchecked it, and I suspect that problem will vanish when I reboot. If not, I'll add an update.

Here's your log:


WinPFind3 logfile created on: 4/26/2007 8:33:34 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Ed\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

1022.00 Mb Total Physical Memory | 500.29 Mb Available Physical Memory | 48.95% Memory free
1.09 Gb Paging File | 0.64 Gb Available in Paging File | 58.22% Paging File free
Paging file location(s): C:\pagefile.sys 192 384;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 10.05 Gb Free Space | 26.98% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 112.48 Gb Free Space | 75.46% Space Free

Computer Name: DELL
Current User Name: Ed
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - All]
smss.exe -> %System32%\SMSS.EXE -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 45568 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
csrss.exe -> %System32%\CSRSS.EXE -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4096 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.1557 (xpsp2_gdr.040517-1325) | Size = 483328 bytes | Modified Date = 5/26/2004 9:38:46 PM | Attr = ]
services.exe -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
lsass.exe -> %System32%\LSASS.EXE -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.1720 (xpsp2.050722-1526) | Size = 276992 bytes | Modified Date = 7/26/2005 12:31:14 AM | Attr = ]
svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 44032 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 15872 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12288 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 43008 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 164864 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.1790 (xpsp2.060103-1544) | Size = 64000 bytes | Modified Date = 1/3/2006 11:37:34 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.35 | Size = 307200 bytes | Modified Date = 8/29/2003 9:54:16 AM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.1699 (xpsp2.050610-1533) | Size = 53248 bytes | Modified Date = 6/10/2005 7:55:46 PM | Attr = ]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (Rel) | Size = 1425424 bytes | Modified Date = 4/14/2004 11:31:40 AM | Attr = ]
icsrv.exe -> %ProgramFiles%\Intel\Intel NetStructure VPN Client\ICSRV.EXE -> [Ver = | Size = 15360 bytes | Modified Date = 11/1/2002 3:09:48 PM | Attr = ]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 12/22/2006 4:02:26 PM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr = ]
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Modified Date = 6/19/2003 11:25:00 PM | Attr = ]
svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 316416 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
wdfmgr.exe -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 1/28/2005 2:44:28 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs LLC [Ver = 5.5.062.011 | Size = 1218320 bytes | Modified Date = 1/26/2005 5:22:32 AM | Attr = ]
svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 38912 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.1569 (xpsp2_gdr.040517-1325) | Size = 361984 bytes | Modified Date = 7/1/2004 6:08:18 PM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 49152 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.1190 (xpsp2.030320-1720) | Size = 53760 bytes | Modified Date = 3/25/2003 5:40:14 PM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.1847 (xpsp2.060519-0009) | Size = 103936 bytes | Modified Date = 5/19/2006 8:15:32 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 19456 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.62 | Size = 227328 bytes | Modified Date = 7/26/2005 12:31:12 AM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2800.1605 (xpsp2.040919-1003) | Size = 116736 bytes | Modified Date = 10/27/2004 9:29:54 PM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\Ip6FwHlp.dll [Ip6FwHlp] -> Microsoft Corporation [Ver = 5.1.2600.1240 (xpsp2.030618-0119) | Size = 40448 bytes | Modified Date = 6/30/2003 5:35:52 PM | Attr = ]
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.1613 (xpsp2.041130-1838) | Size = 79872 bytes | Modified Date = 12/7/2004 3:34:38 PM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.1309 (xpsp2.031013-2110) | Size = 119808 bytes | Modified Date = 10/21/2003 7:06:42 PM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.1309 (xpsp2.031013-2110) | Size = 32256 bytes | Modified Date = 10/21/2003 7:06:42 PM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.1733 (xpsp2.050819-1534) | Size = 154624 bytes | Modified Date = 8/22/2005 2:36:34 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.1106 | Size = 392704 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 82944 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.1842 (xpsp2.060513-0133) | Size = 169984 bytes | Modified Date = 5/14/2006 5:13:42 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.1564 (xpsp2_gdr.040517-1325) | Size = 172544 bytes | Modified Date = 6/8/2004 6:02:22 PM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 20992 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 36352 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.1364 (xpsp2.040109-1800) | Size = 439808 bytes | Modified Date = 3/29/2004 9:48:36 PM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2800.1605 (xpsp2.040919-1003) | Size = 116736 bytes | Modified Date = 10/27/2004 9:29:54 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 158720 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.1715 (xpsp2.050706-1530) | Size = 238592 bytes | Modified Date = 7/8/2005 12:09:48 PM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 200192 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 200192 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2800.1605 (xpsp2.040919-1003) | Size = 116736 bytes | Modified Date = 10/27/2004 9:29:54 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 81920 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [uploadmgr] -> File not found
-> %System32%\w32time.dll [w32time] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 165376 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 101376 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 10.0.3790.3802 | Size = 25088 bytes | Modified Date = 1/28/2005 2:44:28 PM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3630.1106 (xpsp1.020828-1920) | Size = 9216 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.1181 (xpsp2.030305-0046) | Size = 280064 bytes | Modified Date = 3/10/2003 2:25:48 PM | Attr = ]
emproxy.exe -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,206,0 | Size = 341584 bytes | Modified Date = 1/12/2007 4:13:24 PM | Attr = ]
helpsvc.exe -> %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 703488 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
explorer.exe -> %SystemRoot%\EXPLORER.EXE -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1004032 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ]
bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
support.exe -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 5/27/2004 9:05:42 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_04\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 2/22/2004 11:44:44 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs LLC [Ver = 5.5.062.011 | Size = 902936 bytes | Modified Date = 1/26/2005 5:23:20 AM | Attr = ]
cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 28 | Size = 16384 bytes | Modified Date = 5/24/2005 4:28:18 AM | Attr = ]
tgcmd.exe -> %ProgramFiles%\support.com\bin\tgcmd.exe -> Comcast [Ver = 5,6,1039,0 | Size = 1757184 bytes | Modified Date = 6/2/2006 4:09:18 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 42 | Size = 111816 bytes | Modified Date = 11/11/2004 12:15:32 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/25/2006 2:25:46 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.35 | Size = 174592 bytes | Modified Date = 8/29/2003 9:50:24 AM | Attr = ]
psfree.exe -> %ProgramFiles%\Panicware\Pop-Up Stopper Free Edition\PSFree.exe -> Panicware, Inc. [Ver = 3, 1, 0, 1010 | Size = 524288 bytes | Modified Date = 4/29/2003 11:40:10 AM | Attr = ]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 3, 0, 0, 18 | Size = 778240 bytes | Modified Date = 12/19/2001 4:23:10 PM | Attr = ]
ctfmon.exe -> %System32%\CTFMON.EXE -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 13312 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
notifyalert.exe -> %ProgramFiles%\Dell\Support\Alert\bin\NotifyAlert.exe -> [Ver = 2.1.0.72 | Size = 352256 bytes | Modified Date = 10/7/2003 5:20:18 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> [Ver = | Size = 90112 bytes | Modified Date = 8/19/2005 8:34:00 PM | Attr = ]
emupatchmixdsp.exe -> F:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe -> EMU Systems [Ver = 1.71.01.0032 | Size = 581755 bytes | Modified Date = 5/4/2005 5:27:44 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 4/1/2006 2:22:14 PM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (Rel) | Size = 1425424 bytes | Modified Date = 4/14/2004 11:31:40 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,206,0 | Size = 341584 bytes | Modified Date = 1/12/2007 4:13:24 PM | Attr = ]
(ICService) Intel® NetStructure™ VPN Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel NetStructure VPN Client\ICSRV.EXE -> [Ver = | Size = 15360 bytes | Modified Date = 11/1/2002 3:09:48 PM | Attr = ]
(iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 331776 bytes | Modified Date = 6/24/2005 4:16:26 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.35 | Size = 307200 bytes | Modified Date = 8/29/2003 9:54:16 AM | Attr = ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 4/15/2007 8:27:28 AM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs LLC [Ver = 5.5.062.011 | Size = 1218320 bytes | Modified Date = 1/26/2005 5:22:32 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 3:15:00 PM | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 3:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpclient.010817-1148) | Size = 27648 bytes | Modified Date = 8/17/2001 3:58:02 PM | Attr = ]
(ASAPIW2k) ASAPIW2k [Kernel | On_Demand | Running] -> %System32%\DRIVERS\asapiW2k.sys -> Pinnacle Systems GmbH [Ver = 6, 0, 2, 27 | Size = 11264 bytes | Modified Date = 3/10/2004 4:27:18 PM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 3:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 3:51:58 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.60.0.0 built by: WinDDK | Size = 43136 bytes | Modified Date = 5/23/2003 2:58:30 PM | Attr = ]
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %System32%\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ]
(BCSWAP) BCSWAP [Kernel | Disabled | Stopped] -> %System32%\drivers\BCSwap.sys -> Jetico, Inc. [Ver = 2.16 | Size = 88080 bytes | Modified Date = 11/15/2004 6:15:18 AM | Attr = ]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %System32%\drivers\cdr4_xp.sys -> Roxio [Ver = 7.1.0.188 | Size = 44288 bytes | Modified Date = 11/10/2004 5:27:34 PM | Attr = ]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\drivers\cdralw2k.sys -> Roxio [Ver = 7.1.0.188 | Size = 24832 bytes | Modified Date = 11/10/2004 5:30:18 PM | Attr = ]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %System32%\drivers\Cdudf_xp.sys -> Roxio [Ver = 6.0.0.171 built by: WinDDK | Size = 249344 bytes | Modified Date = 1/13/2003 11:19:26 AM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 3:51:54 PM | Attr = ]
(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 503296 bytes | Modified Date = 5/24/2005 4:20:14 AM | Attr = R ]
(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 435712 bytes | Modified Date = 5/24/2005 4:21:02 AM | Attr = R ]
(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 7168 bytes | Modified Date = 5/24/2005 4:21:04 AM | Attr = R ]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 145408 bytes | Modified Date = 5/24/2005 4:20:20 AM | Attr = R ]
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\CVirtA.sys -> Cisco Systems, Inc. [Ver = 4.0.0.106 | Size = 5220 bytes | Modified Date = 5/1/2003 1:26:34 PM | Attr = R ]
(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | Auto | Running] -> %System32%\DRIVERS\CVPNDRVA.sys -> Cisco Systems, Inc. [Ver = 4.0.4 (Rel) | Size = 268874 bytes | Modified Date = 4/14/2004 10:30:56 AM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 3:52:16 PM | Attr = ]
(DCamUSBEMPIA) Dazzle DVC90 Video Device [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\emDevice.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 100957 bytes | Modified Date = 4/6/2004 2:08:06 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMBOOT.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMIO.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %System32%\DRIVERS\dne2000.sys -> Deterministic Networks, Inc. [Ver = 2.21.7.233 | Size = 139604 bytes | Modified Date = 2/2/2004 12:29:00 PM | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.65a | Size = 84576 bytes | Modified Date = 7/31/2003 5:21:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.38a | Size = 40448 bytes | Modified Date = 6/20/2003 4:56:00 AM | Attr = ]
(dtscsi) dtscsi [Kernel | On_Demand | Running] -> %System32%\DRIVERS\dtscsi.sys -> [Ver = | Size = 223128 bytes | Modified Date = 4/1/2006 2:10:18 PM | Attr = ]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %System32%\drivers\Dvd_2k.sys -> Roxio [Ver = 6.0.0.171 | Size = 21654 bytes | Modified Date = 1/13/2003 11:19:26 AM | Attr = ]
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 2:11:06 PM | Attr = ]
(emAudio) Dazzle DVC90 Audio Device [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\emAudio.sys -> Pinnacle Systems, Inc. [Ver = 1.1.0505.0 | Size = 19584 bytes | Modified Date = 5/5/2004 1:40:38 PM | Attr = ]
(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 76800 bytes | Modified Date = 5/24/2005 4:20:18 AM | Attr = R ]
(FiltUSBEMPIA) USB Device Lower Filter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\emFilter.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 5245 bytes | Modified Date = 4/6/2004 2:07:58 PM | Attr = ]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 3/7/2005 12:52:48 PM | Attr = ]
(ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ha10kx2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 744448 bytes | Modified Date = 5/24/2005 4:20:32 AM | Attr = R ]
(i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\I81XNT5.SYS -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 138240 bytes | Modified Date = 8/17/2001 2:49:18 PM | Attr = ]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wADV01nt.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 12672 bytes | Modified Date = 8/17/2001 2:49:22 PM | Attr = ]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wADV02NT.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 12288 bytes | Modified Date = 8/17/2001 2:49:26 PM | Attr = ]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wADV05NT.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 12032 bytes | Modified Date = 8/17/2001 2:49:32 PM | Attr = ]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wSiINTxx.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 12160 bytes | Modified Date = 8/17/2001 2:49:54 PM | Attr = ]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wVchNTxx.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 18688 bytes | Modified Date = 8/17/2001 2:49:58 PM | Attr = ]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wATV01nt.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 29440 bytes | Modified Date = 8/17/2001 2:49:34 PM | Attr = ]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wATV02NT.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 19456 bytes | Modified Date = 8/17/2001 2:49:36 PM | Attr = ]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wATV03nt.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 44928 bytes | Modified Date = 8/17/2001 2:49:42 PM | Attr = ]
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wATV04nt.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 31104 bytes | Modified Date = 8/17/2001 2:49:46 PM | Attr = ]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wCh7xxNT.sys -> Intel Corporation [Ver = 5.13.01.2753.1-Intel Integrated Graphics 08:04PM | Size = 23680 bytes | Modified Date = 8/17/2001 2:49:50 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4342 | Size = 807998 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ]
(ICsrvr) VPN Client Protocol [Kernel | System | Running] -> %System32%\DRIVERS\ICSRVR.SYS -> [Ver = | Size = 160580 bytes | Modified Date = 11/1/2002 2:54:02 PM | Attr = ]
(ICtdi) VPN Client TDI Driver [Kernel | System | Running] -> %System32%\DRIVERS\ICTDI.SYS -> [Ver = | Size = 20690 bytes | Modified Date = 11/1/2002 2:53:40 PM | Attr = ]
(ICvnic) VPN Client Virtual Adapter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\icvnic.sys -> [Ver = | Size = 6580 bytes | Modified Date = 11/1/2002 2:53:42 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\DRIVERS\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Modified Date = 12/22/2006 4:02:40 PM | Attr = ]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\DRIVERS\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 34184 bytes | Modified Date = 12/22/2006 4:02:34 PM | Attr = ]
(mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\DRIVERS\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Modified Date = 12/22/2006 4:02:34 PM | Attr = ]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\DRIVERS\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 32008 bytes | Modified Date = 12/22/2006 4:02:34 PM | Attr = ]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\DRIVERS\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 37480 bytes | Modified Date = 12/22/2006 4:02:34 PM | Attr = ]
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %System32%\drivers\Mmc_2k.sys -> Roxio [Ver = 6.0.0.171 | Size = 22758 bytes | Modified Date = 1/13/2003 11:19:26 AM | Attr = ]
(MPFP) MPFP [Kernel | System | Running] -> %System32%\DRIVERS\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Modified Date = 3/2/2007 2:16:52 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 3:52:12 PM | Attr = ]
(mrtRate) mrtRate [Kernel | Auto | Stopped] -> -> File not found
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.116 | Size = 28256 bytes | Modified Date = 12/10/2006 9:44:28 PM | Attr = ]
(ndiscm) Motorola SURFboard USB Cable Modem Windows Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NetMotCM.sys -> Motorola Inc. [Ver = 2.4.5.0 | Size = 15360 bytes | Modified Date = 2/9/2004 2:06:22 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.13.10.2958 | Size = 891711 bytes | Modified Date = 8/29/2002 1:16:30 AM | Attr = ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 3:45:06 PM | Attr = ]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1102-2.05.0540 | Size = 115712 bytes | Modified Date = 5/24/2005 4:20:26 AM | Attr = R ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCLEPCI) PCLEPCI [Kernel | System | Running] -> %System32%\DRIVERS\Pclepci.sys -> Pinnacle Systems GmbH [Ver = 1.06 | Size = 14165 bytes | Modified Date = 3/19/2002 10:29:16 AM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 11/2/2005 5:47:26 PM | Attr = R ]
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\DRIVERS\pfmodnt.sys -> Creative Technology Ltd. [Ver = 3.0.0.11 | Size = 9216 bytes | Modified Date = 5/24/2005 4:28:46 AM | Attr = R ]
(PortlUSB) PortlUSB [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\GCM4.sys -> PortalPlayer, Inc. [Ver = 1.00.0.1 | Size = 7552 bytes | Modified Date = 6/24/2004 1:52:00 AM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %System32%\drivers\pwd_2K.sys -> Roxio [Ver = 6.0.0.171 | Size = 118422 bytes | Modified Date = 1/13/2003 11:19:26 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.57a | Size = 17168 bytes | Modified Date = 7/30/2003 4:02:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 3:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 3:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 3:52:18 PM | Attr = ]
(ScanUSBEMPIA) USB Still Image Capture Device [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\emScan.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 4493 bytes | Modified Date = 4/6/2004 2:07:54 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SECDRV.SYS -> [Ver = | Size = 27440 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpclient.010817-1148) | Size = 26112 bytes | Modified Date = 8/17/2001 3:58:02 PM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3555 | Size = 545024 bytes | Modified Date = 2/28/2003 11:17:18 AM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 4:07:44 PM | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %System32%\DRIVERS\sptd.sys -> [Ver = | Size = 642560 bytes | Modified Date = 4/1/2006 2:05:12 PM | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 5621 bytes | Modified Date = 7/14/2003 1:28:40 PM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 23219 bytes | Modified Date = 7/14/2003 1:28:22 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 4:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 4:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 4:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 4:07:42 PM | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 25685 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 34837 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 4117 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 2233 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 83284 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 14229 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 6357 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 98068 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 100373 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\DRIVERS\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 1/10/2007 10:47:44 PM | Attr = ]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %System32%\drivers\UdfReadr_xp.sys -> Roxio [Ver = 6.0.0.171 built by: WinDDK | Size = 206464 bytes | Modified Date = 1/13/2003 11:19:26 AM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 3:52:22 PM | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs LLC [Ver = 5.5.062.011 | Size = 280344 bytes | Modified Date = 1/26/2005 5:22:20 AM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 113504 bytes | Modified Date = 4/15/2003 12:40:54 PM | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 78752 bytes | Modified Date = 4/15/2003 12:40:46 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ]
CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 28 | Size = 16384 bytes | Modified Date = 5/24/2005 4:28:18 AM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
DwlClient -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 5/27/2004 9:05:42 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ]
QuickTime Task -> %System32%\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 11/20/2005 6:00:06 PM | Attr = ]
RoxioEngineUtility -> %CommonProgramFiles%\Roxio Shared\System\EngUtil.exe -> Roxio [Ver = 6.0.0.3 | Size = 69632 bytes | Modified Date = 1/13/2003 3:05:42 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_04\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 2/22/2004 11:44:44 PM | Attr = ]
tgcmd -> %ProgramFiles%\support.com\bin\tgcmd.exe -> Comcast [Ver = 5,6,1039,0 | Size = 1757184 bytes | Modified Date = 6/2/2006 4:09:18 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/25/2006 2:25:46 PM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 1:00:00 AM | Attr = ]
USB2Check -> %System32%\PCLECoInst.DLL [RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController] -> Pinnacle Systems [Ver = 1, 1, 1, 6 | Size = 61440 bytes | Modified Date = 4/6/2004 7:05:48 PM | Attr = ]
ViewMgr -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 42 | Size = 111816 bytes | Modified Date = 11/11/2004 12:15:32 AM | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs LLC [Ver = 5.5.062.011 | Size = 902936 bytes | Modified Date = 1/26/2005 5:23:20 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PopUpStopperFreeEdition -> %ProgramFiles%\Panicware\Pop-Up Stopper Free Edition\PSFree.exe -> Panicware, Inc. [Ver = 3, 1, 0, 1010 | Size = 524288 bytes | Modified Date = 4/29/2003 11:40:10 AM | Attr = ]
SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE -> Creative Technology Ltd [Ver = 2, 9, 0, 5 | Size = 25088 bytes | Modified Date = 5/24/2005 4:17:46 AM | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 3, 0, 0, 18 | Size = 778240 bytes | Modified Date = 12/19/2001 4:23:10 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> [Ver = | Size = 3084288 bytes | Modified Date = 8/19/2005 8:34:02 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ]
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.comcast.net/ ->
HKCU: Default_Page_URL -> http://www.dell.com ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://my.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
jobs_brassring.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> f:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\virusscan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 67136 bytes | Modified Date = 12/22/2006 4:02:40 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 1:01:28 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %System32%\msjava.dll [MenuText: Sun Java Console] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 12:26:48 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [ButtonText: Yahoo! Messenger] -> [Ver = | Size = 3084288 bytes | Modified Date = 8/19/2005 8:34:02 PM | Attr = ]
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -> %ProgramFiles%\IrfanView\Ebay\Ebay.htm [ButtonText: eBay - Homepage] -> [Ver = | Size = 378 bytes | Modified Date = 1/29/2005 9:49:22 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{45253CEC-B534-40DD-A322-767F7D3E6D13} -> () ->
{52F30A02-6546-4B84-B956-D80858BF482A} -> () ->
{8A847029-8CA4-49A3-920D-F714B58EFE83} -> 192.168.2.1 (Broadcom 440x 10/100 Integrated Controller) ->
{9AE54F6F-7849-4369-BEC5-11B37F7720C3} -> () ->
{A220FD09-811D-4163-84CE-8EE0D94E41A9} -> (Motorola SURFboard SB5100 USB Cable Modem) ->
{A3525A19-3F5F-435A-8384-E1E39D3C0522} -> () ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 1:01:28 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0000000A-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/d/4...0367/wmavax.CAB ->
{0742B9EF-8C83-41CA-BFBA-830A59E23533} -> Microsoft Data Collection Control - CodeBase = https://support.microsoft.com/oas/ActiveX/MSDcode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://photo.walgreens.com/WalgreensActivia.cab ->
{49232000-16E4-426C-A231-62846947304B} -> - CodeBase = http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1169870342525 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_04 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{90051A81-3018-4826-8B38-DD60B6B53F9C} -> Snapfish File Upload ActiveX Control - CodeBase = http://www.costcophotocenter.com/CostcoUpload.cab ->
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} -> - CodeBase = http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab ->
{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HPObjectInstaller Class - CodeBase = http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab ->
{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -> - CodeBase = http://wdownload.weatherbug.com/minibug/tr...uginstaller.cab ->
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_04 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071714304 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
PerfLogs -> %SystemDrive%\PerfLogs -> [Folder | Created Date = 4/15/2007 3:14:33 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/15/2007 10:10:28 AM | Attr = ]
~BCWipe.stu -> %SystemDrive%\~BCWipe.stu -> [Folder | Created Date = 4/15/2007 7:25:09 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 4/19/2007 9:55:09 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 4/19/2007 9:55:09 PM | Attr = H ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 344 bytes | Created Date = 4/10/2007 7:39:06 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 346 bytes | Created Date = 4/10/2007 7:39:06 PM | Attr = ]
PowerToysLicense.rtf -> %System32%\PowerToysLicense.rtf -> [Ver = | Size = 160217 bytes | Created Date = 4/13/2007 8:19:45 PM | Attr = ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Created Date = 4/10/2007 7:39:28 PM | Attr = ]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 34184 bytes | Created Date = 4/10/2007 7:39:31 PM | Attr = ]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size =

#5 smokingjoey

smokingjoey
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 26 April 2007 - 07:59 PM

Yup, it was the Visioneer.

I know others have posted about DFDDDE1-F440-11D2-9540-0040052FC4F9. Pass that along.

However, the moment I started IE, svchost.exe kicked into high gear. I killed it, but my sound card disappeared. Less than 90 seconds later, my toolbar changed display colors. <sigh>

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:30 AM

Posted 27 April 2007 - 04:13 AM

Hi smokingjoey. The log was cut off at the end but from what I see and from what you have related it is not a problem with malware.

The svchost process is a system process that loads various system services. Part of what the one that you are terminating controls audio services and themes so it would be reasonable to assume that the display and sound systems would not function properly after that. Svchost process should not be terminated.

I would suggest posting a question in the New Posts Windows XP Home and Professional and let the techs there take a look at the system processes. They can help with analyzing which process might be running amok. It is likely that if there were any updates done recently that one of those is causing the issues that you are currently experiencing. Let them know that you have been to this forum and that no malware was found.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 smokingjoey

smokingjoey
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 02 May 2007 - 06:48 PM

OldTimer: working with a MS tech to load XP SP2 led me to discover you were right: it was Automatic Updates that drove svchost.exe to grab CPU, and killing that process also killed my sound card, display drivers, etc.

I'm continuing to work with MS on the Update issue. Thanks again!

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:30 AM

Posted 03 May 2007 - 11:19 AM

You are welcome smokingjoey, I'm glad we could help.

I will now close this topic. If you have any new malware related questions of issues in the future please start a new topic.

Good luck with the MS Techs :thumbsup:

Cheers and Happy Computing :flowers:

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users