Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Virus - Hjt Log And Winpfind3u Log Attached


  • This topic is locked This topic is locked
6 replies to this topic

#1 Tony23

Tony23

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 April 2007 - 07:57 PM

Hey,

I've got a serious infection on my laptop. Below are the logs, I hope someone can help.

Many thanks.


Logfile of HijackThis v1.99.1
Scan saved at 1:27:22 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dpmw32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\asiivtvs.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://beta.update.microsoft.com/microsoft...b?1161153307041
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe





WinPFind3 logfile created on: 4/23/2007 10:59:24 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Anthony\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

510.21 Mb Total Physical Memory | 182.73 Mb Available Physical Memory | 35.81% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 0.87 Gb Free Space | 2.34% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: AVIDO
Current User Name: Anthony
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/12/2004 11:28:58 PM | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/12/2004 11:18:20 PM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/12/2004 11:33:32 PM | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/12/2004 11:28:10 PM | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/12/2004 11:21:18 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 2:39:50 PM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/12/2004 11:30:54 PM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/12/2004 11:30:54 PM | Attr = ]
-> [SharedAccess] -> File not found
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 2:39:50 PM | Attr = ]
-> [SharedAccess] -> File not found
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 167936 bytes | Modified Date = 8/12/2004 11:17:22 PM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/12/2004 11:17:28 PM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/12/2004 11:26:48 PM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/12/2004 11:17:34 PM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/12/2004 11:18:18 PM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 10:59:42 PM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/12/2004 11:18:42 PM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/12/2004 11:19:02 PM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/26/2005 2:39:46 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\irmon.dll [Irmon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27136 bytes | Modified Date = 8/4/2004 10:56:44 AM | Attr = ]
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/8/2004 5:32:34 AM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 10:28:28 PM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/12/2004 11:23:14 PM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/23/2005 4:29:46 AM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/12/2004 11:23:54 PM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/12/2004 11:25:16 PM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/12/2004 11:26:56 PM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 8:47:18 PM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/12/2004 11:22:26 PM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/12/2004 11:27:50 PM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/12/2004 11:28:00 PM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/12/2004 11:28:04 PM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/12/2004 11:30:00 PM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/9/2005 2:27:56 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/12/2004 11:31:14 PM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/12/2004 11:32:30 PM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/12/2004 11:34:10 PM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 8:47:16 PM | Attr = ]
-> %System32%\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 8/12/2004 11:17:18 PM | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/12/2004 11:34:40 PM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/12/2004 11:34:56 PM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/12/2004 11:35:02 PM | Attr = ]
-> [SharedAccess] -> File not found
s24evmon.exe -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 8, 0, 0, 162 | Size = 311363 bytes | Modified Date = 1/13/2004 3:08:12 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/12/2004 11:18:44 PM | Attr = ]
-> [SharedAccess] -> File not found
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/12/2004 11:17:22 PM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/12/2004 11:21:12 PM | Attr = ]
-> %System32%\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/12/2004 11:27:12 PM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/12/2004 11:30:02 PM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 185344 bytes | Modified Date = 8/12/2004 11:31:44 PM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/4/2006 1:35:06 PM | Attr = ]
-> [SharedAccess] -> File not found
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/11/2005 9:53:32 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/29/2006 12:13:20 AM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/21/2007 12:05:20 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 11/26/2006 12:44:56 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 4/21/2007 12:05:36 PM | Attr = ]
regsrvc.exe -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 162 | Size = 122880 bytes | Modified Date = 1/13/2004 3:07:04 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/20/2006 4:16:48 AM | Attr = ]
-> [SharedAccess] -> File not found
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 167936 bytes | Modified Date = 8/12/2004 11:17:22 PM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/12/2004 11:17:28 PM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/12/2004 11:26:48 PM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/12/2004 11:17:34 PM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/12/2004 11:18:18 PM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 10:59:42 PM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/12/2004 11:18:42 PM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/12/2004 11:19:02 PM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/26/2005 2:39:46 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\irmon.dll [Irmon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27136 bytes | Modified Date = 8/4/2004 10:56:44 AM | Attr = ]
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/8/2004 5:32:34 AM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 10:28:28 PM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/12/2004 11:23:14 PM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/23/2005 4:29:46 AM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/12/2004 11:23:54 PM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/12/2004 11:25:16 PM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/12/2004 11:26:56 PM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 8:47:18 PM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/12/2004 11:22:26 PM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/12/2004 11:27:50 PM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/12/2004 11:28:00 PM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/12/2004 11:28:04 PM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/12/2004 11:30:00 PM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/9/2005 2:27:56 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/12/2004 11:31:14 PM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/12/2004 11:32:30 PM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/12/2004 11:34:10 PM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 8:47:16 PM | Attr = ]
-> %System32%\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 8/12/2004 11:17:18 PM | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/12/2004 11:34:40 PM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/12/2004 11:34:56 PM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/12/2004 11:35:02 PM | Attr = ]
-> [SharedAccess] -> File not found
zcfgsvc.exe -> %System32%\ZCfgSvc.exe -> Intel Corporation [Ver = 8, 0, 0, 162 | Size = 376832 bytes | Modified Date = 1/13/2004 3:15:20 PM | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/12/2004 11:19:08 PM | Attr = ]
1xconfig.exe -> %System32%\1XConfig.exe -> Intel [Ver = 8, 0, 0, 162 | Size = 184320 bytes | Modified Date = 1/13/2004 3:08:52 PM | Attr = ]
stacmon.exe -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 90169 bytes | Modified Date = 4/29/2004 2:15:00 PM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.123 | Size = 155648 bytes | Modified Date = 2/2/2004 3:32:16 PM | Attr = ]
nwtray.exe -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
logi_mwx.exe -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/21/2007 12:05:22 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 8:32:24 AM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 159744 bytes | Modified Date = 9/20/2005 8:32:16 AM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 8:36:20 AM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 11:08:42 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 8/10/2006 5:07:14 PM | Attr = ]
dpmw32.exe -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 1:27:28 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 10:20:00 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
-> %System32%\w3ssl.dll [HTTPFilter] -> Microsoft Corporation [Ver = 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/12/2004 11:32:32 PM | Attr = ]
-> [SharedAccess] -> File not found
ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/12/2004 11:18:20 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

[Win32 Services - All]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/12/2006 12:19:26 PM | Attr = ]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Stopped] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/12/2004 11:17:22 PM | Attr = ]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 29896 bytes | Modified Date = 9/23/2005 6:28:32 AM | Attr = ]
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/29/2006 12:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/21/2007 12:05:20 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 11/26/2006 12:44:56 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 4/21/2007 12:05:36 PM | Attr = ]
(BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(Browser) Computer Browser [Win32_Shared | Auto | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/12/2004 11:17:42 PM | Attr = ]
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/12/2004 11:17:44 PM | Attr = ]
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 66240 bytes | Modified Date = 9/23/2005 6:28:56 AM | Attr = ]
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/12/2004 11:18:40 PM | Attr = ]
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(cusrvc) Client Update Service for Novell [Win32_Own | On_Demand | Stopped] -> %System32%\cusrvc.exe -> Novell, Inc. [Ver = v4.91 | Size = 28672 bytes | Modified Date = 8/11/2006 2:51:04 PM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/12/2004 11:18:40 PM | Attr = ]
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/12/2004 11:28:10 PM | Attr = ]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> Microsoft Corporation [Ver = 3.0.6920.0 (vista_rtm_wcp.061020-1904) | Size = 36864 bytes | Modified Date = 10/20/2006 8:21:24 PM | Attr = ]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/12/2004 11:20:02 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 8:36:32 AM | Attr = ]
(Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/12/2004 11:22:12 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/12/2004 11:23:04 PM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 2:45:36 PM | Attr = ]
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/12/2004 11:24:22 PM | Attr = ]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/12/2004 11:24:22 PM | Attr = ]
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/12/2004 11:21:18 PM | Attr = ]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> Microsoft Corporation [Ver = 3.0.4506.30 (WAPRTM.004506-0030) | Size = 122880 bytes | Modified Date = 10/30/2006 2:34:02 AM | Attr = ]
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/12/2004 11:21:18 PM | Attr = ]
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> Microsoft Corporation [Ver = 11.0.5525 | Size = 89136 bytes | Modified Date = 7/28/2003 12:28:22 PM | Attr = ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/12/2004 11:28:10 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = R ]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/12/2004 11:21:18 PM | Attr = ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/12/2004 11:21:18 PM | Attr = ]
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/12/2004 11:28:10 PM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 162 | Size = 122880 bytes | Modified Date = 1/13/2004 3:07:04 PM | Attr = ]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/12/2004 11:21:14 PM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/12/2004 11:27:32 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 8, 0, 0, 162 | Size = 311363 bytes | Modified Date = 1/13/2004 3:08:12 PM | Attr = ]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/12/2004 11:21:18 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/12/2004 11:27:46 PM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/11/2005 9:53:32 AM | Attr = ]
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/12/2004 11:18:40 PM | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/12/2004 11:28:56 PM | Attr = ]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %System32%\tlntsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/12/2004 11:31:02 PM | Attr = ]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/12/2004 11:31:44 PM | Attr = ]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/12/2004 11:32:28 PM | Attr = ]
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/12/2004 11:33:58 PM | Attr = ]
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 913408 bytes | Modified Date = 10/18/2006 7:05:24 PM | Attr = ]
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(wuauserv) Automatic Updates [Win32_Own | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:30:22 PM | Attr = ]

BC AdBot (Login to Remove)

 


m

#2 Tony23

Tony23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 April 2007 - 08:00 PM

[Driver Services - All]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/12/2004 11:17:18 PM | Attr = ]
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/12/2004 11:17:18 PM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 2/15/2006 10:22:26 AM | Attr = ]
(AFD) AFD [Kernel | System | Running] -> %System32%\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 8/12/2004 11:17:18 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %System32%\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.3.1.232 | Size = 94600 bytes | Modified Date = 8/21/2003 7:25:52 PM | Attr = ]
(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\arp1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Running] -> %System32%\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/12/2004 11:17:28 PM | Attr = ]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/3/2004 10:59:44 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/12/2004 11:17:28 PM | Attr = ]
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 11:59:44 PM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 4096 bytes | Modified Date = 9/29/2006 12:13:34 AM | Attr = ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.461 | Size = 778432 bytes | Modified Date = 4/21/2007 12:05:16 PM | Attr = ]
(Avg7RsNT) AVG7 Resident Driver NT [Kernel | System | Running] -> %System32%\drivers\avg7rsnt.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 26944 bytes | Modified Date = 2/27/2007 7:18:48 AM | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 11/26/2006 12:45:06 PM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 9/6/2006 2:03:16 AM | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 11/26/2006 12:45:08 PM | Attr = ]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 11/26/2006 12:45:08 PM | Attr = ]
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/12/2004 11:17:32 PM | Attr = ]
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/12/2004 11:17:38 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/12/2004 11:18:52 PM | Attr = ]
(Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/12/2004 11:17:38 PM | Attr = ]
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/12/2004 11:17:38 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> %System32%\drivers\CmBatt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14080 bytes | Modified Date = 8/4/2004 9:07:40 AM | Attr = ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Compbatt) Microsoft Composite Battery Driver [Kernel | Boot | Running] -> %System32%\drivers\compbatt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9344 bytes | Modified Date = 8/17/2001 11:58:00 PM | Attr = ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/12/2004 11:18:40 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/12/2004 11:18:42 PM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/12/2004 11:18:42 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/12/2004 11:18:42 PM | Attr = ]
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/3/2004 11:07:40 PM | Attr = ]
(dot4) MS IEEE-1284.4 Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Dot4.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 207360 bytes | Modified Date = 8/3/2004 10:58:30 PM | Attr = ]
(Dot4Print) Print Class Driver for IEEE-1284.4 [Kernel | On_Demand | Stopped] -> %System32%\drivers\Dot4Prt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12928 bytes | Modified Date = 8/17/2001 1:47:32 PM | Attr = ]
(dot4usb) Dot4USB Filter Dot4USB Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\Dot4usb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 23808 bytes | Modified Date = 8/17/2001 1:47:32 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/3/2004 11:07:58 PM | Attr = ]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 7.0.29.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 9/22/2003 8:49:48 AM | Attr = ]
(Fastfat) Fastfat [File_System | Disabled | Stopped] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/12/2004 11:19:08 PM | Attr = ]
(Fdc) Fdc [Kernel | System | Stopped] -> %System32%\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/12/2004 11:19:08 PM | Attr = ]
(Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/12/2004 11:19:12 PM | Attr = ]
(Flpydisk) Flpydisk [Kernel | System | Stopped] -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/12/2004 11:19:12 PM | Attr = ]
(FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 8/21/2006 7:14:58 PM | Attr = ]
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/12/2004 11:19:16 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr = ]
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 8/12/2004 11:23:14 PM | Attr = ]
(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/17/2001 2:02:20 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 3/9/2003 3:31:00 PM | Attr = R ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = R ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = R ]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 200064 bytes | Modified Date = 6/17/2004 2:57:02 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 6/17/2004 2:55:04 PM | Attr = ]
(HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\drivers\http.sys -> Microsoft Corporation [Ver = 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512) | Size = 262784 bytes | Modified Date = 3/17/2006 10:33:10 AM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52736 bytes | Modified Date = 8/3/2004 11:14:38 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4396 | Size = 1302332 bytes | Modified Date = 9/20/2005 9:00:54 AM | Attr = ]
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 8/12/2004 11:20:02 PM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Boot | Running] -> %System32%\drivers\intelide.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5504 bytes | Modified Date = 8/4/2004 8:59:42 AM | Attr = ]
(intelppm) Intel Processor Driver [Kernel | System | Running] -> %System32%\drivers\intelppm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36096 bytes | Modified Date = 8/12/2004 11:20:08 PM | Attr = ]
(Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ip6fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 8/12/2004 11:20:08 PM | Attr = ]
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/12/2004 11:20:10 PM | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/12/2004 11:20:10 PM | Attr = ]
(IpNat) IP Network Address Translator [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056) | Size = 134912 bytes | Modified Date = 9/30/2004 8:28:38 AM | Attr = ]
(IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 8/12/2004 11:20:14 PM | Attr = ]
(irda) IrDA Protocol [Kernel | Auto | Running] -> %System32%\drivers\irda.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 87424 bytes | Modified Date = 8/4/2004 9:00:54 AM | Attr = ]
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Running] -> %System32%\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 8/12/2004 11:20:18 PM | Attr = ]
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/17/2001 1:58:02 PM | Attr = ]
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/12/2004 11:20:28 PM | Attr = ]
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> %System32%\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 172416 bytes | Modified Date = 6/14/2006 6:47:46 PM | Attr = ]
(KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 8/12/2004 11:20:48 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 25505 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37887 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 70801 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.2.1.0 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.2.1.0 | Size = 14037 bytes | Modified Date = 8/10/2006 10:36:46 AM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 11:04:14 AM | Attr = ]
(mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/12/2004 11:22:12 PM | Attr = ]
(Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30080 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/3/2004 10:58:34 PM | Attr = ]
(mouhid) Mouse HID Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/17/2001 1:48:00 PM | Attr = ]
(MountMgr) MountMgr [Kernel | Boot | Running] -> %System32%\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/12/2004 11:22:18 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 181248 bytes | Modified Date = 8/12/2004 11:22:32 PM | Attr = ]
(MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 453120 bytes | Modified Date = 5/5/2006 7:41:46 PM | Attr = ]
(Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 8/12/2004 11:23:12 PM | Attr = ]
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSKSSRV.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 8/3/2004 10:58:42 PM | Attr = ]
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPCLOCK.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 8/3/2004 10:58:40 PM | Attr = ]
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPQM.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 8/3/2004 10:58:42 PM | Attr = ]
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
(Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 8/12/2004 11:24:00 PM | Attr = ]
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 8/12/2004 11:24:08 PM | Attr = ]
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/12/2004 11:24:08 PM | Attr = ]
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 8/12/2004 11:24:08 PM | Attr = ]
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/12/2004 11:24:08 PM | Attr = ]
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/12/2004 11:24:16 PM | Attr = ]
(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 8/12/2004 11:24:18 PM | Attr = ]
(NetwareWorkstation) Novell Client for Windows [File_System | Auto | Running] -> %System32%\NetWare\nwfs.sys -> Novell, Inc. [Ver = 4.91.3.1 | Size = 506159 bytes | Modified Date = 11/9/2006 9:38:22 AM | Attr = ]
(NIC1394) 1394 Net Driver [Kernel | On_Demand | Running] -> %System32%\drivers\nic1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61824 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
(NICM) Novell InterService Communication Driver [Kernel | Boot | Running] -> %System32%\drivers\nicm.sys -> Novell, Inc. [Ver = 3.0.0.4 | Size = 38416 bytes | Modified Date = 3/3/2006 4:50:48 PM | Attr = ]
(Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 8/12/2004 11:25:04 PM | Attr = ]
(Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 574592 bytes | Modified Date = 8/12/2004 11:25:10 PM | Attr = ]
(Null) Null [Kernel | System | Running] -> %System32%\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/12/2004 11:25:18 PM | Attr = ]
(NWDHCP) Novell DHCP Inform Client [File_System | Auto | Running] -> %System32%\NetWare\nwdhcp.sys -> Novell, Inc. [Ver = 4.91.3.0 | Size = 18353 bytes | Modified Date = 11/22/2005 9:51:22 AM | Attr = ]
(NWDNS) Novell DNS Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwdns.sys -> Novell, Inc. [Ver = 4.91.3.1 | Size = 43280 bytes | Modified Date = 9/25/2006 11:44:52 AM | Attr = ]
(NWFILTER) Novell UNC Path Filter [Kernel | Boot | Running] -> %System32%\NetWare\nwfilter.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 15891 bytes | Modified Date = 5/26/2005 5:14:00 PM | Attr = ]
(NWHOST) Novell Host File Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwhost.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 9297 bytes | Modified Date = 10/12/2005 12:12:18 PM | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/12/2004 11:25:22 PM | Attr = ]
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/12/2004 11:25:24 PM | Attr = ]
(NWSAP) Novell SAP Name Space Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsap.sys -> [Ver = | Size = 23232 bytes | Modified Date = 2/26/2003 1:51:18 PM | Attr = ]
(NWSIPX32) Novell NetWare IPX/SPX Transport Interface [File_System | Auto | Stopped] -> %System32%\NetWare\nwsipx32.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 39731 bytes | Modified Date = 10/27/2005 3:15:14 PM | Attr = ]
(NWSLP) Novell SLP Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwslp.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 20332 bytes | Modified Date = 1/3/2005 1:51:38 PM | Attr = ]
(NWSNS) Novell Simple Naming Services [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsns.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 6128 bytes | Modified Date = 10/12/2005 12:11:32 PM | Attr = ]
(ohci1394) Texas Instruments OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> %System32%\drivers\ohci1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61056 bytes | Modified Date = 8/12/2004 11:25:40 PM | Attr = ]
(OMCI) OMCI [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 8:42:58 AM | Attr = ]
(Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80128 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
(PartMgr) PartMgr [Kernel | Boot | Running] -> %System32%\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/12/2004 11:25:58 PM | Attr = ]
(ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/12/2004 11:25:58 PM | Attr = ]
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68224 bytes | Modified Date = 8/3/2004 11:07:48 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %System32%\drivers\pciide.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3328 bytes | Modified Date = 8/17/2001 1:51:52 PM | Attr = ]
(Pcmcia) Pcmcia [Kernel | Boot | Running] -> %System32%\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119936 bytes | Modified Date = 8/12/2004 11:26:00 PM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 8/12/2004 11:27:00 PM | Attr = ]
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:26:42 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/12/2004 11:26:42 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %System32%\drivers\rasacd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 8/12/2004 11:26:54 PM | Attr = ]
(Rasirda) WAN Miniport (IrDA) [Kernel | On_Demand | Running] -> %System32%\drivers\rasirda.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 19584 bytes | Modified Date = 8/17/2001 11:51:32 PM | Attr = ]
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %System32%\drivers\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 8/12/2004 11:26:58 PM | Attr = ]
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %System32%\drivers\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41472 bytes | Modified Date = 8/12/2004 11:27:00 PM | Attr = ]
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %System32%\drivers\raspti.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 8/12/2004 11:27:00 PM | Attr = ]
(Rdbss) Rdbss [File_System | System | Running] -> %System32%\drivers\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 174592 bytes | Modified Date = 5/5/2006 7:47:58 PM | Attr = ]
(RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\drivers\rdpcdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 8/12/2004 11:27:04 PM | Attr = ]
(rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> %System32%\drivers\rdpdr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 196864 bytes | Modified Date = 8/3/2004 11:01:16 PM | Attr = ]
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.2695 (xpsp_sp2_gdr.050609-1528) | Size = 139528 bytes | Modified Date = 6/10/2005 2:09:46 PM | Attr = ]
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\drivers\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57472 bytes | Modified Date = 8/4/2004 8:59:38 AM | Attr = ]
(RESMGR) Novell NetWare Resource Manager [Kernel | Auto | Running] -> %System32%\NetWare\resmgr.sys -> Novell, Inc. [Ver = 4.90 | Size = 27249 bytes | Modified Date = 6/1/2004 5:19:34 PM | Attr = ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 1, 0, 0, 0 | Size = 11258 bytes | Modified Date = 9/15/2003 10:20:18 AM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/12/2004 11:27:58 PM | Attr = ]
(serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\serenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/12/2004 11:28:06 PM | Attr = ]
(Serial) Serial port driver [Kernel | System | Running] -> %System32%\drivers\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 64896 bytes | Modified Date = 8/12/2004 11:28:06 PM | Attr = ]
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11392 bytes | Modified Date = 8/12/2004 11:28:18 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\smcirda.sys -> SMC [Ver = 5.1.2462.0 | Size = 35913 bytes | Modified Date = 8/17/2001 10:10:28 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 6400 bytes | Modified Date = 6/14/2006 6:47:46 PM | Attr = ]
(sr) System Restore Filter Driver [File_System | Boot | Running] -> %System32%\drivers\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 8/12/2004 11:29:58 PM | Attr = ]
(Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2974 (xpsp_sp2_gdr.060814-0101) | Size = 332928 bytes | Modified Date = 8/14/2006 8:34:42 PM | Attr = ]
(SRVLOC) Novell Service Location [File_System | Auto | Running] -> %System32%\NetWare\srvloc.sys -> Novell, Inc. [Ver = 4.91.3.0 | Size = 160209 bytes | Modified Date = 9/25/2006 8:54:54 AM | Attr = ]
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3913 | Size = 258704 bytes | Modified Date = 5/12/2004 8:30:14 PM | Attr = ]
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 8/12/2004 11:29:28 PM | Attr = ]
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 8/17/2001 2:00:52 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/3/2004 11:15:56 PM | Attr = ]
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254) | Size = 359808 bytes | Modified Date = 4/20/2006 9:51:50 PM | Attr = ]
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 8/12/2004 11:30:52 PM | Attr = ]
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 8/12/2004 11:30:52 PM | Attr = ]
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 8/4/2004 1:01:08 AM | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 11/24/2006 8:20:20 PM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 8/12/2004 11:31:26 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 209408 bytes | Modified Date = 8/12/2004 11:31:42 PM | Attr = ]
(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbccgp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 31616 bytes | Modified Date = 8/3/2004 11:08:48 PM | Attr = ]
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26624 bytes | Modified Date = 8/12/2004 11:31:50 PM | Attr = ]
(usbhub) Microsoft USB Standard Hub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57600 bytes | Modified Date = 8/3/2004 11:08:44 PM | Attr = ]
(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbprint.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25856 bytes | Modified Date = 8/3/2004 11:01:26 PM | Attr = ]
(usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 8/3/2004 10:58:46 PM | Attr = ]
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\USBSTOR.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 8/3/2004 11:08:48 PM | Attr = ]
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/3/2004 11:08:38 PM | Attr = ]
(VgaSave) VgaSave [Kernel | System | Running] -> %System32%\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/12/2004 11:32:12 PM | Attr = ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52352 bytes | Modified Date = 8/12/2004 11:32:26 PM | Attr = ]
(w22n51) Intel® PRO/Wireless 2200 Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\w22n51.sys -> Intel® Corporation [Ver = 80012-12000 Driver | Size = 1648640 bytes | Modified Date = 1/14/2004 5:58:26 AM | Attr = ]
(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.27 Driver | Size = 2209536 bytes | Modified Date = 11/7/2006 6:50:08 PM | Attr = ]
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/12/2004 11:32:40 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 82944 bytes | Modified Date = 6/14/2006 7:00:46 PM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 6/17/2004 2:55:38 PM | Attr = ]
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | Disabled | Stopped] -> %System32%\drivers\ws2ifsl.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12032 bytes | Modified Date = 8/12/2004 11:34:38 PM | Attr = ]
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfPf.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 77568 bytes | Modified Date = 9/28/2006 5:55:50 PM | Attr = ]
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfRd.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 82944 bytes | Modified Date = 9/28/2006 6:00:34 PM | Attr = ]

[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 10:20:00 PM | Attr = ]
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.123 | Size = 155648 bytes | Modified Date = 2/2/2004 3:32:16 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/21/2007 12:05:22 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 8:32:24 AM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 8:36:20 AM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 8:35:40 AM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
NDPS -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 1:27:28 PM | Attr = ]
NWTRAY -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
PrintDrive -> %System32%\asiivtvs.DLL [rundll32.exe "C:\WINDOWS\system32\asiivtvs.dll",setvm] -> File not found
PRONoMgr.exe -> %ProgramFiles%\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe -> Intel® Corporation [Ver = 6.1.304.0 | Size = 86016 bytes | Modified Date = 12/19/2003 12:49:28 PM | Attr = ]
SigmaTel StacMon -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 90169 bytes | Modified Date = 4/29/2004 2:15:00 PM | Attr = ]
StartupDelayer -> %ProgramFiles%\r2 Studios\Startup Delayer\Startup Launcher.exe -> r2 studios [Ver = 2.02.0085 | Size = 16896 bytes | Modified Date = 8/3/2006 8:21:04 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 8/10/2006 5:07:14 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/12/2004 11:18:20 PM | Attr = ]
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/12/2004 11:25:18 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Modified Date = 8/12/2004 11:30:16 PM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} [HKLM] -> %System32%\WPDShServiceObj.dll [WPDShServiceObj] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Modified Date = 10/18/2006 8:47:22 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/29/2006 12:13:28 AM | Attr = ]
{970D022E-A884-4D2A-BB4A-EBC22D2FEBD2} [HKLM] -> %System32%\ssqnnlk.dll [] -> [Ver = | Size = 26694 bytes | Modified Date = 4/13/2007 8:17:30 PM | Attr = ]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 86016 bytes | Modified Date = 8/12/2004 11:22:56 PM | Attr = ]
schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/12/2004 11:27:50 PM | Attr = ]
digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Modified Date = 8/12/2004 11:18:38 PM | Attr = ]
msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 290816 bytes | Modified Date = 8/12/2004 11:23:34 PM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/12/2004 11:19:08 PM | Attr = ]
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/12/2004 11:31:54 PM | Attr = ]
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
NWGINA.DLL -> %System32%\nwgina.dll -> Novell, Inc. [Ver = v6.5.1 (20061106) | Size = 372817 bytes | Modified Date = 10/6/2006 9:33:50 AM | Attr = ]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/12/2004 11:27:34 PM | Attr = ]
shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
"sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/12/2004 11:30:28 PM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
awvvu -> %System32%\awvvu.dll -> [Ver = | Size = 281172 bytes | Modified Date = 4/21/2007 3:39:08 PM | Attr = HS]
crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Modified Date = 8/12/2004 11:18:18 PM | Attr = ]
cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Modified Date = 8/12/2004 11:18:18 PM | Attr = ]
cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Modified Date = 8/12/2004 11:18:18 PM | Attr = ]
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 8:31:28 AM | Attr = ]
ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/12/2004 11:33:48 PM | Attr = ]
Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/12/2004 11:33:48 PM | Attr = ]
sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/12/2004 11:27:50 PM | Attr = ]
Sebring -> %System32%\LgNotify.dll -> Intel Corporation [Ver = 8, 0, 0, 162 | Size = 110592 bytes | Modified Date = 1/13/2004 3:17:46 PM | Attr = ]
SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/12/2004 11:33:48 PM | Attr = ]
ssqnnlk -> %System32%\ssqnnlk.dll -> [Ver = | Size = 26694 bytes | Modified Date = 4/13/2007 8:17:30 PM | Attr = ]
termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/12/2004 11:33:48 PM | Attr = ]
WgaLogon -> %System32%\WgaLogon.dll -> Microsoft Corporation [Ver = 1.7.0017.0 | Size = 236928 bytes | Modified Date = 2/15/2007 6:00:26 PM | Attr = ]
wlballoon -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/12/2004 11:33:48 PM | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 3:16:42 AM | Attr = ]
{1557B435-8242-4686-9AA3-9265BF7525A4} [HKLM] -> %System32%\txbefksp.dll [Reg Data - Value does not exist] -> File not found
{189D4BAF-D22C-4FC6-A8B8-224C38FA93D3} [HKLM] -> %System32%\tustt.dll [Reg Data - Value does not exist] -> File not found
{2EE6E860-96F4-4C79-8FAE-153E4BC2E768} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4A243B2F-E000-4EB4-A754-30C5C86B0004} [HKLM] -> %System32%\jahlmihv.dll [Reg Data - Value does not exist] -> [Ver = | Size = 125460 bytes | Modified Date = 4/20/2007 10:07:56 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{799BAA2A-EBC9-4D7D-8600-0E6B3A67F6D6} [HKLM] -> %System32%\geefc.dll [Reg Data - Value does not exist] -> File not found
{7E179BAB-5344-490B-9C45-845BB989A335} [HKLM] -> %System32%\xxyvw.dll [Reg Data - Value does not exist] -> File not found
{970D022E-A884-4D2A-BB4A-EBC22D2FEBD2} [HKLM] -> %System32%\ssqnnlk.dll [Reg Data - Value does not exist] -> [Ver = | Size = 26694 bytes | Modified Date = 4/13/2007 8:17:30 PM | Attr = ]
{998EC176-81B0-4E44-9E09-BE1DF7828AF2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{AA403D30-E90A-4DA3-AF43-CE0AC1FF6B81} [HKLM] -> %System32%\cbaay.dll [Reg Data - Value does not exist] -> File not found
{B49444DF-D39F-4851-B575-5F1050944501} [HKLM] -> %System32%\awvvu.dll [Reg Data - Value does not exist] -> [Ver = | Size = 281172 bytes | Modified Date = 4/21/2007 3:39:08 PM | Attr = HS]
{BCA7F24F-4B6C-40AE-A36D-4A062D1F08A5} [HKLM] -> %System32%\ssqnl.dll [Reg Data - Value does not exist] -> File not found
{D054ADBB-D1A1-4A3E-BAAB-9C888F6643C6} [HKLM] -> %System32%\ddcdc.dll [Reg Data - Value does not exist] -> File not found
{E8DD599F-0AC8-4713-9AD6-23E1726FEBE2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{F1EE1E8F-CD85-4248-AFBD-A975FAFA8176} [HKLM] -> %System32%\ljjii.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD} [HKLM] -> %System32%\browseui.dll [Shell Search Band] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size

#3 Tony23

Tony23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 April 2007 - 08:01 PM

< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. -> ->
< Security Settings > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 272 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/12/2004 11:17:46 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SYSTEMROOT%\SYSTEM32 -> ->
%SYSTEMROOT% -> ->
%SYSTEMROOT%\SYSTEM32\WBEM -> ->
%SYSTEMROOT%\SYSTEM32\NLS -> ->
%SYSTEMROOT%\SYSTEM32\NLS\ENGLISH -> ->
C:\Program Files\QuickTime\QTSystem\ -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> ->
.EXE -> ->
.BAT -> ->
.CMD -> ->
.VBS -> ->
.VBE -> ->
.JS -> ->
.JSE -> ->
.WSF -> ->
.WSH -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/27/2005 9:22:02 AM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/12/2004 11:33:30 PM | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/12/2004 11:33:32 PM | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 45568 bytes | Modified Date = 10/17/2006 11:56:10 AM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 10:52:56 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 10:52:56 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/12/2004 11:27:34 PM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %System32%\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/12/2004 11:34:40 PM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/12/2004 11:34:40 PM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/12/2004 11:27:10 PM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/12/2004 11:18:34 PM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/12/2004 11:34:40 PM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/12/2004 11:34:40 PM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/12/2004 11:34:40 PM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/12/2004 11:25:00 PM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/12/2004 11:34:40 PM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/20/2006 7:52:18 AM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/12/2004 11:19:08 PM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/12/2004 11:19:08 PM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/12/2004 11:19:08 PM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/12/2004 11:19:08 PM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{12BB7942-1E1F-43D9-B441-4668C1629425} -> hp officejet 6100 series ->
{15095BF3-A3D7-4DDF-B193-3A496881E003} -> Microsoft .NET Framework 3.0 ->
{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} -> iPod for Windows 2006-03-23 ->
{252F9FB9-FC12-4B08-ADEB-F402BA3A8D28} -> CardBus ->
{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6} -> GTA2 ->
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java™ SE Runtime Environment 6 Update 1 ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) ->
{446DBFFA-4088-48E3-8932-74316BA4CAE4} -> iTunes ->
{491DD792-AD81-429C-9EB4-86DD3D22E333} -> Windows Communication Foundation ->
{50D8FFDD-90CD-4859-841F-AA1961C7767A} -> QuickTime ->
{5380063E-2909-4d72-BFA3-625881F2E78B} -> Intel® PROSet for Wireless ->
{5809E7CF-4DCF-11D4-9875-00105ACE7734} -> Logitech MouseWare 9.79.1 ->
{5A710547-B58E-488B-828D-CA9A25A0533C} -> MSXML 6.0 Parser (KB927977) ->
{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} -> HP Photo and Imaging 2.0 - All-in-One Drivers ->
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 ->
{7959721D-8268-4565-9E0E-C41A9F4848A9} -> SigmaTel AC97 Audio Drivers ->
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX ->
{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} -> Windows Workflow Foundation ->
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Extreme Graphics 2 Driver ->
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player ->
{91110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{91A10409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office OneNote 2003 ->
{9867A917-5D17-40DE-83BA-BEA5293194B1} -> HP Photo and Imaging 2.0 - All-in-One ->
{9B427732-573E-4E78-B6FA-AC3E5A218BA2} -> NMAS Client ->
{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} -> ALPS Touch Pad Driver ->
{A2DF25CF-155D-44B5-8E89-FB6CCE4601BC} -> Half Life Sound Selector ->
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable ->
{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} -> Apple Software Update ->
{ABEB838C-A1A7-4C5D-B7E1-8B4314600777} -> MSN Messenger 7.0 ->
{AC76BA86-7AD7-1033-7B44-A70900000002} -> Adobe Reader 7.0.9 ->
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player ->
{B74D4E10-6884-0000-0000-000000000103} -> Adobe Bridge 1.0 ->
{B9A5A789-D491-49FB-958C-BFEC2C11BB1D} -> NMAS Challenge Response Method ->
{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation ->
{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8} -> Windows Rights Management Client with Service Pack 2 ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{D78653C3-A8FF-415F-92E6-D774E634FF2D} -> Dell ResourceCD ->
{DDD512C6-2251-4046-8F25-1A5EB355015E} -> Intel® mDriver ->
{EC905264-BCFE-423B-9C42-C3A106266790} -> Windows Rights Management Client Backwards Compatibility SP2 ->
{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C} -> NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2) ->
8663B5B9069C096791B6162C2B1B04053C00EBE6 -> Windows Driver Package - Intel (w29n51) net (11/07/2006 9.0.4.27) ->
A2BACE4048444B1B2AE2318E9DA0617677769B99 -> Windows Driver Package - Intel (NETw3x32) net (11/15/2006 10.5.1.75) ->
Adobe Shockwave Player -> Adobe Shockwave Player ->
AVG7Uninstall -> AVG Free Edition ->
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->
BitLord -> BitLord 1.1 ->
CleanUp! -> CleanUp! ->
CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 -> Conexant D480 MDC V.9x Modem ->
dBpowerAMP Music Converter -> dBpowerAMP Music Converter ->
GoogleVideoPlayer -> Google Video Player ->
GroupWiseUninstallKey -> GroupWise ->
GWMLTO -> GroupWise Internet Browser Mail Integration ->
HijackThis -> HijackThis 1.99.1 ->
HP OfficeJet 6100 Series -> HP Photo and Imaging 2.0 - hp officejet 6100 series ->
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ->
ie7 -> Windows Internet Explorer 7 ->
InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} -> iPod for Windows 2006-03-23 ->
InstallShield_{252F9FB9-FC12-4B08-ADEB-F402BA3A8D28} -> PCI 7510 CardBus Controller with SmartCard and Software ->
InstallShield_{A2DF25CF-155D-44B5-8E89-FB6CCE4601BC} -> Half Life Sound Selector ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB896344 -> Hotfix for Windows XP (KB896344) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899589 -> Security Update for Windows XP (KB899589) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB904942 -> Update for Windows XP (KB904942) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908521 -> Update for Windows XP (KB908521) ->
KB908531 -> Update for Windows XP (KB908531) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB911280 -> Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911565 -> Security Update for Windows Media Player 10 (KB911565) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB913433 -> Security Update for Windows XP (KB913433) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914440 -> Hotfix for Windows XP (KB914440) ->
KB915865 -> Hotfix for Windows XP (KB915865) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917159 -> Security Update for Windows XP (KB917159) ->
KB917283.T1_1ToU93_1 -> Security Update for Microsoft .NET Framework 2.0 (KB917283) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917422 -> Security Update for Windows XP (KB917422) ->
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
KB918899 -> Security Update for Windows XP (KB918899) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920214 -> Security Update for Windows XP (KB920214) ->
KB920342 -> Update for Windows XP (KB920342) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921398 -> Security Update for Windows XP (KB921398) ->
KB921883 -> Security Update for Windows XP (KB921883) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922616 -> Security Update for Windows XP (KB922616) ->
KB922770.T1_1ToU168_1 -> Security Update for Microsoft .NET Framework 2.0 (KB922770) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923694 -> Security Update for Windows XP (KB923694) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924191 -> Security Update for Windows XP (KB924191) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925486 -> Security Update for Windows XP (KB925486) ->
KB925720 -> Update for Windows XP (KB925720) ->
KB925876 -> Update for Windows XP (KB925876) ->
KB926239 -> Hotfix for Windows XP (KB926239) ->
KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB928090-IE7 -> Security Update for Windows Internet Explorer 7 (KB928090) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928388 -> Hotfix for Windows XP (KB928388) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929120 -> Hotfix for Windows XP (KB929120) ->
KB929338 -> Update for Windows XP (KB929338) ->
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) ->
KB929969 -> Security Update for Windows Internet Explorer 7 (KB929969) ->
KB931836 -> Update for Windows XP (KB931836) ->
LimeWire -> LimeWire PRO 4.12.3 ->
M886903 -> Microsoft .NET Framework 1.1 Hotfix (KB886903) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 ->
Microsoft .NET Framework 3.0 -> Microsoft .NET Framework 3.0 ->
Mozilla Firefox (2.0.0.3) -> Mozilla Firefox (2.0.0.3) ->
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP ->
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->
Novell Client for Windows -> Novell Client for Windows ->
Panda ActiveScan -> Panda ActiveScan ->
PROSet -> Intel® PRO Network Adapters and Drivers ->
RealPlayer 6.0 -> RealPlayer ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
SpywareBlaster_is1 -> SpywareBlaster v3.5.1 ->
Startup Delayer -> Startup Delayer v2.2 (build 85) ->
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) ->
WIC -> Windows Imaging Component ->
Windows Media Format Runtime -> Windows Media Format 11 runtime ->
Windows Media Player -> Windows Media Player 11 ->
WinRAR archiver -> WinRAR archiver ->
WMFDist11 -> Windows Media Format 11 runtime ->
wmp11 -> Windows Media Player 11 ->
WMS -> Windows NT Messaging ->
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 ->
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0 ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->

[Files/Folders - Created Within 60 days]
1a55e1a56a07f9d9d8b605 -> %SystemDrive%\1a55e1a56a07f9d9d8b605 -> [Folder | Created Date = 3/19/2007 8:56:51 AM | Attr = ]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 4/15/2007 2:52:36 PM | Attr = ]
d6e41c22aac560765d23fc06b5b7bf -> %SystemDrive%\d6e41c22aac560765d23fc06b5b7bf -> [Folder | Created Date = 3/19/2007 8:55:57 AM | Attr = ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 4/17/2007 1:56:17 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 4/17/2007 1:58:04 PM | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Created Date = 3/30/2007 11:21:43 AM | Attr = H ]
$NtUninstallKB925876$ -> %SystemRoot%\$NtUninstallKB925876$ -> [Folder | Created Date = 3/19/2007 9:13:59 AM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 4/17/2007 1:57:52 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 4/17/2007 1:59:06 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 4/17/2007 1:58:50 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 4/17/2007 1:58:29 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 4/17/2007 1:55:51 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/19/2007 9:14:32 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/19/2007 9:15:31 AM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 3/19/2007 9:13:42 AM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 3/19/2007 8:56:06 AM | Attr = H ]
0.log -> %SystemRoot%\0.log -> [Ver = | Size = 0 bytes | Created Date = 4/15/2007 12:57:50 PM | Attr = ]
comsetup.log -> %SystemRoot%\comsetup.log -> [Ver = | Size = 16377 bytes | Created Date = 4/17/2007 1:56:05 PM | Attr = ]
FaxSetup.log -> %SystemRoot%\FaxSetup.log -> [Ver = | Size = 49462 bytes | Created Date = 4/17/2007 1:56:03 PM | Attr = ]
iis6.log -> %SystemRoot%\iis6.log -> [Ver = | Size = 53627 bytes | Created Date = 4/17/2007 1:56:04 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 4/17/2007 1:56:06 PM | Attr = ]
imsins.log -> %SystemRoot%\imsins.log -> [Ver = | Size = 1374 bytes | Created Date = 4/17/2007 1:56:06 PM | Attr = ]
KB918118.log -> %SystemRoot%\KB918118.log -> [Ver = | Size = 11574 bytes | Created Date = 4/17/2007 1:53:09 PM | Attr = ]
KB924667.log -> %SystemRoot%\KB924667.log -> [Ver = | Size = 13594 bytes | Created Date = 4/17/2007 1:53:29 PM | Attr = ]
KB926436.log -> %SystemRoot%\KB926436.log -> [Ver = | Size = 15193 bytes | Created Date = 4/17/2007 1:53:23 PM | Attr = ]
KB927779.log -> %SystemRoot%\KB927779.log -> [Ver = | Size = 20150 bytes | Created Date = 4/17/2007 1:53:49 PM | Attr = ]
KB927802.log -> %SystemRoot%\KB927802.log -> [Ver = | Size = 17221 bytes | Created Date = 4/17/2007 1:53:44 PM | Attr = ]
KB928090-IE7.log -> %SystemRoot%\KB928090-IE7.log -> [Ver = | Size = 10310 bytes | Created Date = 4/17/2007 1:56:34 PM | Attr = ]
KB928255.log -> %SystemRoot%\KB928255.log -> [Ver = | Size = 16887 bytes | Created Date = 4/17/2007 1:53:36 PM | Attr = ]
KB928843.log -> %SystemRoot%\KB928843.log -> [Ver = | Size = 10322 bytes | Created Date = 4/17/2007 1:52:53 PM | Attr = ]
MedCtrOC.log -> %SystemRoot%\MedCtrOC.log -> [Ver = | Size = 3400 bytes | Created Date = 4/17/2007 1:56:07 PM | Attr = ]
msgsocm.log -> %SystemRoot%\msgsocm.log -> [Ver = | Size = 2472 bytes | Created Date = 4/17/2007 1:56:06 PM | Attr = ]
msmqinst.log -> %SystemRoot%\msmqinst.log -> [Ver = | Size = 15164 bytes | Created Date = 4/17/2007 1:56:06 PM | Attr = ]
netfxocm.log -> %SystemRoot%\netfxocm.log -> [Ver = | Size = 8664 bytes | Created Date = 4/17/2007 1:56:07 PM | Attr = ]
ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 236530 bytes | Created Date = 4/19/2007 10:53:05 PM | Attr = ]
ntdtcsetup.log -> %SystemRoot%\ntdtcsetup.log -> [Ver = | Size = 9935 bytes | Created Date = 4/17/2007 1:56:05 PM | Attr = ]
ocgen.log -> %SystemRoot%\ocgen.log -> [Ver = | Size = 23328 bytes | Created Date = 4/17/2007 1:56:03 PM | Attr = ]
ocmsn.log -> %SystemRoot%\ocmsn.log -> [Ver = | Size = 2736 bytes | Created Date = 4/17/2007 1:56:07 PM | Attr = ]
PPOPUP.INI -> %SystemRoot%\PPOPUP.INI -> [Ver = | Size = 40 bytes | Created Date = 4/17/2007 2:17:29 PM | Attr = ]
setupact.log -> %SystemRoot%\setupact.log -> [Ver = | Size = 150 bytes | Created Date = 4/17/2007 1:56:05 PM | Attr = ]
setupapi.log -> %SystemRoot%\setupapi.log -> [Ver = | Size = 201828 bytes | Created Date = 4/15/2007 12:50:16 PM | Attr = ]
setuperr.log -> %SystemRoot%\setuperr.log -> [Ver = | Size = 0 bytes | Created Date = 4/17/2007 1:56:05 PM | Attr = ]
spupdsvc.log -> %SystemRoot%\spupdsvc.log -> [Ver = | Size = 1419 bytes | Created Date = 4/18/2007 3:12:22 PM | Attr = ]
tabletoc.log -> %SystemRoot%\tabletoc.log -> [Ver = | Size = 2488 bytes | Created Date = 4/17/2007 1:56:07 PM | Attr = ]
tsoc.log -> %SystemRoot%\tsoc.log -> [Ver = | Size = 22568 bytes | Created Date = 4/17/2007 1:56:05 PM | Attr = ]
updspapi.log -> %SystemRoot%\updspapi.log -> [Ver = | Size = 7230 bytes | Created Date = 4/17/2007 1:56:23 PM | Attr = ]
WgaNotify.log -> %SystemRoot%\WgaNotify.log -> [Ver = | Size = 11986 bytes | Created Date = 4/18/2007 2:55:35 PM | Attr = ]
wmsetup.log -> %SystemRoot%\wmsetup.log -> [Ver = | Size = 1070 bytes | Created Date = 4/18/2007 8:10:26 PM | Attr = ]
aaclient.dll -> %System32%\aaclient.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 116736 bytes | Created Date = 3/19/2007 8:54:09 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 4/15/2007 12:30:16 AM | Attr = ]
awvvu.dll -> %System32%\awvvu.dll -> [Ver = | Size = 281172 bytes | Created Date = 4/21/2007 3:38:56 PM | Attr = HS]
byxus.dll -> %System32%\byxus.dll -> [Ver = | Size = 30195 bytes | Created Date = 4/14/2007 1:10:33 PM | Attr = ]
ccefe.ini -> %System32%\ccefe.ini -> [Ver = | Size = 353 bytes | Created Date = 4/21/2007 12:23:45 PM | Attr = HS]
cw3215mt.dll -> %System32%\cw3215mt.dll -> Borland International [Ver = 1.5 | Size = 176128 bytes | Created Date = 4/17/2007 2:17:38 PM | Attr = ]
dplgnw32.dll -> %System32%\dplgnw32.dll -> [Ver = | Size = 28672 bytes | Created Date = 4/17/2007 2:18:11 PM | Attr = ]
dplmw32.dll -> %System32%\dplmw32.dll -> Novell, Inc. [Ver = v3.19.1 | Size = 118874 bytes | Created Date = 4/17/2007 2:18:11 PM | Attr = ]
dplrname.dll -> %System32%\dplrname.dll -> Novell, Inc. [Ver = 1.1.0 | Size = 90149 bytes | Created Date = 4/17/2007 2:18:11 PM | Attr = ]
dpmw32.exe -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Created Date = 4/17/2007 2:18:11 PM | Attr = ]
efecc.dll -> %System32%\efecc.dll -> [Ver = | Size = 281172 bytes | Created Date = 4/21/2007 12:23:30 PM | Attr = HS]
jahlmihv.dll -> %System32%\jahlmihv.dll -> [Ver = | Size = 125460 bytes | Created Date = 4/20/2007 10:07:52 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/15/2007 1:01:05 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/15/2007 1:01:05 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/15/2007 1:01:05 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/15/2007 1:01:05 PM | Attr = ]
jupdate-1.5.0_10-b03.log -> %System32%\jupdate-1.5.0_10-b03.log -> [Ver = | Size = 8657 bytes | Created Date = 3/14/2007 2:48:59 PM | Attr = ]
jupdate-1.6.0_01-b06.log -> %System32%\jupdate-1.6.0_01-b06.log -> [Ver = | Size = 4027 bytes | Created Date = 4/15/2007 1:00:47 PM | Attr = ]
ljjgg.dll -> %System32%\ljjgg.dll -> [Ver = | Size = 66495 bytes | Created Date = 4/18/2007 1:54:04 PM | Attr = ]
ndppnt.dll -> %System32%\ndppnt.dll -> Novell, Inc. [Ver = 4.91 | Size = 131153 bytes | Created Date = 4/17/2007 2:18:14 PM | Attr = ]
ndpsprop.dll -> %System32%\ndpsprop.dll -> Novell, Inc. [Ver = v1.2 | Size = 217180 bytes | Created Date = 4/17/2007 2:18:14 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 4/15/2007 12:30:23 AM | Attr = ]
rhttpaa.dll -> %System32%\rhttpaa.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 288768 bytes | Created Date = 3/19/2007 8:54:10 AM | Attr = ]
scwdjasl.dll -> %System32%\scwdjasl.dll -> [Ver = | Size = 125460 bytes | Created Date = 4/18/2007 2:55:00 PM | Attr = ]
SmartUI2.ocx -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Created Date = 3/15/2007 11:22:38 AM | Attr = ]
spmsg2.dll -> %System32%\spmsg2.dll -> Microsoft Corporation [Ver = 6.2.0029.0 (SRV03_QFE.031113-0918) | Size = 14048 bytes | Created Date = 3/19/2007 8:56:29 AM | Attr = ]
ssqnnlk.dll -> %System32%\ssqnnlk.dll -> [Ver = | Size = 26694 bytes | Created Date = 4/13/2007 8:17:29 PM | Attr = ]
tsgqec.dll -> %System32%\tsgqec.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 36352 bytes | Created Date = 3/19/2007 8:54:09 AM | Attr = ]
uvvwa.bak1 -> %System32%\uvvwa.bak1 -> [Ver = | Size = 568745 bytes | Created Date = 4/21/2007 3:39:16 PM | Attr = HS]
uvvwa.bak2 -> %System32%\uvvwa.bak2 -> [Ver = | Size = 567408 bytes | Created Date = 4/22/2007 3:39:24 PM | Attr = HS]
uvvwa.ini -> %System32%\uvvwa.ini -> [Ver = | Size = 618248 bytes | Created Date = 4/21/2007 3:39:06 PM | Attr = HS]
XceedCry.dll -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Created Date = 3/15/2007 11:19:58 AM | Attr = ]
XceedZip.dll -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Created Date = 3/15/2007 11:23:16 AM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 3/19/2007 8:59:01 AM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 4/15/2007 12:37:59 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/19/2007 10:33:08 PM | Attr = ]
yyvosso^.sys -> %System32%\drivers\yyvosso^.sys -> [Ver = | Size = 60416 bytes | Created Date = 4/15/2007 2:50:31 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 4/14/2007 5:49:08 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 4/14/2007 5:48:41 PM | Attr = ]
Activescan1.txt -> %UserDocuments%\Activescan1.txt -> [Ver = | Size = 6260 bytes | Created Date = 4/22/2007 1:19:59 PM | Attr = ]
Bloc_Party-A_Weekend_in_the_City-Proper-2007-JUST.torrent -> %UserDocuments%\Bloc_Party-A_Weekend_in_the_City-Proper-2007-JUST.torrent -> [Ver = | Size = 15628 bytes | Created Date = 2/26/2007 12:06:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Bloc_Party-A_Weekend_in_the_City-Proper-2007-JUST.torrent:Zone.Identifier ->
Doc2.doc -> %UserDocuments%\Doc2.doc -> [Ver = | Size = 27648 bytes | Created Date = 4/23/2007 10:46:51 PM | Attr = ]
john_mayer_-_continuum_2006-r0ck0n.torrent -> %UserDocuments%\john_mayer_-_continuum_2006-r0ck0n.torrent -> [Ver = | Size = 11155 bytes | Created Date = 2/26/2007 12:03:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\john_mayer_-_continuum_2006-r0ck0n.torrent:Zone.Identifier ->
Part 1.doc -> %UserDocuments%\Part 1.doc -> [Ver = | Size = 24064 bytes | Created Date = 3/19/2007 9:22:03 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 4/19/2007 10:33:14 PM | Attr = ]
MSN Messenger 7.0.lnk -> %AllUsersDesktop%\MSN Messenger 7.0.lnk -> [Ver = | Size = 1736 bytes | Created Date = 4/13/2007 9:24:25 PM | Attr = ]
150 - The Cell Games.rm -> %UserDesktop%\150 - The Cell Games.rm -> [Ver = | Size = 32102584 bytes | Created Date = 4/21/2007 1:27:25 PM | Attr = ]
151 - What is the Tournament.rm -> %UserDesktop%\151 - What is the Tournament.rm -> [Ver = | Size = 33348535 bytes | Created Date = 4/21/2007 1:55:40 PM | Attr = ]
153 - Meet Me in the Ring.rm -> %UserDesktop%\153 - Meet Me in the Ring.rm -> [Ver = | Size = 34154347 bytes | Created Date = 4/21/2007 4:18:37 PM | Attr = ]
154 - No Worries Here.rm -> %UserDesktop%\154 - No Worries Here.rm -> [Ver = | Size = 32739431 bytes | Created Date = 4/22/2007 4:32:04 PM | Attr = ]
Activescan.txt -> %UserDesktop%\Activescan.txt -> [Ver = | Size = 6260 bytes | Created Date = 4/15/2007 12:17:31 PM | Attr = ]
avenger -> %UserDesktop%\avenger -> [Folder | Created Date = 4/15/2007 2:43:52 PM | Attr = ]
avenger.zip -> %UserDesktop%\avenger.zip -> [Ver = | Size = 127378 bytes | Created Date = 4/15/2007 2:43:19 PM | Attr = ]
avgas-setup-7.5.0.50.exe -> %UserDesktop%\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Created Date = 4/19/2007 10:12:24 PM | Attr = ]
DBZ -> %UserDesktop%\DBZ -> [Folder | Created Date = 3/25/2007 10:44:14 AM | Attr = ]
Doc2.doc -> %UserDesktop%\Doc2.doc -> [Ver = | Size = 153088 bytes | Created Date = 4/14/2007 1:09:16 PM | Attr = ]
getrichordietrying_wallpaper1.jpg -> %UserDesktop%\getrichordietrying_wallpaper1.jpg -> [Ver = | Size = 165735 bytes | Created Date = 4/17/2007 1:57:09 PM | Attr = ]
index_r06_c07.gif -> %UserDesktop%\index_r06_c07.gif -> [Ver = | Size = 3183 bytes | Created Date = 4/23/2007 10:30:20 PM | Attr = ]
Italian Oral.doc -> %UserDesktop%\Italian Oral.doc -> [Ver = | Size = 21504 bytes | Created Date = 3/20/2007 7:47:53 PM | Attr = ]
NBA_TV_Top_10_April_22.zip.part -> %UserDesktop%\NBA_TV_Top_10_April_22.zip.part -> [Ver = | Size = 481753 bytes | Created Date = 4/23/2007 8:40:02 PM | Attr = ]
New Text Document.txt -> %UserDesktop%\New Text Document.txt -> [Ver = | Size = 3128 bytes | Created Date = 4/19/2007 10:13:24 PM | Attr = ]
Papoose - Victory 2007 (Prod. By Jimi Kendrixx).mp3 -> %UserDesktop%\Papoose - Victory 2007 (Prod. By Jimi Kendrixx).mp3 -> [Ver = | Size = 5367058 bytes | Created Date = 3/18/2007 5:36:00 PM | Attr = ]
Picture 003.jpg -> %UserDesktop%\Picture 003.jpg -> [Ver = | Size = 1059048 bytes | Created Date = 4/3/2007 10:00:18 PM | Attr = ]
Silent Alarm -> %UserDesktop%\Silent Alarm -> [Folder | Created Date = 4/6/2007 5:19:33 PM | Attr = ]
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 14848 bytes | Created Date = 4/17/2007 2:08:41 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
top10_070421.asf -> %UserDesktop%\top10_070421.asf -> [Ver = | Size = 17825694 bytes | Created Date = 4/23/2007 8:43:25 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 4/23/2007 9:51:12 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Created Date = 4/23/2007 8:20:41 PM | Attr = ]
xaviermaytimefairmeeings1-32007(2).doc -> %UserDesktop%\xaviermaytimefairmeeings1-32007(2).doc -> [Ver = | Size = 103424 bytes | Created Date = 4/5/2007 12:04:12 PM | Attr = ]
xaviermaytimefairmeeings1-32007.doc -> %UserDesktop%\xaviermaytimefairmeeings1-32007.doc -> [Ver = | Size = 94720 bytes | Created Date = 3/13/2007 5:36:56 PM | Attr = ]
[AHQ] DBZ - 054 - 150 - Dubbed.torrent -> %UserDesktop%\[AHQ] DBZ - 054 - 150 - Dubbed.torrent -> [Ver = | Size = 224870 bytes | Created Date = 4/10/2007 5:43:52 PM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 4/15/2007 12:59:47 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 4/18/2007 5:49:54 PM | Attr = ]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 4/23/2007 7:48:54 PM | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 4/15/2007 2:52:38 PM | Attr = ]
hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [Ver = | Size = 494 bytes | Modified Date = 4/23/2007 10:46:04 PM | Attr = ]
Novell -> %SystemDrive%\Novell -> [Folder | Modified Date = 4/17/2007 2:17:32 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/22/2007 1:29:52 PM | Attr = R ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/18/2007 5:46:08 PM | Attr = ]
VundoFix.txt -> %SystemDrive%\VundoFix.txt -> [Ver = | Size = 11207 bytes | Modified Date = 4/21/2007 12:15:32 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/22/2007 1:12:58 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/17/2007 1:53:50 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 4/17/2007 1:56:20 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 4/17/2007 1:58:06 PM | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Modified Date = 3/30/2007 11:21:46 AM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 4/17/2007 1:57:54 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 4/17/2007 1:59:08 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 4/17/2007 1:58:52 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 4/17/2007 1:58:32 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 4/17/2007 1:55:54 PM | Attr = H ]
0.log -> %SystemRoot%\0.log -> [Ver = | Size = 0 bytes | Modified Date = 4/23/2007 7:47:10 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/22/2007 1:04:48 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/23/2007 7:47:04 PM | Attr = S]
comsetup.log -> %SystemRoot%\comsetup.log -> [Ver = | Size = 16377 bytes | Modified Date = 4/17/2007 1:59:34 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/22/2007 1:05:30 PM | Attr = S]
FaxSetup.log -> %SystemRoot%\FaxSetup.log -> [Ver = | Size = 49462 bytes | Modified Date = 4/17/2007 1:59:34 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 4/17/2007 1:56:44 PM | Attr = ]
iis6.log -> %SystemRoot%\iis6.log -> [Ver = | Size = 53627 bytes | Modified Date = 4/17/2007 1:59:34 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 4/17/2007 1:59:02 PM | Attr = ]
imsins.log -> %SystemRoot%\imsins.log -> [Ver = | Size = 1374 bytes | Modified Date = 4/17/2007 1:59:34 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/18/2007 3:09:50 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/18/2007 2:55:28 PM | Attr = HS]
KB918118.log -> %SystemRoot%\KB918118.log -> [Ver = | Size = 11574 bytes | Modified Date = 4/17/2007 1:56:34 PM | Attr = ]
KB924667.log -> %SystemRoot%\KB924667.log -> [Ver = | Size = 13594 bytes | Modified Date = 4/17/2007 1:58:26 PM | Attr = ]
KB926436.log -> %SystemRoot%\KB926436.log -> [Ver = | Size = 15193 bytes | Modified Date = 4/17/2007 1:58:02 PM | Attr = ]
KB927779.log -> %SystemRoot%\KB927779.log -> [Ver = | Size = 20150 bytes | Modified Date = 4/17/2007 1:59:34 PM | Attr = ]
KB927802.log -> %SystemRoot%\KB927802.log -> [Ver = | Size = 17221 bytes | Modified Date = 4/17/2007 1:59:02 PM | Attr = ]
KB928090-IE7.log -> %SystemRoot%\KB928090-IE7.log -> [Ver = | Size = 10310 bytes | Modified Date = 4/17/2007 1:57:50 PM | Attr = ]
KB928255.log -> %SystemRoot%\KB928255.log -> [Ver = | Size = 16887 bytes | Modified Date = 4/17/2007 1:58:48 PM | Attr = ]
KB928843.log -> %SystemRoot%\KB928843.log -> [Ver = | Size = 10322 bytes | Modified Date = 4/17/2007 1:56:10 PM | Attr = ]
MedCtrOC.log -> %SystemRoot%\MedCtrOC.log -> [Ver = | Size = 3400 bytes | Modified Date = 4/17/2007 1:59:34 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 2435 bytes | Modified Date = 4/21/2007 12:36:10 PM | Attr = ]
msgsocm.log -> %SystemRoot%\msgsocm.log -> [Ver = | Size = 2472 bytes | Modified Date = 4/17/2007 1:59:34 PM | Attr = ]
msmqinst.log -> %SystemRoot%\msmqinst.log -> [Ver = | Size = 15164 bytes | Modified Date = 4/17/2007 1:59:32 PM | Attr = ]
netfxocm.log -> %SystemRoot%\net

#4 Tony23

Tony23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 April 2007 - 11:48 PM

Please disregard this thread. I've created a new one which is easier to view.

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:21 AM

Posted 28 April 2007 - 09:57 AM

Hello Tony23 and welcome to the BC HijackThis forum. It looks like a vundo infection. Let's see what we find.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Now run a new WinPFind3u scan by doing the following:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar (do not change any of the default options).
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Post the following back here:
  • The [b]Vundofix.txt report
  • The new WinPFind3u log
I will review the information when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 Tony23

Tony23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 29 April 2007 - 12:06 AM

Hey Oldtimer,

Thanks alot for your reply.

I managed to get some outside help, because a couple of days ago my laptop went crazy and I needed urgent help.

The Vunndo seems to have been removed and my laptop is running normal again.

Thanks anyway and I appreciate the time you took to look at my problems.

Cheers,

Tony

Edited by Tony23, 29 April 2007 - 12:12 AM.


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:21 AM

Posted 29 April 2007 - 07:09 AM

Glad to hear things are fixed. I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users