Logfile created on: 10/05/2006 10:21 WinPFind2 by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\Frank Wilson\Desktop\WinPFind2\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) < All Processes > \systemroot\system32\smss.exe - (Microsoft Corporation ) \??\c:\windows\system32\csrss.exe - (Microsoft Corporation ) \??\c:\windows\system32\winlogon.exe - (Microsoft Corporation ) c:\windows\system32\services.exe - (Microsoft Corporation ) c:\windows\system32\lsass.exe - (Microsoft Corporation ) c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] - (Microsoft Corporation ) (DcomLaunch) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation ) (TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation ) (TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation ) c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation ) (RpcSs) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation ) c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation ) (AppMgmt) C:\WINDOWS\System32\appmgmts.dll - (File not found)) (AudioSrv) C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation ) (BITS) C:\WINDOWS\system32\qmgr.dll - (Microsoft Corporation ) (Browser) C:\WINDOWS\System32\browser.dll - (Microsoft Corporation ) (CryptSvc) C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation ) (Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation ) (dmserver) C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp. ) (ERSvc) C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation ) (EventSystem) C:\WINDOWS\system32\es.dll - (Microsoft Corporation ) (FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation ) (helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found)) (HidServ) C:\WINDOWS\System32\hidserv.dll - (File not found)) (lanmanserver) C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation ) (lanmanworkstation) C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation ) (Messenger) C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation ) (Netman) C:\WINDOWS\System32\netman.dll - (Microsoft Corporation ) (Nla) C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation ) (NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation ) (RasAuto) C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation ) (RasMan) C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation ) (RemoteAccess) C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation ) (Schedule) C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation ) (seclogon) C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation ) (SENS) C:\WINDOWS\system32\sens.dll - (Microsoft Corporation ) (SharedAccess) C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation ) (ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation ) (srservice) C:\WINDOWS\system32\srsvc.dll - (Microsoft Corporation ) (TapiSrv) C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation ) (Themes) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation ) (TrkWks) C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation ) (W32Time) C:\WINDOWS\system32\w32time.dll - (Microsoft Corporation ) (winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation ) (WmdmPmSN) C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation ) (wscsvc) C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation ) (wuauserv) C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation ) (WZCSVC) C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation ) (xmlprov) C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation ) c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] - (Microsoft Corporation ) (Dnscache) C:\WINDOWS\System32\dnsrslvr.dll - (Microsoft Corporation ) c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation ) (Alerter) C:\WINDOWS\system32\alrsvc.dll - (Microsoft Corporation ) (LmHosts) C:\WINDOWS\System32\lmhsvc.dll - (Microsoft Corporation ) (SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll - (Microsoft Corporation ) (upnphost) C:\WINDOWS\System32\upnphost.dll - (Microsoft Corporation ) (WebClient) C:\WINDOWS\System32\webclnt.dll - (Microsoft Corporation ) c:\windows\system32\spoolsv.exe - (Microsoft Corporation ) c:\program files\common files\acronis\schedule2\schedul2.exe - (Acronis ) c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. ) c:\progra~1\grisoft\avg7\avgamsvr.exe - (GRISOFT, s.r.o. ) c:\progra~1\grisoft\avg7\avgupsvc.exe - (GRISOFT, s.r.o. ) c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K BTHSVCS] - (Microsoft Corporation ) (BthServ) C:\WINDOWS\System32\bthserv.dll - (Microsoft Corporation ) c:\program files\common files\microsoft shared\vs7debug\mdm.exe - (Microsoft Corporation ) c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation ) (stisvc) C:\WINDOWS\system32\wiaservc.dll - (Microsoft Corporation ) c:\windows\system32\wdfmgr.exe - (Microsoft Corporation ) c:\windows\explorer.exe - (Microsoft Corporation ) c:\windows\system32\alg.exe - (Microsoft Corporation ) c:\program files\asus\wlan card utilities\center.exe - (ASUSTeK COMPUTER INC. ) c:\windows\soundman.exe - (Realtek Semiconductor Corp. ) c:\progra~1\grisoft\avg7\avgcc.exe - (GRISOFT, s.r.o. ) c:\program files\microsoft intellitype pro\type32.exe - (Microsoft Corporation ) c:\program files\java\jre1.5.0_06\bin\jusched.exe - (Sun Microsystems, Inc. ) c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. ) c:\windows\system32\rundll32.exe - (Microsoft Corporation ) c:\program files\acronis\trueimage\trueimagemonitor.exe - (Acronis ) c:\program files\common files\acronis\schedule2\schedhlp.exe - (Acronis ) c:\progra~1\nokia\nokiap~1\launch~1.exe - (Nokia ) c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe - (Anti-Malware Development a.s. ) c:\windows\system32\ctfmon.exe - (Microsoft Corporation ) c:\program files\messenger\msmsgs.exe - (Microsoft Corporation ) c:\program files\microsoft money\system\mnyexpr.exe - (Microsoft Corporation ) c:\program files\common files\ahead\lib\nmbgmonitor.exe - (Nero AG ) c:\program files\google\googletoolbarnotifier\1.0.720.3640\googletoolbarnotifier.exe - (Google Inc. ) c:\program files\common files\pcsuite\services\servicelayer.exe - (Nokia. ) c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] - (Microsoft Corporation ) (HTTPFilter) C:\WINDOWS\System32\w3ssl.dll - (Microsoft Corporation ) c:\windows\system32\wscntfy.exe - (Microsoft Corporation ) c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation ) c:\windows\system32\wisptis.exe - (Microsoft Corporation ) c:\documents and settings\frank wilson\desktop\winpfind2\winpfind2.exe - (OldTimer Tools ) < Registry Entries > [>> Internet Explorer Settings <<] HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm HKCU->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU->Main\\Search Bar - http://www.google.com/ie HKCU->Main\\Search Page - http://www.google.com HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation ) HKCU->Internet Settings\\ProxyEnable - 0 [>> BHO's <<] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated ) {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - Reg Data missing or invalid = C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation ) {53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited ) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. ) {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc. ) {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)) [>> Internet Explorer Bars, Toolbars and Extensions <<] [HKLM-> Internet Explorer Bars] {4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation ) [HKCU-> Internet Explorer Bars] {EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation ) [HKCU-> Internet Explorer ToolBars] ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. ) WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation ) WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. ) [HKCU-> Internet Explorer CmdMapping] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8194 - Sun Java Console {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 - Reg Data missing or invalid {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - 8195 - Reg Data missing or invalid {FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 - Windows Messenger NextId - 8196 [HKLM-> Internet Explorer Extensions] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. ) {08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. ) {92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research = Reg Data missing or invalid (File not found)) {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - ButtonText: MoneySide = Reg Data missing or invalid (File not found)) {FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation ) [HKCU-> Internet Explorer Menu Extensions] E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation ) [>> Approved Shell Extensions (Non-Microsoft only) <<] [HKLM-> Approved Shell Extensions] {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found)) {0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found)) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - PhoneBrowser = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Nokia ) {42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)) {764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found)) {7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found)) {7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG ) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found)) {88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. ) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. ) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. ) {B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG ) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. ) [>> ContextMenuHandlers (Non-Microsoft only) <<] [HKLM-> ContextMenuHandlers] * - {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - Reg Data missing or invalid = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG ) * - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. ) * - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. ) * - WS_FTP - {797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpsi.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 ) Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. ) Folder - {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - Reg Data missing or invalid = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG ) Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. ) Folder - WS_FTP - {797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpsi.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 ) [>> ColumnHandlers (Non-Microsoft only) <<] [HKLM-> ColumnHandlers] Folder - {7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG ) [>> File Associations Keys <<] HKLM->SOFTWARE\Classes\.bat\\'' - batfile HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %* HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %* HKLM->SOFTWARE\Classes\.com\\'' - comfile HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %* HKLM->SOFTWARE\Classes\.exe\\'' - exefile HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %* HKLM->SOFTWARE\Classes\.hta\\'' - htafile HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %* HKLM->SOFTWARE\Classes\.js\\'' - JSFile HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.scr\\'' - scrfile HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.txt\\'' - txtfile HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1 [>> Registry Run Keys <<] HKLM->Run\\!AVG Anti-Spyware - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. ) HKLM->Run\\Acronis Scheduler2 Service - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis ) HKLM->Run\\AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o. ) HKLM->Run\\BluetoothAuthenticationAgent - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation ) HKLM->Run\\Control Center - C:\Program Files\ASUS\WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC. ) HKLM->Run\\MSConfig - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation ) HKLM->Run\\NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh ) HKLM->Run\\OSSelectorReinstall - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ( ) HKLM->Run\\PCSuiteTrayApplication - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup (Nokia ) HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. ) HKLM->Run\\SoundMan - SOUNDMAN.EXE (Realtek Semiconductor Corp. ) HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc. ) HKLM->Run\\TrueImageMonitor.exe - C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis ) HKLM->Run\\type32 - "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation ) HKLM->Run\OptionalComponents\IMAIL - Installed = 1 HKLM->Run\OptionalComponents\MAPI - Installed = 1 HKLM->Run\OptionalComponents\MSFS - Installed = 1 HKCU->Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (Nero AG ) HKCU->Run\\CTFMON.EXE - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation ) HKCU->Run\\MoneyAgent - "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (Microsoft Corporation ) HKCU->Run\\MSMSGS - "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation ) HKCU->Run\\swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc. ) [>> Miscellaneous Startup Keys <<] [AppInit DLLs] AppInit_DLL - (File not found)) [Image File Execution Options] Your Image File Name Here without a path - Debugger = ntsd -d [Shell Service Object Delay Load] CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation ) UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation ) WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation ) [Shell Execute Hooks] {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. ) {AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation ) [Shared Task Scheduler] [SafeBoot Option] [HKLM Command Processor AutoRun] HKLM->Command Processor\\AutoRun - [HKCU Command Processor AutoRun] [Security Providers] SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll [BootExecute] Session Manager\\BootExecute - autocheck autochk *; [PendingFileRenameOperations] [FileRenameOperations] [ExcludeFromKnownDlls] Session Manager\\ExcludeFromKnownDlls - [>> Disabled MSConfig Items <<] StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk - HotSync Manager = C:\PROGRA~1\Palm\HOTSYNC.EXE (File not found)) StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - InterVideo WinCinema Manager = C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE (InterVideo Inc. ) StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk - Picture Package Menu = C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe (Sony Corporation ) StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk - Picture Package VCD Maker = C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE -h (Sony Corporation. ) StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - QuickBooks Update Agent = C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe (Intuit, Inc. ) [>> User Agent Post Platform <<] SV1 - [>> Winlogon <<] HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation ) HKLM->Shell - Explorer.exe (Microsoft Corporation ) HKLM->System - (File not found)) HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl" Notify\crypt32chain - crypt32.dll (Microsoft Corporation ) Notify\cryptnet - cryptnet.dll (Microsoft Corporation ) Notify\cscdll - cscdll.dll (Microsoft Corporation ) Notify\ScCertProp - wlnotify.dll (Microsoft Corporation ) Notify\Schedule - wlnotify.dll (Microsoft Corporation ) Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation ) Notify\SensLogn - WlNotify.dll (Microsoft Corporation ) Notify\termsrv - wlnotify.dll (Microsoft Corporation ) Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation ) Notify\wlballoon - wlnotify.dll (Microsoft Corporation ) [>> DNS Name Servers <<] {09663769-C9E9-4707-B7A1-C206A8B404A3} - () {5EB2B428-261E-4D45-94C8-AADC02D380D2} - (ASUS 802.11b/g Wireless LAN Card) {7DD83CE5-D063-4C31-8F9F-E39A220E9860} - (1394 Net Adapter) {8D1DEFFC-C74D-4E05-8DD2-40C0E3419D92} - () {93434890-27C5-42DC-ADB2-783E91E45987} - () {FD6283AA-942D-4D1A-89C2-D9C87C1EE601} - 213.130.128.32,213.130.128.33 (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) [>> All Winsock2 Catalogs <<] NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation ) NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation ) NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation ) NameSpace_Catalog5\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) [>> Protocol Handlers (Non-Microsoft only) <<] ipp - (File not found)) msdaipp - (File not found)) [>> Protocol Filters (Non-Microsoft only) <<] < All Services > 61883 Unit Device (61883) - system32\DRIVERS\61883.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Abiosdsk (Abiosdsk) - (File not found)) [Disabled - Stopped - Kernel driver] abp480n5 (abp480n5) - (File not found)) [Disabled - Stopped - Kernel driver] Microsoft ACPI Driver (ACPI) - \SystemRoot\system32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver] ACPIEC (ACPIEC) - (File not found)) [Disabled - Stopped - Kernel driver] Acronis Scheduler2 Service (AcrSch2Svc) - "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" (Acronis ) [Automatic - Running - Win32, running in it's own process] adpu160m (adpu160m) - (File not found)) [Disabled - Stopped - Kernel driver] Microsoft Kernel Acoustic Echo Canceller (aec) - system32\drivers\aec.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] AFD (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [ - Running - Kernel driver] Aha154x (Aha154x) - (File not found)) [Disabled - Stopped - Kernel driver] aic78u2 (aic78u2) - (File not found)) [Disabled - Stopped - Kernel driver] aic78xx (aic78xx) - (File not found)) [Disabled - Stopped - Kernel driver] Service for WDM 3D Audio Driver (ALCXSENS) - system32\drivers\ALCXSENS.SYS (Sensaura ) [On Demand - Running - Kernel driver] Service for Realtek AC97 Audio (WDM) (ALCXWDM) - system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp. ) [On Demand - Running - Kernel driver] Alerter (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process] Application Layer Gateway Service (ALG) - C:\WINDOWS\System32\alg.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process] AliIde (AliIde) - (File not found)) [Disabled - Stopped - Kernel driver] amsint (amsint) - (File not found)) [Disabled - Stopped - Kernel driver] Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] 1394 ARP Client Protocol (Arp1394) - system32\DRIVERS\arp1394.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] asc (asc) - (File not found)) [Disabled - Stopped - Kernel driver] asc3350p (asc3350p) - (File not found)) [Disabled - Stopped - Kernel driver] asc3550 (asc3550) - (File not found)) [Disabled - Stopped - Kernel driver] ASNDIS5 Protocol Driver (ASNDIS5) - \??\C:\WINDOWS\system32\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA) ) [On Demand - Running - Kernel driver] RAS Asynchronous Media Driver (AsyncMac) - system32\DRIVERS\asyncmac.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\system32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver] Atdisk (Atdisk) - (File not found)) [Disabled - Stopped - Kernel driver] ati2mtag (ati2mtag) - system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc. ) [On Demand - Running - Kernel driver] ATM ARP Client Protocol (Atmarpc) - system32\DRIVERS\atmarpc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Audio Stub Driver (audstub) - system32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] AVC Device (Avc) - system32\DRIVERS\avc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ( ) [ - Running - Kernel driver] AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process] AVG7 Alert Manager Server (Avg7Alrt) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process] AVG7 Kernel (Avg7Core) - \SystemRoot\System32\Drivers\avg7core.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver] AVG7 Wrap Driver (Avg7RsW) - \SystemRoot\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver] AVG7 Rezident Driver (Avg7RsXP) - \SystemRoot\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver] AVG7 Update Service (Avg7UpdSvc) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process] AVG Anti-Spyware Clean Driver (AvgAsCln) - System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver] AVG Network Redirector (AvgTdi) - \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (GRISOFT, s.r.o. ) [Automatic - Running - Kernel driver] Beep (Beep) - (File not found)) [ - Running - Kernel driver] Background Intelligent Transfer Service (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] Computer Browser (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Bluetooth Request Block Driver (BthEnum) - system32\DRIVERS\BthEnum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Bluetooth Modem Communications Driver (BTHMODEM) - system32\DRIVERS\bthmodem.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Bluetooth Device (Personal Area Network) (BthPan) - system32\DRIVERS\bthpan.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Bluetooth Port Driver (BTHPORT) - System32\Drivers\BTHport.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Bluetooth Support Service (BthServ) - C:\WINDOWS\system32\svchost.exe -k bthsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Bluetooth Radio USB Driver (BTHUSB) - System32\Drivers\BTHUSB.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] cbidf2k (cbidf2k) - (File not found)) [Disabled - Stopped - Kernel driver] Closed Caption Decoder (CCDECODE) - system32\DRIVERS\CCDECODE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] cd20xrnt (cd20xrnt) - (File not found)) [Disabled - Stopped - Kernel driver] Cdaudio (Cdaudio) - (File not found)) [ - Stopped - Kernel driver] Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver] cdrbsdrv (cdrbsdrv) - (File not found)) [ - Running - Kernel driver] CD-ROM Driver (Cdrom) - system32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver] Changer (Changer) - (File not found)) [ - Stopped - Kernel driver] Indexing Service (CiSvc) - C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process] CmdIde (CmdIde) - (File not found)) [Disabled - Stopped - Kernel driver] COM+ System Application (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Cpqarray (Cpqarray) - (File not found)) [Disabled - Stopped - Kernel driver] Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] dac960nt (dac960nt) - (File not found)) [Disabled - Stopped - Kernel driver] DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] DHCP Client (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Disk Driver (Disk) - \SystemRoot\system32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver] Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com (Microsoft Corp., Veritas Software ) [On Demand - Stopped - Win32, running in a shared process] dmboot (dmboot) - System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver] dmio (dmio) - System32\drivers\dmio.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver] dmload (dmload) - System32\drivers\dmload.sys (Microsoft Corp., Veritas Software. ) [Disabled - Stopped - Kernel driver] Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] Microsoft Kernel DLS Syntheiszer (DMusic) - system32\drivers\DMusic.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] DNS Client (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] dpti2o (dpti2o) - (File not found)) [Disabled - Stopped - Kernel driver] Microsoft Kernel DRM Audio Descrambler (drmkaud) - system32\drivers\drmkaud.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Event Log (Eventlog) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] COM+ Event System (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] Fastfat (Fastfat) - (File not found)) [Disabled - Running - Filesystem driver] Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] Floppy Disk Controller Driver (Fdc) - system32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Fips (Fips) - (File not found)) [ - Running - Kernel driver] Floppy Disk Driver (Flpydisk) - system32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] FltMgr (FltMgr) - \SystemRoot\system32\DRIVERS\fltMgr.sys (Microsoft Corporation ) [ - Running - Filesystem driver] Volume Manager Driver (Ftdisk) - \SystemRoot\system32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver] Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms (gagp30kx) - \SystemRoot\system32\DRIVERS\gagp30kx.sys (Microsoft Corporation ) [ - Running - Kernel driver] Game Port Enumerator (gameenum) - system32\DRIVERS\gameenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] gmer (gmer) - System32\DRIVERS\gmer.sys (GMER ) [On Demand - Stopped - Kernel driver] Generic Packet Classifier (Gpc) - system32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Human Interface Device Access (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process] Microsoft HID Class Driver (HidUsb) - system32\DRIVERS\hidusb.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] hpn (hpn) - (File not found)) [Disabled - Stopped - Kernel driver] HTTP (HTTP) - System32\Drivers\HTTP.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] i2omgmt (i2omgmt) - (File not found)) [ - Stopped - Kernel driver] i2omp (i2omp) - (File not found)) [Disabled - Stopped - Kernel driver] i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - system32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Running - Kernel driver] CD-Burning Filter Driver (Imapi) - system32\DRIVERS\imapi.sys (Microsoft Corporation ) [ - Running - Kernel driver] IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\system32\imapi.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] ini910u (ini910u) - (File not found)) [Disabled - Stopped - Kernel driver] IntelIde (IntelIde) - (File not found)) [Disabled - Stopped - Kernel driver] IPv6 Windows Firewall Driver (Ip6Fw) - system32\DRIVERS\Ip6Fw.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] IP Traffic Filter Driver (IpFilterDriver) - system32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] IP in IP Tunnel Driver (IpInIp) - system32\DRIVERS\ipinip.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] IP Network Address Translator (IpNat) - system32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] IPSEC driver (IPSec) - system32\DRIVERS\ipsec.sys (Microsoft Corporation ) [ - Running - Kernel driver] IR Enumerator Service (IRENUM) - system32\DRIVERS\irenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\system32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver] Keyboard Class Driver (Kbdclass) - system32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver] Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver] Server (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Workstation (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] lbrtfdc (lbrtfdc) - (File not found)) [ - Stopped - Kernel driver] TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Machine Debug Manager (MDM) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process] Messenger (Messenger) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process] mnmdd (mnmdd) - (File not found)) [ - Running - Kernel driver] NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Modem (Modem) - (File not found)) [On Demand - Stopped - Kernel driver] Unimodem Streaming Filter Device (MODEMCSA) - system32\drivers\MODEMCSA.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Mouse Class Driver (Mouclass) - system32\DRIVERS\mouclass.sys (Microsoft Corporation ) [ - Running - Kernel driver] MountMgr (MountMgr) - (File not found)) [ - Running - Kernel driver] mraid35x (mraid35x) - (File not found)) [Disabled - Stopped - Kernel driver] WebDav Client Redirector (MRxDAV) - system32\DRIVERS\mrxdav.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver] MRXSMB (MRxSmb) - system32\DRIVERS\mrxsmb.sys (Microsoft Corporation ) [ - Running - Filesystem driver] Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Microsoft DV Camera and VCR (MSDV) - system32\DRIVERS\msdv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Msfs (Msfs) - (File not found)) [ - Running - Filesystem driver] Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] Microsoft Streaming Service Proxy (MSKSSRV) - system32\drivers\MSKSSRV.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Microsoft Streaming Clock Proxy (MSPCLOCK) - system32\drivers\MSPCLOCK.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Microsoft Streaming Quality Manager Proxy (MSPQM) - system32\drivers\MSPQM.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Microsoft System Management BIOS Driver (mssmbios) - system32\DRIVERS\mssmbios.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Microsoft Streaming Tee/Sink-to-Sink Converter (MSTEE) - system32\drivers\MSTEE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Microsoft MPU-401 MIDI UART Driver (ms_mpu401) - system32\drivers\msmpu401.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Mup (Mup) - (File not found)) [ - Running - Filesystem driver] NABTS/FEC VBI Codec (NABTSFEC) - system32\DRIVERS\NABTSFEC.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] NDIS System Driver (NDIS) - (File not found)) [ - Running - Kernel driver] Microsoft TV/Video Connection (NdisIP) - system32\DRIVERS\NdisIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Remote Access NDIS TAPI Driver (NdisTapi) - system32\DRIVERS\ndistapi.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] NDIS Usermode I/O Protocol (Ndisuio) - system32\DRIVERS\ndisuio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Remote Access NDIS WAN Driver (NdisWan) - system32\DRIVERS\ndiswan.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] NDIS Proxy (NDProxy) - (File not found)) [On Demand - Running - Kernel driver] NetBIOS Interface (NetBIOS) - system32\DRIVERS\netbios.sys (Microsoft Corporation ) [ - Running - Filesystem driver] NetBios over Tcpip (NetBT) - system32\DRIVERS\netbt.sys (Microsoft Corporation ) [ - Running - Kernel driver] Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process] Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process] Net Logon (Netlogon) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] 1394 Net Driver (NIC1394) - system32\DRIVERS\nic1394.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Network Location Awareness (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] Npfs (Npfs) - (File not found)) [ - Running - Filesystem driver] Ntfs (Ntfs) - (File not found)) [Disabled - Running - Filesystem driver] NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] Null (Null) - (File not found)) [ - Running - Kernel driver] IPX Traffic Filter Driver (NwlnkFlt) - system32\DRIVERS\nwlnkflt.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] IPX Traffic Forwarder Driver (NwlnkFwd) - system32\DRIVERS\nwlnkfwd.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] VIA OHCI Compliant IEEE 1394 Host Controller (ohci1394) - \SystemRoot\system32\DRIVERS\ohci1394.sys (Microsoft Corporation ) [ - Running - Kernel driver] Office Source Engine (ose) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Parallel port driver (Parport) - system32\DRIVERS\parport.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] PartMgr (PartMgr) - (File not found)) [ - Running - Kernel driver] ParVdm (ParVdm) - (File not found)) [Automatic - Running - Kernel driver] PCI Bus Driver (PCI) - \SystemRoot\system32\DRIVERS\pci.sys (Microsoft Corporation ) [ - Running - Kernel driver] PCIDump (PCIDump) - (File not found)) [ - Stopped - Kernel driver] PCIIde (PCIIde) - (File not found)) [Disabled - Stopped - Kernel driver] Pcmcia (Pcmcia) - (File not found)) [Disabled - Stopped - Kernel driver] PDCOMP (PDCOMP) - (File not found)) [On Demand - Stopped - Kernel driver] PDFRAME (PDFRAME) - (File not found)) [On Demand - Stopped - Kernel driver] PDRELI (PDRELI) - (File not found)) [On Demand - Stopped - Kernel driver] PDRFRAME (PDRFRAME) - (File not found)) [On Demand - Stopped - Kernel driver] perc2 (perc2) - (File not found)) [Disabled - Stopped - Kernel driver] perc2hib (perc2hib) - (File not found)) [Disabled - Stopped - Kernel driver] Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] IPSEC Services (PolicyAgent) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] WAN Miniport (PPTP) (PptpMiniport) - system32\DRIVERS\raspptp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Processor Driver (Processor) - system32\DRIVERS\processr.sys (Microsoft Corporation ) [ - Running - Kernel driver] Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Direct Parallel Link Driver (Ptilink) - system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc. ) [On Demand - Running - Kernel driver] ql1080 (ql1080) - (File not found)) [Disabled - Stopped - Kernel driver] Ql10wnt (Ql10wnt) - (File not found)) [Disabled - Stopped - Kernel driver] ql12160 (ql12160) - (File not found)) [Disabled - Stopped - Kernel driver] ql1240 (ql1240) - (File not found)) [Disabled - Stopped - Kernel driver] ql1280 (ql1280) - (File not found)) [Disabled - Stopped - Kernel driver] Remote Access Auto Connection Driver (RasAcd) - system32\DRIVERS\rasacd.sys (Microsoft Corporation ) [ - Running - Kernel driver] Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] WAN Miniport (L2TP) (Rasl2tp) - system32\DRIVERS\rasl2tp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Remote Access Connection Manager (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] Remote Access PPPOE Driver (RasPppoe) - system32\DRIVERS\raspppoe.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Direct Parallel (Raspti) - system32\DRIVERS\raspti.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Rdbss (Rdbss) - system32\DRIVERS\rdbss.sys (Microsoft Corporation ) [ - Running - Filesystem driver] RDPCDD (RDPCDD) - System32\DRIVERS\RDPCDD.sys (Microsoft Corporation ) [ - Running - Kernel driver] RDPWD (RDPWD) - (File not found)) [On Demand - Stopped - Kernel driver] Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Digital CD Audio Playback Filter Driver (redbook) - system32\DRIVERS\redbook.sys (Microsoft Corporation ) [ - Running - Kernel driver] Routing and Remote Access (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process] Bluetooth Device (RFCOMM Protocol TDI) (RFCOMM) - system32\DRIVERS\rfcomm.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] AsusTek RT2500 Wireless Driver (RT2500) - system32\DRIVERS\RT2500.sys (Ralink Technology Inc. ) [On Demand - Running - Kernel driver] Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Smart Card (SCardSvr) - C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Secdrv (Secdrv) - system32\DRIVERS\secdrv.sys ( ) [On Demand - Stopped - Kernel driver] Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Serenum Filter Driver (serenum) - system32\DRIVERS\serenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Serial port driver (Serial) - system32\DRIVERS\serial.sys (Microsoft Corporation ) [ - Running - Kernel driver] ServiceLayer (ServiceLayer) - "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" (Nokia. ) [On Demand - Running - Win32, running in it's own process] High-Capacity Floppy Disk Drive (Sfloppy) - system32\DRIVERS\sfloppy.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Simbad (Simbad) - (File not found)) [Disabled - Stopped - Kernel driver] BDA Slip De-Framer (SLIP) - system32\DRIVERS\SLIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Acronis Snapshots Manager (snapman) - \SystemRoot\system32\DRIVERS\snapman.sys (Acronis ) [ - Running - Kernel driver] Sony Digital Imaging Video2 (sonypvs1) - system32\DRIVERS\sonypvs1.sys (Sony Corporation ) [On Demand - Stopped - Kernel driver] Sparrow (Sparrow) - (File not found)) [Disabled - Stopped - Kernel driver] Microsoft Kernel Audio Splitter (splitter) - system32\drivers\splitter.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process] System Restore Filter Driver (sr) - \SystemRoot\system32\DRIVERS\sr.sys (Microsoft Corporation ) [ - Running - Filesystem driver] System Restore Service (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Srv (Srv) - system32\DRIVERS\srv.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver] SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] BDA IPSink (streamip) - system32\DRIVERS\StreamIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Software Bus Driver (swenum) - system32\DRIVERS\swenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Microsoft Kernel GS Wavetable Synthesizer (swmidi) - system32\drivers\swmidi.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{E98979EF-0935-4DE1-A958-4408591D184A} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] symc810 (symc810) - (File not found)) [Disabled - Stopped - Kernel driver] symc8xx (symc8xx) - (File not found)) [Disabled - Stopped - Kernel driver] sym_hi (sym_hi) - (File not found)) [Disabled - Stopped - Kernel driver] sym_u3 (sym_u3) - (File not found)) [Disabled - Stopped - Kernel driver] Microsoft Kernel System Audio Device (sysaudio) - system32\drivers\sysaudio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] TCP/IP Protocol Driver (Tcpip) - system32\DRIVERS\tcpip.sys (Microsoft Corporation ) [ - Running - Kernel driver] TDPIPE (TDPIPE) - (File not found)) [On Demand - Stopped - Kernel driver] TDTCP (TDTCP) - (File not found)) [On Demand - Stopped - Kernel driver] Terminal Device Driver (TermDD) - system32\DRIVERS\termdd.sys (Microsoft Corporation ) [ - Running - Kernel driver] Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] Themes (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Acronis TrueImage FS Filter (tifsfilter) - system32\DRIVERS\tifsfilt.sys (Acronis ) [Automatic - Running - Filesystem driver] Acronis TrueImage Backup Archive Explorer (timounter) - \SystemRoot\system32\DRIVERS\timntr.sys (Acronis ) [ - Running - Kernel driver] TosIde (TosIde) - (File not found)) [Disabled - Stopped - Kernel driver] Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Udfs (Udfs) - (File not found)) [Disabled - Stopped - Filesystem driver] ultra (ultra) - (File not found)) [Disabled - Stopped - Kernel driver] Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process] USBAT Controller Driver (UPATC) - system32\DRIVERS\upatc.sys (SCM Microsystems Inc. ) [On Demand - Stopped - Kernel driver] Microcode Update Driver (Update) - system32\DRIVERS\update.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process] Uninterruptible Power Supply (UPS) - C:\WINDOWS\System32\ups.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] USB Audio Driver (WDM) (usbaudio) - system32\drivers\usbaudio.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Microsoft USB Generic Parent Driver (usbccgp) - system32\DRIVERS\usbccgp.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Microsoft USB 2.0 Enhanced Host Controller Miniport Driver (usbehci) - system32\DRIVERS\usbehci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Microsoft USB Standard Hub Driver (usbhub) - system32\DRIVERS\usbhub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] Microsoft USB PRINTER Class (usbprint) - system32\DRIVERS\usbprint.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] USB Mass Storage Driver (USBSTOR) - system32\DRIVERS\USBSTOR.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Microsoft USB Universal Host Controller Miniport Driver (usbuhci) - system32\DRIVERS\usbuhci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] VgaSave (VgaSave) - \SystemRoot\System32\drivers\vga.sys (Microsoft Corporation ) [ - Running - Kernel driver] VIA AGP Filter (viaagp1) - \SystemRoot\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc. ) [ - Running - Kernel driver] ViaIde (ViaIde) - \SystemRoot\system32\DRIVERS\viaide.sys (Microsoft Corporation ) [ - Running - Kernel driver] viasraid (viasraid) - \SystemRoot\system32\DRIVERS\viasraid.sys (VIA Technologies inc,.ltd ) [ - Running - Kernel driver] VolSnap (VolSnap) - (File not found)) [ - Running - Kernel driver] Volume Shadow Copy (VSS) - C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Remote Access IP ARP Driver (Wanarp) - system32\DRIVERS\wanarp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] WDICA (WDICA) - (File not found)) [On Demand - Stopped - Kernel driver] Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - system32\drivers\wdmaud.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver] WebClient (WebClient) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process] Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] World Standard Teletext Codec (WSTCODEC) - system32\DRIVERS\WSTCODEC.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver] Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process] Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Stopped - Win32, running in a shared process] Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process] NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwxp) - system32\DRIVERS\yk51x86.sys (Marvell ) [On Demand - Running - Kernel driver] VIMICRO USB PC Camera (ZSMC301b) - System32\Drivers\usbVM31b.sys (VM ) [On Demand - Stopped - Kernel driver] < Files > %SystemDrive% %ProgramFilesDir% %WinDir% %System% C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL - WSUD (Realtek Semiconductor Corp. [Ver = 2.2.22 | Size = 14250496 bytes | Date = 03/19/2004 03:44 | Attr = ]) C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ]) C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 18:37 | Attr = ]) C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 18:37 | Attr = ]) C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ]) %System%\Drivers folder and sub-folders C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - UPX! (GRISOFT, s.r.o. [Ver = 7,1,0,407 | Size = 778656 bytes | Date = 09/20/2006 20:00 | Attr = ]) C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - FSG! (GRISOFT, s.r.o. [Ver = 7,1,0,407 | Size = 778656 bytes | Date = 09/20/2006 20:00 | Attr = ]) C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - PEC2 (GRISOFT, s.r.o. [Ver = 7,1,0,407 | Size = 778656 bytes | Date = 09/20/2006 20:00 | Attr = ]) C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - aspack (GRISOFT, s.r.o. [Ver = 7,1,0,407 | Size = 778656 bytes | Date = 09/20/2006 20:00 | Attr = ]) %windir% + sub-dirs for System or Hidden files less than 60 days old C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 10/05/2006 08:10 | Attr = S]) C:\WINDOWS\QTFont.qfn - ( [Ver = | Size = 54156 bytes | Date = 09/29/2006 15:38 | Attr = H ]) C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat - ( [Ver = | Size = 11749 bytes | Date = 08/21/2006 14:00 | Attr = S]) C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat - ( [Ver = | Size = 8847 bytes | Date = 09/18/2006 15:40 | Attr = S]) C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/05/2006 08:11 | Attr = H ]) C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/05/2006 08:10 | Attr = H ]) C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/05/2006 08:20 | Attr = H ]) C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/05/2006 10:14 | Attr = H ]) C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/05/2006 08:14 | Attr = H ]) C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/13/2006 22:22 | Attr = H ]) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\6cb103b5-d513-495e-9d78-4b98288cc59f - ( [Ver = | Size = 388 bytes | Date = 08/30/2006 06:24 | Attr = HS]) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 08/30/2006 06:24 | Attr = HS]) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\5d3568dd-3539-4445-925b-a463a30e6532 - ( [Ver = | Size = 388 bytes | Date = 08/07/2006 18:31 | Attr = HS]) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 08/07/2006 18:31 | Attr = HS]) C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/05/2006 08:10 | Attr = H ]) CPL files - C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL - (Realtek Semiconductor Corp. [Ver = 2.2.22 | Size = 14250496 bytes | Date = 03/19/2004 03:44 | Attr = ]) C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\BDEADMIN.CPL - ( [Ver = | Size = 183808 bytes | Date = 11/12/1999 05:11 | Attr = ]) C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\ClientCpl.cpl - ( [Ver = | Size = 141824 bytes | Date = 10/09/2003 20:38 | Attr = ]) C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49265 bytes | Date = 11/10/2005 14:03 | Attr = ]) C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\QuickTime.cpl - (Apple Computer, Inc. [Ver = 6.5 | Size = 323072 bytes | Date = 12/14/2003 10:20 | Attr = ]) C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl - (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ]) Auto-Start Folders HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 02/02/2005 15:33 | Attr = HS]) HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Frank Wilson\Start Menu\Programs\Startup C:\Documents and Settings\Frank Wilson\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 02/02/2005 15:33 | Attr = HS]) HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup Miscellaneous Auto-Start Files System.ini->[Boot]\\Shell - Explorer.exe Config.nt: Line 1 - REM Windows MS-DOS Startup File Config.nt: Line 2 - REM Config.nt: Line 3 - REM CONFIG.SYS vs CONFIG.NT Config.nt: Line 4 - REM CONFIG.SYS is not used to initialize the MS-DOS environment. Config.nt: Line 5 - REM CONFIG.NT is used to initialize the MS-DOS environment unless a Config.nt: Line 6 - REM different startup file is specified in an application's PIF. Config.nt: Line 7 - REM Config.nt: Line 8 - REM ECHOCONFIG Config.nt: Line 9 - REM By default, no information is displayed when the MS-DOS environment Config.nt: Line 10 - REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add Config.nt: Line 11 - REM the command echoconfig to CONFIG.NT or other startup file. Config.nt: Line 12 - REM Config.nt: Line 13 - REM NTCMDPROMPT Config.nt: Line 14 - REM When you return to the command prompt from a TSR or while running an Config.nt: Line 15 - REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the Config.nt: Line 16 - REM TSR to remain active. To run CMD.EXE, the Windows command prompt, Config.nt: Line 17 - REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or Config.nt: Line 18 - REM other startup file. Config.nt: Line 19 - REM Config.nt: Line 20 - REM DOSONLY Config.nt: Line 21 - REM By default, you can start any type of application when running Config.nt: Line 22 - REM COMMAND.COM. If you start an application other than an MS-DOS-based Config.nt: Line 23 - REM application, any running TSR may be disrupted. To ensure that only Config.nt: Line 24 - REM MS-DOS-based applications can be started, add the command dosonly to Config.nt: Line 25 - REM CONFIG.NT or other startup file. Config.nt: Line 26 - REM Config.nt: Line 27 - REM EMM Config.nt: Line 28 - REM You can use EMM command line to configure EMM(Expanded Memory Manager). Config.nt: Line 29 - REM The syntax is: Config.nt: Line 30 - REM Config.nt: Line 31 - REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM] Config.nt: Line 32 - REM Config.nt: Line 33 - REM AltRegSets Config.nt: Line 34 - REM specifies the total Alternative Mapping Register Sets you Config.nt: Line 35 - REM want the system to support. 1 <= AltRegSets <= 255. The Config.nt: Line 36 - REM default value is 8. Config.nt: Line 37 - REM BaseSegment Config.nt: Line 38 - REM specifies the starting segment address in the Dos conventional Config.nt: Line 39 - REM memory you want the system to allocate for EMM page frames. Config.nt: Line 40 - REM The value must be given in Hexdecimal. Config.nt: Line 41 - REM 0x1000 <= BaseSegment <= 0x4000. The value is rounded down to Config.nt: Line 42 - REM 16KB boundary. The default value is 0x4000 Config.nt: Line 43 - REM RAM Config.nt: Line 44 - REM specifies that the system should only allocate 64Kb address Config.nt: Line 45 - REM space from the Upper Memory Block(UMB) area for EMM page frames Config.nt: Line 46 - REM and leave the rests(if available) to be used by DOS to support Config.nt: Line 47 - REM loadhigh and devicehigh commands. The system, by default, would Config.nt: Line 48 - REM allocate all possible and available UMB for page frames. Config.nt: Line 49 - REM Config.nt: Line 50 - REM The EMM size is determined by pif file(either the one associated Config.nt: Line 51 - REM with your application or _default.pif). If the size from PIF file Config.nt: Line 52 - REM is zero, EMM will be disabled and the EMM line will be ignored. Config.nt: Line 53 - REM Config.nt: Line 54 - dos=high, umb Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys Config.nt: Line 56 - files=40 AutoExec.nt: Line 1 - @echo off AutoExec.nt: Line 3 - REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment. AutoExec.nt: Line 4 - REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a AutoExec.nt: Line 5 - REM different startup file is specified in an application's PIF. AutoExec.nt: Line 7 - REM Install CD ROM extensions AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe AutoExec.nt: Line 10 - REM Install network redirector (load before dosx.exe) AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir AutoExec.nt: Line 13 - REM Install DPMI support AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx AutoExec.nt: Line 16 - REM The following line enables Sound Blaster 2.0 support on NTVDM. AutoExec.nt: Line 17 - REM The command for setting the BLASTER environment is as follows: AutoExec.nt: Line 18 - REM SET BLASTER=A220 I5 D1 P330 AutoExec.nt: Line 19 - REM where: AutoExec.nt: Line 20 - REM A specifies the sound blaster's base I/O port AutoExec.nt: Line 21 - REM I specifies the interrupt request line AutoExec.nt: Line 22 - REM D specifies the 8-bit DMA channel AutoExec.nt: Line 23 - REM P specifies the MPU-401 base I/O port AutoExec.nt: Line 24 - REM T specifies the type of sound blaster card AutoExec.nt: Line 25 - REM 1 - Sound Blaster 1.5 AutoExec.nt: Line 26 - REM 2 - Sound Blaster Pro I AutoExec.nt: Line 27 - REM 3 - Sound Blaster 2.0 AutoExec.nt: Line 28 - REM 4 - Sound Blaster Pro II AutoExec.nt: Line 29 - REM 6 - SOund Blaster 16/AWE 32/32/64 AutoExec.nt: Line 30 - REM AutoExec.nt: Line 31 - REM The default value is A220 I5 D1 T3 and P330. If any of the switches is AutoExec.nt: Line 32 - REM left unspecified, the default value will be used. (NOTE, since all the AutoExec.nt: Line 33 - REM ports are virtualized, the information provided here does not have to AutoExec.nt: Line 34 - REM match the real hardware setting.) NTVDM supports Sound Blaster 2.0 only. AutoExec.nt: Line 35 - REM The T switch must be set to 3, if specified. AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3 AutoExec.nt: Line 38 - REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid AutoExec.nt: Line 39 - REM SB base I/O port address. For example: AutoExec.nt: Line 40 - REM SET BLASTER=A0 AutoExec.bat: Line 1 - PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 Miscellaneous Folders AllUsers ApplicationData Folder C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 02/02/2005 15:18 | Attr = HS]) CurrentUser ApplicationData Folder C:\Documents and Settings\Frank Wilson\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 02/02/2005 15:18 | Attr = HS]) Program Files Folder Common Files Folder DPF files {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc.cab {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - - CodeBase = http://software-dl.real.com/256c8b649e32dc99ad16/netzip/RdxIE601.cab {6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107391929781 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136729356812 {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols3/fscax.cab {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Hosts file = 1264 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts # Copyright (c) 1993-1999 Microsoft Corp. - # - # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. - # - # This file contains the mappings of IP addresses to host names. Each - # entry should be kept on an individual line. The IP address should - # be placed in the first column followed by the corresponding host name. - # The IP address and the host name should be separated by at least one - # space. - # - # Additionally, comments (such as these) may be inserted on individual - # lines or following the machine name denoted by a '#' symbol. - # - # For example: - # - # 102.54.94.97 rhino.acme.com # source server - # 38.25.63.10 x.acme.com # x client host - - 127.0.0.1 localhost - 10.0.0.1 netgear #router firewall - 10.0.0.11 notebook #notebook win98 - 10.0.0.12 musicstation #pentium p500 win98 - 10.0.0.14 miffy #nec pentium xp home - 10.0.0.15 debian #debian compaq server - 10.0.0.15 mompctest #musiconmypc test server - 10.0.0.16 toshiba #toshiba laptop - 10.0.0.17 franksdesk #athlon64 - 10.0.0.18 piebox #pentium p3 redhat machine - 10.0.0.18 mompc #musiconmypc test site - 10.0.0.18 vanilla #vanilla oscommerce test site - 10.0.0.18 dudetest #dudespot test site - 10.0.0.18 monkeytest #monkeybooks test site - 10.0.0.18 sscctest #sscctest - 127.0.0.1 localhost - < Add On's > >>>>Output for AddOn file HKCU_IEDesktop.def<<<< KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS HKCU\Software\Microsoft\Internet Explorer\Desktop - Desktop\Components - Desktop\Components\\DeskHtmlVersion - 272 Desktop\Components\\DeskHtmlMinorVersion - 5 Desktop\Components\\Settings - 1 Desktop\Components\\GeneralFlags - 5 Desktop\Components\0 - Desktop\Components\0\\Source - About:Home Desktop\Components\0\\SubscribedURL - About:Home Desktop\Components\0\\FriendlyName - My Current Home Page Desktop\Components\0\\Flags - 2 Desktop\Components\0\\Position - 2C 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 E2 03 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 Desktop\Components\0\\CurrentState - 04 00 00 40 Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00 Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 D2 03 00 00 23 00 00 00 1C 01 00 00 27 01 00 00 01 00 00 00 Desktop\General - Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Desktop\General\\WallpaperFileTime - 32 B1 3D 8A C3 D7 C6 01 Desktop\General\\WallpaperLocalFileTime - 32 19 02 EC CB D7 C6 01 Desktop\General\\TileWallpaper - 0 Desktop\General\\WallpaperStyle - 2 Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Desktop\General\\ComponentsPositioned - 1 Desktop\Old WorkAreas - Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1 Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 05 00 00 E2 03 00 00 Desktop\SafeMode - Desktop\SafeMode\General - Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt Desktop\SafeMode\General\\VisitGallery - 0 Desktop\Scheme - Desktop\Scheme\\Edit - Desktop\Scheme\\Display - >>>>Output for AddOn file Policies.def<<<< KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - policies\explorer - policies\explorer\run - policies\Ext - policies\Ext\CLSID - policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1 policies\NonEnum - policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1 policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857 policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32 policies\Ratings - policies\system - policies\system\\dontdisplaylastusername - 0 policies\system\\legalnoticecaption - policies\system\\legalnoticetext - policies\system\\shutdownwithoutlogon - 1 policies\system\\undockwithoutlogon - 1 KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - policies\Associations - policies\Explorer - policies\Explorer\\NoDriveTypeAutoRun - 145 policies\Explorer\Run - policies\System - policies\System\\DisableRegistryTools - 0 >>>>Output for AddOn file SID_Run_Policies.def<<<< KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - Run\\CTFMON.EXE - C:\WINDOWS\system32\CTFMON.EXE Run\\AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - Run\\CTFMON.EXE - C:\WINDOWS\system32\CTFMON.EXE Run\\AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Policies\Explorer - Policies\Explorer\\NoDriveTypeAutoRun - 145 KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Policies\Explorer - Policies\Explorer\\NoDriveTypeAutoRun - 145 < End of report >