************************************************************************************ ISeeYouXP v2.0 Beta 13 ISeeYouXP v1.3.0-v2.0 Beta 13 Copyright - ShadowPuterDude ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan ------------------------------------------------------------------------------------ **** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! **** **** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. **** ************************************************************************************ Windows/Browser/Java Versions: Microsoft Windows XP Professional Version: 5.1.2600 Service Pack: 2.0 Windows Directory: C:\WINDOWS Internet Explorer Version: 6.0.2900.2180 Build: 62900.2180 Language: English (United States) Path: C:\Program Files\Internet Explorer Sun Microsystems Java Runtime Version: 1.6.0_03 Boot State: Normal boot Scan done at 20:45:16.82, Thu 04/10/2008 ------------------------------------------------------------------------------------ ISeeYouXP installation folder and files "C:\ISeeYouXP\" bootst~1.vbs May 28 2007 359 "bootstate.vbs" change.log Oct 17 2007 4902 "change.log" chodefix.bat Apr 18 2007 5387 "chodefix.bat" fixchode.reg Apr 18 2007 528 "fixChode.reg" fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat" getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat" grep.exe Dec 24 2004 160768 "grep.exe" hideit.bat Oct 17 2007 1072 "HideIT.bat" ieinfo.vbs May 28 2007 514 "ieinfo.vbs" iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat" iesecu~1.vbs Nov 7 2007 2399 "IESecurityZones.vbs" iseeyo~1.bat Oct 17 2007 209237 "ISeeYouXP.bat" libico~1.dll Mar 16 2004 898048 "libiconv2.dll" libintl3.dll Oct 9 2004 101888 "libintl3.dll" locate.com Jan 14 2005 11254 "locate.com" md5sum.exe Aug 5 2007 49152 "md5sum.exe" msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat" osinfo.vbs May 28 2007 598 "osinfo.vbs" pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT" pcre.dll Nov 14 2004 183313 "pcre.dll" pv.exe Mar 2 2006 73728 "pv.exe" regedi~1.bat Mar 30 2007 650 "RegEditFix.bat" regfix.bat Apr 18 2007 145 "Regfix.bat" servic~1.vbs May 28 2007 672 "servicesinfo.vbs" showit.bat Oct 17 2007 1013 "ShowIT.bat" swreg.exe Apr 5 2007 139776 "swreg.exe" system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat" taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat" 28 items found: 28 files, 0 directories. Total of file sizes: 1,853,842 bytes 1.77 M 3 Dir(s) 7,146,426,368 bytes free ------------------------------------------------------------------------------------ System Environment Variables ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Mr. Admin\Application Data ASLOGDIR=C:\Program Files\Intuit\QuickBooks 2006\ CLASSPATH=.;.;C:\PROGRA~1\JMF21~1.1E\lib\sound.jar;C:\PROGRA~1\JMF21~1.1E\lib\jmf.jar;c:\PROGRA~1\THEROS~1\THEROS~1\Lib; CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=CAIN ComSpec=C:\WINDOWS\system32\cmd.exe errcode=0 FP_NO_HOST_CHECK=NO GMAXLOC=C:\gmax\ HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Mr. Admin LOGONSERVER=\\CAIN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d06 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\MR8AF5~1.ADM\LOCALS~1\Temp TMP=C:\DOCUME~1\MR8AF5~1.ADM\LOCALS~1\Temp USERDOMAIN=CAIN USERNAME=Mr. Admin USERPROFILE=C:\Documents and Settings\Mr. Admin windir=C:\WINDOWS ------------------------------------------------------------------------------------ Showing any Pocket Killbox backup files No matches found. ------------------------------------------------------------------------------------ Displaying BOOT.INI: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /noguiboot C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons ------------------------------------------------------------------------------------ Displaying SYSTEM.INI: ; for 16-bit app support [drivers] wave=mmdrv.dll timer=timer.drv [mci] [driver32] [386enh] woafont=dosapp.FON EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON ------------------------------------------------------------------------------------ Displaying WIN.INI: ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMCDLLNAME=mapi.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] aif=MPEGVideo aifc=MPEGVideo aiff=MPEGVideo asf=MPEGVideo2 asx=MPEGVideo2 au=MPEGVideo m1v=MPEGVideo m3u=MPEGVideo2 mp2=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo2 mpa=MPEGVideo mpe=MPEGVideo mpeg=MPEGVideo mpg=MPEGVideo mpv2=MPEGVideo snd=MPEGVideo wax=MPEGVideo2 wm=MPEGVideo2 wma=MPEGVideo2 wmv=MPEGVideo2 wmx=MPEGVideo2 wvx=MPEGVideo2 wpl=MPEGVideo m2v=MPEGVideo mod=MPEGVideo [MCIAVI] DefaultVideo=Window [Readiris] Scanner32=Twaino38,22 [IRIS_IPE] menu=1 [Drivers.drv] {09034A7D-F289-4BDF-9660-D16FB5811B32}=28282828083E0B684041472EFCDA01509835F2504CB0F250983E3650 [Indigo Rose] C:\WINDOWS\iun3405.exe=1 [lktrpliorkjhkW2] pnnhgh87hjhkj15=1199318053 ------------------------------------------------------------------------------------ Displaying AUTOEXEC.BAT: ------------------------------------------------------------------------------------ Displaying CONFIG.SYS: ------------------------------------------------------------------------------------ Displaying Running Processes: PROCESS PID PRIO PATH smss.exe 892 Normal C:\WINDOWS\System32\smss.exe csrss.exe 940 Normal C:\WINDOWS\system32\csrss.exe winlogon.exe 964 High C:\WINDOWS\system32\winlogon.exe services.exe 1008 Normal C:\WINDOWS\system32\services.exe lsass.exe 1020 Normal C:\WINDOWS\system32\lsass.exe svchost.exe 1180 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 1264 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 1304 Normal C:\WINDOWS\System32\svchost.exe svchost.exe 1348 Normal C:\WINDOWS\System32\svchost.exe spoolsv.exe 1592 Normal C:\WINDOWS\system32\spoolsv.exe Apoint.exe 1220 Normal C:\Program Files\Apoint\Apoint.exe Logi_MwX.Exe 1252 Normal C:\WINDOWS\Logi_MwX.Exe hpztsb12.exe 1336 Normal C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe SM1BG.EXE 1332 Normal C:\WINDOWS\SM1BG.EXE HPWuSchd2.exe 1388 Normal C:\Program Files\HP\HP Software Update\HPWuSchd2.exe TrueImageMonitor.exe 1404 Normal C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe schedhlp.exe 1416 Normal C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe wcdvtray.exe 1424 Normal C:\WINDOWS\system\wcdvtray.exe jusched.exe 1440 Normal C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe iTunesHelper.exe 1464 Normal C:\Program Files\iTunes\iTunesHelper.exe ctfmon.exe 1520 Normal C:\WINDOWS\system32\ctfmon.exe sqlmangr.exe 1620 Normal C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe Apntex.exe 436 Normal C:\Program Files\Apoint\Apntex.exe hpqnrs08.exe 1452 Normal C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe schedul2.exe 620 Normal C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PhotoshopElementsFileAgent.exe 1796 Normal C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe alg.exe 1824 Normal C:\WINDOWS\System32\alg.exe AppleMobileDeviceService.exe 1900 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe mDNSResponder.exe 612 Normal C:\Program Files\Bonjour\mDNSResponder.exe MDM.EXE 668 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE sqlservr.exe 704 Normal C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe sqlservr.exe 792 Normal C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe locator.exe 312 Normal C:\WINDOWS\System32\locator.exe svchost.exe 1764 Normal C:\WINDOWS\System32\svchost.exe Tablet.exe 248 Normal C:\WINDOWS\system32\Tablet.exe TabUserW.exe 1644 Normal C:\WINDOWS\system32\WTablet\TabUserW.exe Tablet.exe 444 High C:\WINDOWS\system32\Tablet.exe wmiprvse.exe 2160 Normal C:\WINDOWS\System32\wbem\wmiprvse.exe iPodService.exe 2400 Normal C:\Program Files\iPod\bin\iPodService.exe hpqSTE08.exe 2648 Normal C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe wscntfy.exe 3148 Normal C:\WINDOWS\system32\wscntfy.exe HPZinw12.exe 3484 Normal C:\WINDOWS\system32\HPZinw12.exe explorer.exe 3656 Normal C:\WINDOWS\explorer.exe cmd.exe 3912 Normal C:\WINDOWS\system32\cmd.exe ntvdm.exe 2036 Normal C:\WINDOWS\system32\ntvdm.exe wmiprvse.exe 4092 Normal C:\WINDOWS\System32\wbem\wmiprvse.exe pv.exe 616 Normal C:\ISEEYO~1\pv.exe ------------------------------------------------------------------------------------ Displaying Windows Services: Name: AcrSch2Svc Display Name: Acronis Scheduler2 Service Description: Path Name: "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" Start Mode: Auto State: Running Name: Adobe LM Service Display Name: Adobe LM Service Description: AdobeLM Service Path Name: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" Start Mode: Manual State: Stopped Name: AdobeActiveFileMonitor Display Name: Adobe Active File Monitor Description: Tracks files that are managed by Adobe Photoshop Album Path Name: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe Start Mode: Auto State: Running Name: Alerter Display Name: Alerter Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. .................................... blackviper.com adds this: This service usually is not required under normal circumstances. Note: This is NOT 'WinPopUp.' Path Name: C:\WINDOWS\System32\svchost.exe -k LocalService Start Mode: Disabled State: Stopped Name: ALG Display Name: Application Layer Gateway Service Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Path Name: C:\WINDOWS\System32\alg.exe Start Mode: Auto State: Running Name: Apple Mobile Device Display Name: Apple Mobile Device Description: Provides the interface to Apple mobile devices. Path Name: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" Start Mode: Auto State: Running Name: AppMgmt Display Name: Application Management Description: Provides software installation services such as Assign, Publish, and Remove. .................................... blackviper.com adds this: If you cannot modify your software installation of certain applications, put this service in to Automatic or Manual. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: aspnet_state Display Name: ASP.NET State Service Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Start Mode: Manual State: Stopped Name: Ati HotKey Poller Display Name: Ati HotKey Poller Description: Path Name: C:\WINDOWS\system32\Ati2evxx.exe Start Mode: Disabled State: Stopped Name: ATI Smart Display Name: ATI Smart Description: Path Name: C:\WINDOWS\SYSTEM32\ati2sgag.exe Start Mode: Auto State: Stopped Name: AudioSrv Display Name: Windows Audio Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. .................................... blackviper.com adds this: This service is required if you wish to hear any audio at all. If your computer does not have a sound card, disable this service. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Autodesk Licensing Service Display Name: Autodesk Licensing Service Description: Anchor service for Autodesk products licensed with SafeCast Path Name: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" Start Mode: Manual State: Stopped Name: BAsfIpM Display Name: Broadcom ASF IP monitoring service v6.0.3 Description: IP monitoring service for Broadcom ASF applications. Path Name: C:\WINDOWS\System32\basfipm.exe Start Mode: Disabled State: Stopped Name: BITS Display Name: Background Intelligent Transfer Service Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Bonjour Service Display Name: Bonjour Service Description: Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration. Path Name: "C:\Program Files\Bonjour\mDNSResponder.exe" Start Mode: Auto State: Running Name: Browser Display Name: Computer Browser Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. .................................. blackviper.com adds this: This service is not required on a standalone system. In fact, even if you want to browse the network (workgroup or domain) or have mapped network shares as local hard drives, you can still do so. On a large network, one computer is designated the 'master' browser and another one is the 'backup' browser. All others just announce they are available every 12 minutes to take over duties if one of the other computers fail. No lag time is discernable if this service remains disabled on all but one computer. Honestly, I do not even believe one needs to be running. You could, just in case, but it sure does not need to be running on all computers, all of the time. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: CiSvc Display Name: Indexing Service Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Path Name: C:\WINDOWS\system32\cisvc.exe Start Mode: Manual State: Stopped Name: ClipSrv Display Name: ClipBook Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. .................................. blackviper.com adds this: Used to store information (cut/paste) and share it with other computers. I have never found enough need for this to allow this service to always be running. This service alone uses about 1.3 MB of memory. Path Name: C:\WINDOWS\system32\clipsrv.exe Start Mode: Disabled State: Stopped Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Start Mode: Manual State: Stopped Name: COMSysApp Display Name: COM+ System Application Description: Manages the configuration and tracking of Component Object Model (COM)+ based components. If the service is stopped, most COM+ based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. ................................................... blackviper.com adds this: You will receive, in the Event Log, an entry from 'DCOM' complaining about not having this service running if disabled. I am unaware of any application that uses COM+, but if set to manual, many services report to it, so it will start anyway. For the fun of it, go to Program Files, ComPlus Applications, on your system, see if you have any installed COM+ Applications. If not, you can probably disable this service with no side effects (besides the Event Log complaining upon reboots). This service is required for System Event Notification. Path Name: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Start Mode: Manual State: Stopped Name: CryptSvc Display Name: Cryptographic Services Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. .................................................... blackviper.com adds this: Mainly, it confirms signatures of Windows files. You may always get a dialog box complaining about uncertified drivers if this is disabled. This service is required for Windows Update to function in manual and automatic mode and this service is required to install Service Pack 1 unified updates and DirectX 9.0. Windows Media Player and future .NET applications may also require this service for some features to function. This service uses about 1.9 MB of memory. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: DcomLaunch Display Name: DCOM Server Process Launcher Description: Provides launch functionality for DCOM services. Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch Start Mode: Auto State: Running Name: Dhcp Display Name: DHCP Client Description: Manages network configuration by registering and updating IP addresses and DNS names. ..................................................... blackviper.com adds this: This service automatically receives a Dynamic IP address from your DHCP server and DNS updates. Required for ICS - internet client and if you run IPSEC, disable on a standalone system or one that has a static IP address. Take note: Most DSL or cable ISP's use DHCP to provide internet access. If you disable this service and your Internet connection no longer works, place this back into automatic. Most DSL and cable hardware routers have the option of enabling a DHCP server for the internal network. Ensure that the router is configured the same as your local PC's. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: dmadmin Display Name: Logical Disk Manager Administrative Service Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. ...................................................... blackviper.com adds this: This service is vital to run the Disk Management MMC console for dynamic volumes. Path Name: C:\WINDOWS\System32\dmadmin.exe /com Start Mode: Manual State: Stopped Name: dmserver Display Name: Logical Disk Manager Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. ....................................................... blackviper.com adds this: This service is vital to run the Disk Management MMC console for dynamic volumes. If you attempt to 'Manage' your hard drives and a dialog box pops up complaining about not being able to do this, start this service. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: Dnscache Display Name: DNS Client Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. ....................................................... blackviper.com adds this: Resolves and caches DNS names and Active Directory domain controller functions. This service is not required for DNS lookups, but if it makes you happy to have it running, you may. However, DNS Client is required if using IPSEC. If you attempt to 'repair' your network connection and a dialog box complains that the 'DNS resolver failed to flush the cache,' this service is the reason. Path Name: C:\WINDOWS\System32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: ERSvc Display Name: Error Reporting Service Description: Allows error reporting for services and applictions running in non-standard environments. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Eventlog Display Name: Event Log Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. .................................................... blackviper.com adds this: Always helpful to check out the Event Log to see what problems with applications are popping up that is hidden from the normal user. To see quickly what, if anything has resulted in your adjustments, you may consider clearing the Event Log. Windows Management Instrumentation also requires Event Log Service to be running. If you disable the Event Log Service, but do not disable Windows Management Instrumentation, your computer may have an extended boot time while Windows Management Instrumentation is waiting for the Event Log to start. It is just best to keep Event Log active for troubleshooting purposes and normal operations. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: EventSystem Display Name: COM+ Event System Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. ............................................... blackviper.com adds this: You will receive, in the Event Log, an entry from DCOM complaining about not having this service running if disabled. I am unaware of any application that uses COM+, but if set to manual, many services report to it, so it will start anyway. This service is required for System Event Notification. For the fun of it, go to: Program Files, ComPlus Applications, on your system, see if you have any installed COM+ Applications. If not, you can probably disable this service with no side effects (besides the Event Log complaining upon reboots). Take note: BootVis requires Task Scheduler and COM+ Event System to be running if you wish to take advantage of the optimize system function. I recommend disabled for Super Tweaking, automatic for safe, and manual for most other configurations. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: FastUserSwitchingCompatibility Display Name: Fast User Switching Compatibility Description: Provides management for applications that require assistance in a multiple user environment. ................................................. blackviper.com adds this: Unless you have many users on a system, you probably do not even need this service to be running. You could benefit greatly, however, if you use this service in conjunction with many users on your local computer to allow switching users without closing all existing applications running under a different account. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: helpsvc Display Name: Help and Support Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ................................................. blackviper.com adds this: This service is required for Microsoft's online (or offline) help documents. If you ever attempt to use Help and Support, the service places itself back into Automatic and starts even if you already had this service on disabled. I try to avoid as much Microsoft help as I can. :) Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HidServ Display Name: HID Input Service Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. ..................................................... blackviper.com adds this: You may not have any peripherals that require this service. If one of yours magically does not function anymore, set it to automatic. Namely, scanners with function buttons (fax, copy) or even an Internet keyboard with volume or play controls. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HP Port Resolver Display Name: HP Port Resolver Description: Path Name: C:\WINDOWS\system32\hpbpro.exe Start Mode: Manual State: Stopped Name: HP Status Server Display Name: HP Status Server Description: Path Name: C:\WINDOWS\system32\hpboid.exe Start Mode: Manual State: Stopped Name: HTTPFilter Display Name: HTTP SSL Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter Start Mode: Manual State: Stopped Name: Iap Display Name: Iap Description: Path Name: c:\Program Files\Dell\OpenManage\Client\Iap.exe Start Mode: Disabled State: Stopped Name: IDriverT Display Name: InstallDriver Table Manager Description: Provides support for the Running Object Table for InstallShield Drivers Path Name: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" Start Mode: Manual State: Stopped Name: ImapiService Display Name: IMAPI CD-Burning COM Service Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. .................................................. blackviper.com adds this: This service operates that cool 'drag and drop' CD burn capability. You will need this service to burn CD's. What is the good news? If you set this service to manual, the service starts and stops itself when used with some software packages. This is practically the only service that does do this! If you still cannot burn a CD with it on manual, switch to automatic and feel safe that it starts only when needed. This service may take up about 1.6 MB of memory in an idle state. Path Name: C:\WINDOWS\System32\imapi.exe Start Mode: Manual State: Stopped Name: iPod Service Display Name: iPod Service Description: iPod hardware management services Path Name: "C:\Program Files\iPod\bin\iPodService.exe" Start Mode: Manual State: Running Name: lanmanserver Display Name: Server Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ................................................. blackviper.com adds this: Used for file and print sharing from your computer or Message Queuing. For security purposes, you may disable this service if you do not require local printers and files shared across your network. Connectivity, however, still exists even on incoming shared network drives. Workstation needs to be running to connect to another computer that has the files you are looking for. Note: If you disable File and Print sharing, the Server Service may disappear from the Services listing. Just enable File and Print sharing again and the Server Service will return. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: lanmanworkstation Display Name: Workstation Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ................................................. blackviper.com adds this: Used to connect local computer to remote computers. Examples may include local network connectivity and File and Print sharing. Many services depend on Workstation to be functioning. Leave it on automatic for safe configurations. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: LEC TranslateDotNet Server Display Name: LEC TranslateDotNet Server Description: Path Name: "C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe" Start Mode: Manual State: Stopped Name: LmHosts Display Name: TCP/IP NetBIOS Helper Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. ........................................................ blackviper.com adds this: This feature provides legacy support for NetBIOS over TCP/IP. If your network does not use NetBIOS and / or WINS, disable this function. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Disabled State: Stopped Name: McAfeeFramework Display Name: McAfee Framework Service Description: Shared component framework for McAfee products Path Name: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart Start Mode: Disabled State: Stopped Name: McShield Display Name: Network Associates McShield Description: Path Name: "C:\Program Files\Network Associates\VirusScan\Mcshield.exe" Start Mode: Disabled State: Stopped Name: McTaskManager Display Name: Network Associates Task Manager Description: Path Name: "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe" Start Mode: Disabled State: Stopped Name: MDM Display Name: Machine Debug Manager Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly. Path Name: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" Start Mode: Auto State: Running Name: Messenger Display Name: Messenger Description: Transmits net send and Alerter service messages between clients and servers. .................................................................... BlackViper.com adds this: This service provides the ability to send messages between clients and servers. This service needs not to be running under normal home conditions. It is also advisable to make this service go away to avoid the possibility of 'net send' messages hitting your computer from the internet. This has nothing to do with MSN Messenger, nor is it WinPopUp. To test for this security vulnerability, at the command prompt, (run: cmd.exe) type: net send 127.0.0.1 hi. If you get a popup 'hi' message, you should disable the Messenger service. If you get an error stating, 'The message alias could not be found on the network,' you are safe. If, for whatever reason, you need the Messenger service running but wish not to have spam popups active, you can disable the particular ports at your firewall. The Messenger service uses UDP ports 135, 137, and 138; TCP ports 135, 139, and 445. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: mnmsrvc Display Name: NetMeeting Remote Desktop Sharing Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. .................................................................. BlackViper.com adds this: Enables a user to access your computer using NetMeeting. This may create a BIG open door for the unwanted. If you are paranoid about security, disable this function. Even if you were not worried, I would still get rid of it. Path Name: C:\WINDOWS\System32\mnmsrvc.exe Start Mode: Manual State: Stopped Name: MSCSPTISRV Display Name: MSCSPTISRV Description: Path Name: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" Start Mode: Manual State: Stopped Name: MSDTC Display Name: Distributed Transaction Coordinator Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. ....................................................................... BlackViper.com adds this: This service is required if using Message Queuing. You may also see complaints in the Event Log if this service is disabled, but I have experienced no side effects. Microsoft's .NET may require this service in the future. Path Name: C:\WINDOWS\System32\msdtc.exe Start Mode: Manual State: Stopped Name: MSIServer Display Name: Windows Installer Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\msiexec.exe /V Start Mode: Manual State: Stopped Name: MSSQL$INVENTORCONTENT Display Name: MSSQL$INVENTORCONTENT Description: Path Name: C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT Start Mode: Auto State: Running Name: MSSQL$MICROSOFTBCM Display Name: MSSQL$MICROSOFTBCM Description: Path Name: C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM Start Mode: Auto State: Running Name: MSSQL$SONY_MEDIAMGR Display Name: MSSQL$SONY_MEDIAMGR Description: Path Name: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR Start Mode: Manual State: Stopped Name: MSSQLServerADHelper Display Name: MSSQLServerADHelper Description: Path Name: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe Start Mode: Manual State: Stopped Name: NetDDE Display Name: Network DDE Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ...................................................BlackViper.com adds this: I have not found a good use for this service. Unless you use remote ClipBook, disable it. This uses about 1.5 MB idle. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: NetDDEdsdm Display Name: Network DDE DSDM Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ......................................................... BlackViper.com adds this: I have not found a good use for this service. Unless you use remote ClipBook, disable it. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: Netlogon Display Name: Net Logon Description: Supports pass-through authentication of account logon events for computers in a domain. ......................................................... BlackViper.com adds this: Used for logging onto a Domain Controller. This service is not required on a standalone system, or for a 'home' network. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: Netman Display Name: Network Connections Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. ........................................................................... BlackViper.com adds this: Required for managing network connectivity. Set to disabled if you have no network or you do not toy with the configurations a lot. If your internet connectivity no longer operates after disabling this function, set it back to Automatic! Note: While disabling this service, you will no longer see the system tray icon (lower right) displayed, even for modem connections. Connectivity, however, still exists even on incoming shared network drives. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: Nla Display Name: Network Location Awareness (NLA) Description: Collects and stores network configuration and location information, and notifies applications when this information changes. .................................................................. BlackViper.com adds this: This service is required for use with the Internet Connection Sharing service (server only). Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: NtLmSsp Display Name: NT LM Security Support Provider Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes. ................................................................. BlackViper.com adds this: Manages local system security information on the computer. You need this service if you are running Message Queuing or Telnet server. Path Name: C:\WINDOWS\System32\lsass.exe Start Mode: Manual State: Stopped Name: NtmsSvc Display Name: Removable Storage Description: ....................................................................... BlackViper.com adds this: Used for managing removable media. Disable this service if you do not have items like tape backup devices, etc. If your CD ROM / DVD drive starts acting funny, (no auto play, etc) place this service into automatic. Normally, this service does not need to be running and you will not miss any of its functionality. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ose Display Name: Office Source Engine Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. Path Name: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" Start Mode: Manual State: Stopped Name: PACSPTISVR Display Name: PACSPTISVR Description: Path Name: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" Start Mode: Manual State: Stopped Name: PhotoshopElementsDeviceConnect Display Name: Photoshop Elements Device Connect Description: Photoshop Elements Organizer launch utility on device arrival. Path Name: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe Start Mode: Auto State: Stopped Name: PlugPlay Display Name: Plug and Play Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. ............................................................. BlackViper.com adds this: This service is the heart and soul of the Plug and Play environment. I do not recommend disabling this service, but if you want to, you are on your own. Take note: UPnP is NOT PnP. UPnP is for connectivity on networks via TCP/IP to devices, such as scanners or printers. Your sound card is PnP. Do NOT disable Plug and Play service. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: Pml Driver HPZ12 Display Name: Pml Driver HPZ12 Description: Path Name: C:\WINDOWS\system32\HPZipm12.exe Start Mode: Manual State: Stopped Name: PolicyAgent Display Name: IPSEC Services Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. ................................................................ BlackViper.com adds this: May be required on some domains or VPN connections, but the average user will not need this. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: ProtectedStorage Display Name: Protected Storage Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. .......................................................... BlackViper.com adds this: Allows for the saving of local passwords or even web sites information (AutoComplete). This service is set to Automatic by default. Due to security reasons, I recommend leaving this feature disabled to make things all that much more difficult to steal vital information if you do not save it. On the other hand, you may need this service to manage private keys for encryption purposes. If so, leave this service on automatic to ensure the higher security settings you choose work. If you disable this service, you will no longer have any of your passwords saved, no matter how many times you click the box. If you enjoy having your passwords saved in applications like Outlook or Dial up networking or you are connecting to the internet via a domain controller/server that requires authentication, set this service to Automatic. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: RadClock Display Name: RadClock Description: Manages Radeon clock rate at system boot. Path Name: C:\WINDOWS\system32\RadClock.exe Start Mode: Auto State: Stopped Name: RasAuto Display Name: Remote Access Auto Connection Manager Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. .............................................................. BlackViper.com adds this: Creates a connection to a network when a program requests a remote address. This service may be required for your internet connection. If things cease to function after disabling this service, put it to automatic. Note: you may require this service for some direct cable or DSL providers and connections, depending on how they implement their logon process. If your Dial-up, cable or DSL internet access no longer functions properly with this service disabled, place this service into automatic. If you use a hardware gateway or router, this service is not required. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: RasMan Display Name: Remote Access Connection Manager Description: Creates a network connection. ............................................................ BlackViper.com adds this: This service is required if you use Internet Connection Sharing. If things cease to function after disabling this service, put it to automatic. Note: you may require this service for some direct cable or DSL providers and connections, depending on how they implement their logon process. If your Dial-up, cable or DSL internet access no longer functions properly with this service disabled, place this service into automatic. If you use a hardware gateway or router, this service is not required. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: RDSessMgr Display Name: Remote Desktop Help Session Manager Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. ........................................................ BlackViper.com adds this: If you do not want or need to use this feature, disable it. In an idle state, this service sucks up 3.4 MB to 4 MB of RAM. Path Name: C:\WINDOWS\system32\sessmgr.exe Start Mode: Manual State: Stopped Name: RemoteAccess Display Name: Routing and Remote Access Description: Offers routing services to businesses in local area and wide area network environments. .......................................................... BlackViper.com adds this: Allows computers to dial in to the local computer through a modem (or other devices) to access the local network using a standard or VPN connection. Unless you require this functionality, disable it for security reasons. Upon enabling this service, Incoming Connections icon will be available in the Network Connections control panel. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: RemoteRegistry Display Name: Remote Registry Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ..................................................... BlackViper.com adds this: This feature is not available on Windows XP Home. This is one of those not needed services. One of the first I disable. If you are paranoid about security, disable this service. Even if you are not or do not care, disable it anyway. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Disabled State: Stopped Name: RpcLocator Display Name: Remote Procedure Call (RPC) Locator Description: Manages the RPC name service database. ................................................................. BlackViper.com adds this: I have not found a reason to keep this service running. However, if something on your network breaks after you disable this service, put it back to manual. About 1.2 MB of RAM is in use with this service. Path Name: C:\WINDOWS\System32\locator.exe Start Mode: Auto State: Running Name: RpcSs Display Name: Remote Procedure Call (RPC) Description: Provides the endpoint mapper and other miscellaneous RPC services. .......................................................... BlackViper.com adds this: This service is rather vital. Practically everything depends on this service to be running. This is also the only service that you cannot disable via the Services MMC. Previously, if you disabled this service in Windows 2000, your computer would become unbootable. What I am trying to tell you is leave this service on automatic and absolutely DO NOT disable it in msconfig. If, for whatever reason, the service became disabled and you can no longer boot your system, please read the information available on .......................................................... BlackViper.com for a way to fix it. Path Name: C:\WINDOWS\system32\svchost -k rpcss Start Mode: Auto State: Running Name: RSVP Display Name: QoS RSVP Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. .......................................................... BlackViper.com adds this: Provides traffic control on a network using IPSEC and applications that support QoS, and have an adapter that supports it. The QoS Packet Driver installs by default on any TCP/IP connections. I recommend uninstalling it if it is not needed on your network. As far as I can tell, you also need an ACS Server (Provided with Windows 2000 Server and Advanced Server) for the QoS Packet Scheduler and Applications to request the needed bandwidth. Since my network is not straining under any load, this is rather pointless. Take note: Some people (as I did before I completed extensive research on this) reported that QoS uses 20% of your bandwidth and does not allow any activity. This is false. For more information, please view the KB article q316666 from Microsoft. Regardless, if you uninstall the packet scheduler, no bandwidth is still reserved. Path Name: C:\WINDOWS\System32\rsvp.exe Start Mode: Disabled State: Stopped Name: SamSs Display Name: Security Accounts Manager Description: Stores security information for local user accounts. ................................................................ BlackViper.com adds this: Like Protected Storage, it saves profile and security information for local users. This service is required for the IIS Admin Service. If you have ever used the Group Policy Editor (gpedit.msc) to modify your settings, you need to keep this service running; otherwise, your modifications will not apply. For safe configurations, place this into automatic. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: SCardSvr Display Name: Smart Card Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. ............................................................ BlackViper.com adds this: Supports the use of a Smart Card for local or network computer authentication. If you do not have a Smart Card, or you do not know what a Smart Card is, you do not need this service running. Save the 1.1 MB to 1.4 MB of RAM this service uses. Path Name: C:\WINDOWS\System32\SCardSvr.exe Start Mode: Disabled State: Stopped Name: Schedule Display Name: Task Scheduler Description: Enables a user to configure and schedule automated tasks on this computer. ............................................................... BlackViper.com adds this: I do everything manually, to avoid having this service running all the time. Some third party software may require this service to be active for automated functions, such as virus scanners, system maintenance tools, and automatic patch/driver lookups. Take note: BootVis requires Task Scheduler and COM+ Event System to be running if you wish to take advantage of the 'optimize system' function. Why may you need this service? It is due to the pre-fetching function built into Windows XP. Another Note: Pre-fetching only occurs on boot up and application start, so if you do not care about a few extra seconds of boot time, do not even bother with it and disable Task Scheduler. On some applications, the pre-fetching feature really does help. Only you can decide whether to use its functionality and if it helps in the performance of your system. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: seclogon Display Name: Secondary Logon Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ....................................................... BlackViper.com adds this: I have never found a reason to keep this service running. I have always considered 'Alternate Credentials' someone other than me! Not my idea of fun. Really, though, it allows a 'limited user' account to start an application or process with higher privileges, such as the Administrator account or another user. You can also have a privileged user start an application or process with limited privileged account. If you right-click a file, the menu will display 'Run As' option. If you disable this service, that function will no longer be available. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: SENS Display Name: System Event Notification Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. ......................................................... BlackViper.com adds this: Used in conjunction with COM+ Event System, this service notifies particular services when system events, such as logon and power events occur. I doubt the average user really cares about this. I have also not seen any applications that use this. You will receive, in the Event Log, an entry complaining about not having this service running if disabled. I have yet to find a side effect, though. For a safe configuration, leave this service on automatic. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SharedAccess Display Name: Windows Firewall/Internet Connection Sharing (ICS) Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ............................................................ BlackViper.com adds this: Used to allow multiple computers on your network to access the internet via only one account. This service installs on the modem computer. If you are using a third party firewall or Internet Connection Sharing software package, this service is not required. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ShellHWDetection Display Name: Shell Hardware Detection Description: ........................................................... BlackViper.com adds this: Used for the auto play of devices like memory cards, CD drives, etc. Also, set to automatic if you are experiencing problems with laptop docking stations. In 'My Computer,' you may not see your hardware (example: DVD drive) displayed as a 'DVD Drive' if this service is disabled. However, all functionality still exists. In addition, when checking the properties of an auto play device, such as a DVD drive, you will not have an auto play tab displayed or available. This service also allows the option of selecting what action you wish to take with a particular type of file. If you enjoy the auto play function of CD's and DVD's after inserting them into your drive, leave this service on automatic. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Spooler Display Name: Print Spooler Description: Loads files to memory for later printing. ....................................................... BlackViper.com adds this: This service is required if you have printers, even if they are network printers. If this does not fit your needs, disable it. You will save about 3.8 MB by making this service go away. Your printers will still be 'installed' if you disable this service, but not visible in the printers folder. After restarting Print Spooler, they will reappear and be available for use. I place this service into manual mode and only start it up when printing is required. In manual mode, the service will not automatically start at boot time. Path Name: C:\WINDOWS\system32\spoolsv.exe Start Mode: Auto State: Running Name: SPTISRV Display Name: Sony SPTI Service Description: Path Name: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" Start Mode: Manual State: Stopped Name: SQLAgent$INVENTORCONTENT Display Name: SQLAgent$INVENTORCONTENT Description: Path Name: C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT Start Mode: Manual State: Stopped Name: SQLAgent$MICROSOFTBCM Display Name: SQLAgent$MICROSOFTBCM Description: Path Name: C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM Start Mode: Manual State: Stopped Name: SQLAgent$SONY_MEDIAMGR Display Name: SQLAgent$SONY_MEDIAMGR Description: Path Name: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR Start Mode: Manual State: Stopped Name: srservice Display Name: System Restore Service Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties. ............................................................ BlackViper.com adds this: This service creates system snap shots or restores a point for returning to later. Every time you install a program or new driver, and on a schedule, this service creates a 'restore point' to roll back to if a problem occurs. This is the FIRST thing that I get rid of on a clean installation. A rather GOOD (and possibly the only) reason to use this feature is to roll back your OS after installing an unknown program or testing software. For example, if you use BETA software of any kind. NOTE: If you disable this service, your previous restore points will delete. If, for whatever reason, you do not want this to happen, do not disable this service. By default, System Restore Service uses a LARGE amount of disk space to store rollback points. On large hard drives, this could be well over 10 to 20 GB. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SSDPSRV Display Name: SSDP Discovery Service Description: Enables discovery of UPnP devices on your home network. ............................................................. BlackViper.com adds this: Used in conjunction with Universal Plug and Play Device Host, it detects and configures UPnP devices on your home network. For security reasons and for the fact that I doubt that you have any of these devices, disable this service. If any EXTERNAL device does not function because of this service being disabled, place it back in to automatic. MSN Messenger uses this service in conjunction with supported UPnP devices, to provide support for networks behind a NAT firewall or router. Also, if you are experiencing difficulty connecting to multiplayer games that use DirectX(7,8,9), place this service to automatic and ensure you download all security updates. The problem that I have found with this service is that it broadcasts UDP port 1900 a lot. If you notice plenty of network activity even though nothing is happening, this serivice is sometimes the cause. Take note: Do NOT disable the Plug and Play service. Path Name: C:\WINDOWS\System32\svchost.exe -k LocalService Start Mode: Disabled State: Stopped Name: SSScsiSV Display Name: SonicStage SCSI Service Description: Path Name: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe Start Mode: Disabled State: Stopped Name: stisvc Display Name: Windows Image Acquisition (WIA) Description: Provides image acquisition services for scanners and cameras. ......................................................... BlackViper.com adds this: Used for some scanners, web cams, and cameras. If, after disabling this service, your scanner or camera fails to function properly, enable this service by placing it into automatic. Path Name: C:\WINDOWS\System32\svchost.exe -k imgsvc Start Mode: Auto State: Running Name: SwPrv Display Name: MS Software Shadow Copy Provider Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. ............................................................ BlackViper.com adds this: Used in conjunction with the Volume Shadow Copy service, Microsoft Backup uses these services. You will receive, in the Event Log, an entry complaining about not having this service running if disabled. I have yet to find a side effect, though, but to avoid the messages, you can place the service in manual. Some third party hard disk ghost or imaging software may require this service to be running. Path Name: C:\WINDOWS\System32\dllhost.exe /Processid:{F4EE4B9F-B129-4835-8716-52A527794F7B} Start Mode: Manual State: Stopped Name: SysmonLog Display Name: Performance Logs and Alerts Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. ................................................... BlackViper.com adds this: This may be a super geek tool, but I feel that the overhead associated with it is not worth the benefit. You decide. Path Name: C:\WINDOWS\system32\smlogsvc.exe Start Mode: Disabled State: Stopped Name: TabletService Display Name: TabletService Description: Path Name: C:\WINDOWS\system32\Tablet.exe Start Mode: Auto State: Running Name: TapiSrv Display Name: Telephony Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. ................................................................. BlackViper.com adds this: This service is required for dial-up modem connectivity. Note: you may require this service for some direct cable or DSL providers, depending on how they implement their logon process or some AOL functionality, depending on software used. If Dial-up, cable or DSL internet access no longer functions properly with this service disabled, place it into automatic. If you are connecting via a hardware router or gateway, this service is not needed. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: TermService Display Name: Terminal Services Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. ............................................................... BlackViper.com adds this: Allows remote login to the local computer. This service is required for Fast User Switching, Remote Desktop Server and Remote Assistance. You will not be able to view who is logged on to a particular computer by viewing the 'user' tab located in the Task Manager if this service is disabled. For security reasons, disable this unless you specifically require its functionality. For some reason, start this service to install Norton 2003. Path Name: C:\WINDOWS\System32\svchost -k DComLaunch Start Mode: Manual State: Running Name: Themes Display Name: Themes Description: Provides user experience theme management. ................................................................. BlackViper.com adds this: Used to display all those new XP themes and colors on your desktop. If memory conscious and does not care about the new XP look, disable this service to save RAM. I have observed between 4 MB to 12 MB of RAM used for the new themes. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: TlntSvr Display Name: Telnet Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ............................................................ BlackViper.com adds this: This service is not available on Windows XP Home. It allows remote login to the local computer via the telnet function. For security reasons, disable this unless you specifically require its functionality. You will save about 2 MB of RAM by plugging this security hole. Path Name: C:\WINDOWS\System32\tlntsvr.exe Start Mode: Disabled State: Stopped Name: TrkWks Display Name: Distributed Link Tracking Client Description: Maintains links between NTFS files within a computer or across computers in a network domain. .......................................................... BlackViper.com adds this: For example, you could make a file on Computer A. You then create a short cut or link to that file on Computer B. If you would move the file on Computer A to a different location, this service would tell Computer B to update its information to allow uninterrupted connectivity. Even though this is rather valuable on a large network, I have not found a use for this service on a home network. It uses about 3.5 MB to 4 MB in an idle state. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: upnphost Display Name: Universal Plug and Play Device Host Description: Provides support to host Universal Plug and Play devices. ......................................................... BlackViper.com adds this: Used in conjunction with SSDP Discovery Service, it detects and configures UPnP devices on your home network. For security reasons and for the fact that I doubt that you have any of these devices, disable this service. If any EXTERNAL device does not function because of this service being disabled, place it back in to automatic. MSN Messenger uses this service in conjunction with supported UPnP devices, to provide support for networks behind a NAT firewall or router. Also, if you are experiencing difficulty connecting to multiplayer games that use DirectX(7,8,9), place this service to automatic and ensure you download all security updates. Furthermore, if you use Internet Connection Sharing and wish to make use of the 'allow others to modify this connection' feature, enable UPnP. Take note: UPnP is NOT PnP. Your sound card is PnP. Do NOT disable Plug and Play service. Path Name: C:\WINDOWS\System32\svchost.exe -k LocalService Start Mode: Disabled State: Stopped Name: UPS Display Name: Uninterruptible Power Supply Description: Manages an uninterruptible power supply (UPS) connected to the computer. Path Name: C:\WINDOWS\System32\ups.exe Start Mode: Manual State: Stopped Name: VSS Display Name: Volume Shadow Copy Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. .......................................................... BlackViper.com adds this: Used in conjunction with the MS Software Shadow Copy Provider service. Microsoft Backup also uses these services. You will receive, in the Event Log, an entry complaining about not having this service running if disabled. I have yet to find a side effect, though. If you do not like the errors, place it in manual. By taking it out of automatic, you will save about 3.0 MB of memory. Path Name: C:\WINDOWS\System32\vssvc.exe Start Mode: Manual State: Stopped Name: w32time Display Name: Windows Time Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. .............................................................. BlackViper.com adds this: Automatically sets your clock by contacting a server (Microsoft's server by default) on the internet. Great idea if your network connects to the internet 24/7. The Event Log fills up with 'cannot find server' messages on a non-dedicated setup, though. After successful synchronizing, this service will not attempt to do it again for 7 days, meanwhile, taking up resources. You may choose to set your clock manually on a dial up connection, but with a 24/7 broadband setup, this could keep you on time for work. Note: as mentioned, 'time.windows.com' is the default server for synchronization. For those privacy conscious people that prefer to connect to a government site rather then MS, use 'time.nist.gov.' Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: WebClient Display Name: WebClient Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. .................................................................... BlackViper.com adds this: I have not found a reason to have this service running. I have a hunch that this is going to be required for Microsoft's '.Net Software as a service.' For security reasons, I recommend for this service to be disabled. If some MS products, such as MSN Explorer, Media Player, NetMeeting or Messenger fail to provide a particular function, try to enable this service to see if it is required for your configuration. Path Name: C:\WINDOWS\System32\svchost.exe -k LocalService Start Mode: Disabled State: Stopped Name: winmgmt Display Name: Windows Management Instrumentation Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. ............................................................ blackviper.com adds this: This service is required if you want to see the Dependencies tab in service configuration and you want everything to go smoothly. I do not recommend disabling this service as strange things may start to happen. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WLTRYSVC Display Name: WLTRYSVC Description: Path Name: C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe Start Mode: Disabled State: Stopped Name: WmdmPmSN Display Name: Portable Media Serial Number Service Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: Wmi Display Name: Windows Management Instrumentation Driver Extensions Description: Provides systems management information to and from drivers. .................................................................... blackviper.com adds this: This feature is not available on Windows XP Home. This service is not as vital as Windows Management Instrumentation, but I recommend leaving this service in manual. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: WmiApSrv Display Name: WMI Performance Adapter Description: Provides performance library information from WMI HiPerf providers. ............................................................... blackviper.com adds this: I have not found a use for this service. Save the 2.5 MB to 6 MB of memory, this service consumes. Path Name: C:\WINDOWS\System32\wbem\wmiapsrv.exe Start Mode: Manual State: Stopped Name: WMPNetworkSvc Display Name: Windows Media Player Network Sharing Service Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play Path Name: C:\Program Files\Windows Media Player\WMPNetwk.exe Start Mode: Manual State: Stopped Name: wscsvc Display Name: Security Center Description: Monitors system security settings and configurations. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: wuauserv Display Name: Automatic Updates Description: Enables the download and installation of critical Windows updates. .................................................................. blackviper.com adds this: After the installation of Service Pack 1, you may configure how often updates are checked. Using default values, Windows XP automatically downloads the updates and asks to install them. A few reasons why you may think this is unacceptable in your situation: 1) You could have a dial-up connection. 2) You may also: a) Wish to know what, when and how an update installs BEFORE using any bandwidth. b) Want to read about the update BEFORE downloading. c) Want to know WHY you need it and WHAT it fixes. It is very important that if you decide to disable this service, you check the Windows Update site often to ensure the latest patches install properly. Take note: Manual (and Automatic) updates via Windows Update web site requires Cryptographic Services to be running. Place both Automatic Updates and Cryptographic Services in to automatic if you do not wish to update manually. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WudfSvc Display Name: Windows Driver Foundation - User-mode Driver Framework Description: Manages user-mode driver host processes Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup Start Mode: Manual State: Stopped Name: WZCSVC Display Name: Wireless Zero Configuration Description: Provides automatic configuration for the 802.11 adapters. ................................................................... blackviper.com adds this: Provides automatic configuration for wireless network devices and connection quality feedback. If you do not have any wireless network devices in use on the local system, disable this service. You may require this service for connectivity with some hot sync software for a PDA, laptop or other portable computer. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Stopped Name: xmlprov Display Name: Network Provisioning Service Description: Manages XML configuration files on a domain basis for automatic network provisioning. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped ------------------------------------------------------------------------------------ Displaying LOG for Microsoft Windows Malicious Software Removal Tool: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.37, January 2008 Started On Wed Jan 09 20:35:35 2008 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 20:38:11 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.38, February 2008 Started On Fri Feb 22 13:58:39 2008 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 22 14:01:30 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.39, March 2008 Started On Fri Mar 14 12:56:17 2008 ->Scan ERROR: resource process://pid:3112 (code 0x00000057 (87)) ->Scan ERROR: resource process://pid:3112 (code 0x0000054F (1359)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Fri Mar 14 12:59:31 2008 ---------------------------------------------------------------------------- Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys if Hidden = 0 then Hidden Files and Folders are not shown if SuperHidden = 1 is the desired default value. if ShowSuperHidden = 0 then System Files are not shown if HideFileExt = 1 then File Extension are not shown We want their values to be (from top to bottom) 1,1,1,0 ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced Hidden REG_DWORD 1 (0x1) SuperHidden REG_DWORD 1 (0x1) ShowSuperHidden REG_DWORD 1 (0x1) HideFileExt REG_DWORD 0 (0x0) ************************************************************************************ Examining Select Windows Registry Keys ------------------------------------------------------------------------------------ -------------------------------------------------------------------------- Items Found in ZoneMap\Domains: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com ---------------------------------------------------------------------------- Current User ZoneMap ProtocolDefaults ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults REG_SZ http REG_DWORD 3 (0x3) https REG_DWORD 3 (0x3) ftp REG_DWORD 3 (0x3) file REG_DWORD 3 (0x3) @ivt REG_DWORD 1 (0x1) shell REG_DWORD 0 (0x0) ---------------------------------------------------------------------------- Default URL Prefix Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix REG_SZ http:// HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes ftp REG_SZ ftp:// gopher REG_SZ gopher:// home REG_SZ http:// mosaic REG_SZ http:// www REG_SZ http:// -------------------------------------------------------------------------- Startup Items Disabled via MSCONFIG: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state -------------------------------------------------------------------------- Select AutoRun Registry Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe SsAAD.exe REG_SZ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonceex HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run Apoint REG_SZ "C:\Program Files\Apoint\Apoint.exe" Logitech Utility REG_SZ Logi_MwX.Exe AtiPTA REG_SZ atiptaxx.exe HPDJ Taskbar Utility REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe SM1BG REG_SZ C:\WINDOWS\SM1BG.EXE HP Software Update REG_SZ "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" TrueImageMonitor.exe REG_SZ "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" Acronis Scheduler2 Service REG_SZ "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" OWCWebCamDV REG_SZ C:\WINDOWS\system\wcdvtray.exe NeroCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe ShStatEXE REG_SZ "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE McAfeeUpdaterUI REG_SZ "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" WinampAgent REG_SZ "C:\Program Files\Winamp\winampa.exe" QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce Error: Key: software\microsoft\windows\currentversion\runonceex does not exist! HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices HKEY_USERS\.default\software\microsoft\windows\currentversion\run HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run -------------------------------------------------------------------------- WinLogon Notify Registry Key: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent DLLName REG_SZ Ati2evxx.dll Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 1 (0x1) Lock REG_SZ AtiLockEvent Logoff REG_SZ AtiLogoffEvent Logon REG_SZ AtiLogonEvent Disconnect REG_SZ AtiDisConnectEvent Reconnect REG_SZ AtiReConnectEvent Safe REG_DWORD 0 (0x0) Shutdown REG_SZ AtiShutdownEvent StartScreenSaver REG_SZ AtiStartScreenSaverEvent StartShell REG_SZ AtiStartShellEvent Startup REG_SZ AtiStartupEvent StopScreenSaver REG_SZ AtiStopScreenSaverEvent Unlock REG_SZ AtiUnLockEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ crypt32.dll Logoff REG_SZ ChainWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ cryptnet.dll Logoff REG_SZ CryptnetWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll DLLName REG_SZ cscdll.dll Logon REG_SZ WinlogonLogonEvent Logoff REG_SZ WinlogonLogoffEvent ScreenSaver REG_SZ WinlogonScreenSaverEvent Startup REG_SZ WinlogonStartupEvent Shutdown REG_SZ WinlogonShutdownEvent StartShell REG_SZ WinlogonStartShellEvent Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp DLLName REG_SZ wlnotify.dll Logon REG_SZ SCardStartCertProp Logoff REG_SZ SCardStopCertProp Lock REG_SZ SCardSuspendCertProp Unlock REG_SZ SCardResumeCertProp Enabled REG_DWORD 1 (0x1) Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) StartShell REG_SZ SchedStartShell Logoff REG_SZ SchedEventLogOff HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy Logoff REG_SZ WLEventLogoff Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) DllName REG_EXPAND_SZ sclgntfy.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn DLLName REG_SZ WlNotify.dll Lock REG_SZ SensLockEvent Logon REG_SZ SensLogonEvent Logoff REG_SZ SensLogoffEvent Safe REG_DWORD 1 (0x1) MaxWait REG_DWORD 600 (0x258) StartScreenSaver REG_SZ SensStartScreenSaverEvent StopScreenSaver REG_SZ SensStopScreenSaverEvent Startup REG_SZ SensStartupEvent Shutdown REG_SZ SensShutdownEvent StartShell REG_SZ SensStartShellEvent PostShell REG_SZ SensPostShellEvent Disconnect REG_SZ SensDisconnectEvent Reconnect REG_SZ SensReconnectEvent Unlock REG_SZ SensUnlockEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) Logoff REG_SZ TSEventLogoff Logon REG_SZ TSEventLogon PostShell REG_SZ TSEventPostShell Shutdown REG_SZ TSEventShutdown StartShell REG_SZ TSEventStartShell Startup REG_SZ TSEventStartup MaxWait REG_DWORD 600 (0x258) Reconnect REG_SZ TSEventReconnect Disconnect REG_SZ TSEventDisconnect HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon Logon REG_SZ WLEventLogon Logoff REG_SZ WLEventLogoff Startup REG_SZ WLEventStartup Shutdown REG_SZ WLEventShutdown StartScreenSaver REG_SZ WLEventStartScreenSaver StopScreenSaver REG_SZ WLEventStopScreenSaver Lock REG_SZ WLEventLock Unlock REG_SZ WLEventUnlock StartShell REG_SZ WLEventStartShell PostShell REG_SZ WLEventPostShell Disconnect REG_SZ WLEventDisconnect Reconnect REG_SZ WLEventReconnect Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 0 (0x0) SafeMode REG_DWORD 1 (0x1) MaxWait REG_DWORD -1 (0xffffffff) DllName REG_EXPAND_SZ WgaLogon.dll Event REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings Data REG_BINARY 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003365d48bbf0d4e4995c8be041dac223804000000040000005300000003660000a800000010000000e7d13feef9609804cb4dfdf7dbbb0fa10000000004800000a0000000100000007ab8fc09536cb30b3f231a4a7d8b6125b00100008deff6ad67eddef0cd5e5c7b01cd34585b78f3b3aacc57975b039946e06081ec288188d012bec865726bc912fd8625f738eca2caeae330bfef0a7bfe84b59deed1f83b843f05f74db5e70e6a6c79f7aea2b7b2108bf4538a9f381a4382d8b0bfa54b178a092fe8c204a483114ee7e090e011fb1466e0049d8a8f324a905481a075d4b0e7a039d373343362bc0d08638ce56c94fc52fc2880c564bc483a51f9d7b14e6d520e2a20cf22ef31ba947b3d27b677f290fe7ba91396ef7305a361780dabcb40e8f09c27b82b4df5b6636dd378415834969450788b35796f5a9e7279976af27d8f6fd844816b9152528e9c704e335dae7a95fca52a905754ffa3846147fa811a52ba13aea8483c635924ddd013dc746b31c7d1759d8e6d076a509ba2760ef6557012e2814efba989b5ac3b7a152abe46cc72e01a323c2731bb35baeea117f9aba9df5ae82e4df94ddc2e7092c1662fccd3594f20c31a59a0e643d40173b27905b34cb434c2efc5be6b041cabc266db92fee71063ef9170f8db49a64c17c1bbe1cbbef371a49c30fb913bb4d79671cda0320423d2afc7e63cd8055e5aef13c3c58c5000ee80264b62adf6d6c1d314000000ce1fbdb3d05aa2357cc7f215db59079dfd3b0f24 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon DLLName REG_SZ wlnotify.dll Logon REG_SZ RegisterTicketExpiredNotificationEvent Logoff REG_SZ UnregisterTicketExpiredNotificationEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WRNotifier Asynchronous REG_DWORD 0 (0x0) DllName REG_SZ WRLogonNTF.dll Impersonate REG_DWORD 1 (0x1) Lock REG_SZ WRLock StartScreenSaver REG_SZ WRStartScreenSaver StartShell REG_SZ WRStartShell Startup REG_SZ WRStartup StopScreenSaver REG_SZ WRStopScreenSaver Unlock REG_SZ WRUnlock Shutdown REG_SZ WRShutdown Logoff REG_SZ WRLogoff Logon REG_SZ WRLogon -------------------------------------------------------------------------- Shared Task Scheduler Registry Items: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon -------------------------------------------------------------------------- Scheduled Tasks: -------------------------------------------------------------------------- Volume in drive C has no label. Volume Serial Number is 1415-C7F3 Directory of C:\WINDOWS\tasks 04/10/2008 05:21 PM . 04/10/2008 05:21 PM .. 04/10/2008 04:39 PM 284 AppleSoftwareUpdate.job 03/19/2004 03:40 PM 65 DESKTOP.INI 04/10/2008 05:32 PM 6 SA.DAT 04/10/2008 05:35 PM 470 SDMsgUpdate (TE).job 04/10/2008 07:29 PM 372 Symantec NetDetect.job 5 File(s) 1,197 bytes Total Files Listed: 5 File(s) 1,197 bytes 2 Dir(s) 7,146,311,680 bytes free A C:\WINDOWS\tasks\AppleSoftwareUpdate.job HR C:\WINDOWS\tasks\DESKTOP.INI A H C:\WINDOWS\tasks\SA.DAT A C:\WINDOWS\tasks\SDMsgUpdate (TE).job A C:\WINDOWS\tasks\Symantec NetDetect.job ---------------------------------------------------------------------------- ShellExecuteHooks Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ {35B2861B-2B26-4691-9FF0-09083722C736} REG_SZ RadExe Extension ---------------------------------------------------------------------------- ShellServiceObjectDelayLoad Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9} CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9} WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED} SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153} WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5} ---------------------------------------------------------------------------- ModuleUsage Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe .Owner REG_SZ {D27CDB6E-AE6D-11CF-96B8-444553540000} {D27CDB6E-AE6D-11CF-96B8-444553540000} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/opuc.dll .Owner REG_SZ {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/danim.dll auralog REG_SZ auralog .Owner REG_SZ auralog HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/ddrawex.dll auralog REG_SZ auralog .Owner REG_SZ auralog HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/quartz.dll auralog REG_SZ auralog .Owner REG_SZ auralog ---------------------------------------------------------------------------- BHO Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} NoExplorer REG_DWORD 1 (0x1) REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} NoExplorer REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Select Policy Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 36 (0x24) _NoDriveTypeAutoRun REG_DWORD 223 (0xdf) NoDriveAutoRun REG_BINARY ffffffff HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system HideLegacyLogonScripts REG_DWORD 0 (0x0) HideLogoffScripts REG_DWORD 0 (0x0) RunLogonScriptSync REG_DWORD 1 (0x1) RunStartupScriptSync REG_DWORD 1 (0x1) HideStartupScripts REG_DWORD 0 (0x0) HKEY_CURRENT_USER\software\policies\microsoft\internet explorer HKEY_CURRENT_USER\software\policies\microsoft\internet explorer\Control Panel HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff) NoDriveTypeAutoRun REG_DWORD 255 (0xff) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) HideLegacyLogonScripts REG_DWORD 0 (0x0) HideLogoffScripts REG_DWORD 0 (0x0) RunLogonScriptSync REG_DWORD 1 (0x1) RunStartupScriptSync REG_DWORD 1 (0x1) HideStartupScripts REG_DWORD 0 (0x0) DisableRegistryTools REG_DWORD 0 (0x0) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) CDRAutoRun REG_DWORD 0 (0x0) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run HKEY_USERS\.default\software\microsoft\windows\currentversion\policies HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) CDRAutoRun REG_DWORD 0 (0x0) HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system ************************************************************************************ Checking File System for suspicious Files -------------------------------------------------------------------------- Items in the Root Directory: -------------------------------------------------------------------------- Locating all files created in C:\ "C:\" 7A113D~1 Nov 18 2006 "7a113d73cc81d96eba8417" a5308e~1.dat Nov 24 2005 217 "a5308e364c5820c.dat" aeiusb.log Oct 2 2006 31455 "AEIusb.log" aeivvb.log Oct 2 2006 105 "AEIvvb.log" ATI Mar 18 2005 "ATI" autoexec.bat Mar 20 2004 0 "AUTOEXEC.BAT" AUTORUN.INF Apr 10 2008 "autorun.inf" boot.bak Aug 29 2005 222 "BOOT.BAK" boot.ini Apr 10 2008 293 "boot.ini" bootin~1.bac Nov 2 2004 211 "BOOT.INI.backup" CMDCONS Apr 10 2008 "cmdcons" cmldr Aug 4 2004 260272 "cmldr" combofix.txt Apr 10 2008 17357 "ComboFix.txt" CONFIG.MSI Sep 26 2005 "Config.Msi" config.sys Mar 20 2004 0 "CONFIG.SYS" DECKARD Apr 9 2008 "Deckard" DELL Jul 17 2004 "DELL" dell.sdr Jul 17 2004 4590 "DELL.SDR" DELORM~1 Aug 16 2005 "DeLorme Docs" DOCUME~1 Jul 17 2004 "Documents and Settings" dvdpath.txt Dec 8 2007 45 "DVDPATH.TXT" GMAX Jul 6 2006 "gmax" hiberfil.sys Apr 10 2008 536129536 "hiberfil.sys" hpfr5550.log Sep 13 2005 8261 "hpfr5550.log" I386 Jul 17 2004 "I386" install Apr 13 2007 24 "Install" io.sys Mar 20 2004 0 "IO.SYS" ISEEYO~1 Apr 10 2008 "ISeeYouXP" msdos.sys Mar 20 2004 0 "MSDOS.SYS" MSOCACHE Apr 16 2005 "MSOCache" msvci70.dll Jan 5 2002 54784 "msvci70.dll" MYMUSI~1 Jul 28 2007 "My Music" NEWFOL~1 Apr 10 2008 "New Folder" ntdetect.com Aug 4 2004 47564 "NTDETECT.COM" ntldr Aug 4 2004 250032 "NTLDR" NUTRIB~1 Aug 16 2007 "NutriBase EZ" pagefile.sys Apr 10 2008 805306368 "pagefile.sys" PROGRA~1 Jul 17 2004 "Program Files" QOOBOX Apr 10 2008 "QooBox" QUARAN~1 Oct 2 2006 "QUARANTINE" RECYCLER Apr 10 2008 "RECYCLER" SOFTWA~1 Apr 21 2006 "Software Tech" SYSTEM~1 Jul 17 2004 "System Volume Information" TEMP Sep 26 2005 "TEMP" testlog.log Dec 23 2005 15 "testlog.log" trace.ini Mar 19 2008 11 "trace.ini" WINDOWS Jul 17 2004 "WINDOWS" WUTEMP Jul 28 2004 "WUTemp" 48 items found: 23 files (12 H/S), 25 directories (6 H/S). Total of file sizes: 1,342,111,362 bytes 1.25 G -------------------------------------------------------------------------- Items in the C:\TEMP Directory: -------------------------------------------------------------------------- Locating all files created in C:\TEMP "C:\TEMP\" boisen~1.his Jan 6 2006 54746 "BoiseNetWiz.his" boisen~1.txt Jan 6 2006 5214 "BoiseNetWiz.txt" emlres~1.log Jan 16 2008 8173 "EmlResize_0.log" hpdevs~1 Jan 6 2006 167 "hpDevSing" hpjsilg2.txt Jan 6 2006 45830 "hpjsilg2.txt" hponac01.log Jan 6 2006 1308 "hponac01.log" hponic~1.log Jan 6 2006 598 "hponicifs01.log" hponis~1.log Jan 6 2006 412 "hponiscan01.log" hponis~2.log Sep 26 2005 584 "hponis000.log" hponis~3.log Jan 6 2006 584 "hponis001.log" hpopdi00.log Sep 26 2005 5941 "hpopdi00.log" hpopdi01.log Jan 6 2006 5962 "hpopdi01.log" hpopdi~1.log Sep 26 2005 774 "hpopdi000.log" hpopdi~2.log Jan 6 2006 795 "hpopdi001.log" hpzglu~1.log Sep 26 2005 1427 "hpzglue00.log" hpzglu~2.log Jan 6 2006 1455 "hpzglue01.log" hpzpin00.log Sep 26 2005 3889 "hpzpin00.log" hpzpin01.log Jan 6 2006 4257 "hpzpin01.log" SUBFOL~1 Apr 28 2007 "Subfolder" 19 items found: 18 files, 1 directory. Total of file sizes: 142,116 bytes 138.79 K -------------------------------------------------------------------------- Locating all Backup files on C: -------------------------------------------------------------------------- Locating all *.BAK* files "C:\" boot.bak Aug 29 2005 222 "BOOT.BAK" "C:\I386\" brndlog.bak Mar 20 2004 141 "BRNDLOG.BAK" mplayer2.bak Mar 19 2004 18755 "MPLAYER2.BAK" wmplayer.bak Mar 19 2004 415082 "wmplayer.bak" "C:\WINDOWS\" imsins.bak Feb 22 2008 1374 "imsins.BAK" "C:\Documents and Settings\LocalService\" ntuser.bak Jan 13 2007 524288 "NTUSER.bak" "C:\Documents and Settings\Mr. Admin\" ntuser.bak Jan 13 2007 5767168 "NTUSER.bak" "C:\Documents and Settings\NetworkService\" ntuser.bak Jan 13 2007 524288 "NTUSER.bak" "C:\gmax\autoback\" maxback.bak Sep 21 2007 1740800 "MaxBack.bak" "C:\I386\$OEM$\" cmdlines.bak Jul 17 2004 447 "CMDLINES.BAK" "C:\Program Files\DVrack\" patchfx.bak Aug 18 2004 3178496 "PatchFX.bak" "C:\Program Files\OllyDbg Disassembler\" chiefa~1.bak Nov 30 2005 21175839 "Chief Architect 10 Full Backup.bak" copyof~1.bak Sep 3 2005 5610261 "Copy of StopMotionPro4.bak" crackme.bak Aug 30 2005 8270 "CRACKME.bak" kernel32.bak Nov 26 2005 160 "kernel32.bak" keygen_1.bak Sep 11 2005 2508 "keygen_1.bak" kgnme2~1.bak Nov 26 2005 68784 "KGNME2-KiTo.bak" kgnme2~2.bak Nov 26 2005 68786 "KGNME2-KiTo_1.bak" pictur~1.bak Nov 30 2005 2515 "Picture Vampire.bak" simple~1.bak Sep 3 2005 75929 "SimpleCode.bak" simple~2.bak Sep 3 2005 75826 "SimpleCode-2.bak" stopmo~1.bak Aug 30 2005 5607150 "StopMotionPro4.bak" unpacked.bak Nov 30 2005 2189031 "unpacked.bak" user32.bak Nov 30 2005 158 "USER32.bak" "C:\WINDOWS\Help\" wmplayer.bak Mar 19 2004 415082 "wmplayer.bak" "C:\WINDOWS\INF\" mplayer2.bak Mar 19 2004 18755 "MPLAYER2.BAK" "C:\WINDOWS\REPAIR\" system.bak Jul 17 2004 3825664 "system.bak" "C:\WINDOWS\SYSTEM32\" kbddv.bak Mar 19 2004 5120 "KBDDV.bak" kbddv2.bak Mar 19 2004 5120 "kbddv2.bak" shdocvw.bak Jan 21 2004 1339904 "shdocvw.bak" "C:\Documents and Settings\All Users\DRM\" drmv1.bak Apr 5 2005 4348 "DRMv1.bak" "C:\Documents and Settings\Mr. Admin\My Documents\" dcodie~1.bak Sep 24 2005 4644928 "DCO Diet Log.bak" labels~1.bak Apr 15 2007 1225 "labels.txt.bak" swe104~1.bak Apr 15 2007 200336 "SWE 1040.A1 Vagen Till Sveriae Kap 16-25.aup.bak" swe104~2.bak Apr 15 2007 217872 "SWE 1040.A1 Vagen Till Sveriae Kap 16-25 new.aup.bak" "C:\Program Files\SmartDraw 2008\Tooltips\" tt_add~1.bak Oct 31 2007 503 "TT_AddRoadMarkings.htm.bak" tt_fli~1.bak Oct 31 2007 387 "TT_Flip_SubTopics.htm.bak" "C:\WINDOWS\SYSTEM32\CONFIG\" default.bak Apr 10 2008 475136 "DEFAULT.bak" sam.bak Apr 10 2008 28672 "SAM.bak" security.bak Apr 10 2008 53248 "SECURITY.bak" software.bak Apr 10 2008 47366144 "SOFTWARE.bak" system.bak Apr 10 2008 7602176 "SYSTEM.bak" "C:\WINDOWS\SYSTEM32\NtmsData\" ntmsdata.bak Apr 10 2008 200704 "NTMSDATA.BAK" "C:\Program Files\Handspring\OlssonD\expense\" expense.bak Sep 12 2005 187 "expense.bak" "C:\Program Files\Logitech\Desktop Messenger\8876480\" clasid.bak Feb 25 2005 258 "clasid.bak" "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\" brndlog.bak Mar 20 2004 141 "BRNDLOG.BAK" "C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\" mcscript.bak Aug 16 2007 1056606 "McScript.bak" "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\" brndlog.bak Mar 20 2004 141 "BRNDLOG.BAK" "C:\Documents and Settings\Mr. Admin\Application Data\Microsoft\Internet Explorer\" brndlog.bak Mar 20 2004 10389 "BRNDLOG.BAK" "C:\Program Files\Autodesk\Inventor 10\Bin\OldVersions\" defaul~1.bak Jun 17 2007 2470 "Default.ipj.bak" "C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\" profes~1.bak Apr 10 2008 177110 "Professional_32_1033.dat.bak" "C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\" opa11.bak Oct 17 2002 8200 "OPA11.BAK" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\" usrclass.bak Aug 25 2005 262144 "UsrClass.bak" "C:\Documents and Settings\Mr. Admin\Local Settings\Application Data\Microsoft\Windows\" usrclass.bak Nov 20 2006 262144 "UsrClass.bak" "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\" usrclass.bak Aug 25 2005 262144 "UsrClass.bak" "C:\Documents and Settings\Mr. Admin\Application Data\Mozilla\Firefox\Profiles\default.wsg\" bookma~1.bak Apr 9 2008 448855 "bookmarks.bak" bookma~2.bak Jul 31 2005 73698 "bookmarks.html.sbsd.bak" "C:\Documents and Settings\Mr. Admin\Local Settings\Application Data\HP\Digital Imaging\db\" admini~1.bak Mar 29 2008 786 "administrativeInfo.bak" albumi~1.bak Mar 29 2008 425 "albumImagesTable.bak" albumt~1.bak Mar 29 2008 2174 "albumTable.bak" exifta~1.bak Mar 29 2008 36563 "EXIFTable.bak" imaget~1.bak Mar 29 2008 74530 "imageTable.bak" keywor~1.bak Mar 29 2008 1510 "keywordTable.bak" keywor~2.bak Mar 29 2008 361 "keywordImagesTable.bak" manage~1.bak Mar 29 2008 442 "managedFolderTable.bak" pathna~1.bak Mar 29 2008 16415 "pathnameTable.bak" rofima~1.bak Mar 29 2008 361 "ROFImagesTable.bak" roftable.bak Mar 29 2008 393 "ROFTable.bak" "C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\" brndlog.bak Mar 20 2004 141 "BRNDLOG.BAK" 69 items found: 69 files (8 H/S), 0 directories. Total of file sizes: 116,160,190 bytes 110.78 M -------------------------------------------------------------------------- Locating all copies of Internet Explorer on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\Program Files\Internet Explorer\" iexplore.exe Aug 4 2004 93184 "iexplore.exe" "C:\WINDOWS\$NtServicePackUninstall$\" iexplore.exe Mar 19 2004 91136 "iexplore.exe" "C:\WINDOWS\ServicePackFiles\i386\" iexplore.exe Aug 4 2004 93184 "iexplore.exe" "C:\WINDOWS\SYSTEM32\DLLCACHE\" iexplore.exe Aug 4 2004 93184 "iexplore.exe" 4 items found: 4 files (1 H/S), 0 directories. Total of file sizes: 370,688 bytes 362.00 K -------------------------------------------------------------------------- Locating all copies of Windows Explorer on C: -------------------------------------------------------------------------- Locating all copies of Windows Explorer "C:\WINDOWS\" explorer.exe Jun 13 2007 1033216 "explorer.exe" "C:\WINDOWS\$NtUninstallKB820291$\" explorer.exe Mar 19 2004 1004032 "explorer.exe" "C:\WINDOWS\$NtUninstallKB938828$\" explorer.exe Aug 4 2004 1032192 "explorer.exe" "C:\WINDOWS\$NtServicePackUninstall$\" explorer.exe May 11 2003 996352 "explorer.exe" "C:\WINDOWS\ServicePackFiles\i386\" explorer.exe Aug 4 2004 1032192 "explorer.exe" "C:\WINDOWS\SYSTEM32\DLLCACHE\" explorer.exe Jun 13 2007 1033216 "explorer.exe" "C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\" explorer.exe Jun 13 2007 1033216 "explorer.exe" 7 items found: 7 files, 0 directories. Total of file sizes: 7,164,416 bytes 6.83 M -------------------------------------------------------------------------- Items in Document and Settings: -------------------------------------------------------------------------- Listing contents of C:\Documents and Settings "C:\Documents and Settings\" ADMINI~1 Jul 17 2004 "Administrator" ALLUSE~1 Jul 17 2004 "All Users" alluse~1.log Apr 10 2008 4096 "All Users.LOG" DEFAUL~1 Jul 17 2004 "Default User" defaul~1.log Apr 10 2008 4096 "Default User.LOG" LOCALS~1 Jul 17 2004 "LocalService" MR8AF5~1 Aug 14 2005 "MR8AF5~1~ADM" MR8AF5~1.ADM Feb 9 2005 "Mr. Admin" mr8af5~1.xml May 28 2006 262 "MR8AF5~1.xml" NETWOR~1 Jul 17 2004 "NetworkService" 10 items found: 3 files (2 H/S), 7 directories (3 H/S). Total of file sizes: 8,454 bytes 8.25 K -------------------------------------------------------------------------- Desktop Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Mr. Admin\Desktop within the last 90 days. "C:\Documents and Settings\Mr. Admin\Desktop\" 01048150.cab Apr 8 2008 10914 "01048150.cab" aaw2007.exe Mar 22 2008 21364592 "aaw2007.exe" aqueous.zip Jan 15 2008 11864 "aqueous.zip" bsc_pa~1.zip Jan 11 2008 2585930 "BSC_Parksv2_BaseSet_v102.zip" bsc_pa~2.zip Jan 13 2008 345095 "BSC_Parksv2_TextureSet_v102.zip" bykido~1.exe Mar 14 2008 113016 "BYKIDownloaderPC.exe" bykido~2.exe Mar 14 2008 113016 "BYKIDownloaderPC(2).exe" bykido~3.exe Mar 14 2008 113016 "BYKIDownloaderPC(3).exe" combo-~1.exe Apr 10 2008 1671341 "Combo-Fix.exe" deleteme.txt Mar 15 2008 132 "deleteme.txt" dss.exe Apr 9 2008 686630 "dss.exe" extrat~1.zip Jan 26 2008 19945 "ExtraTerrainTools2.zip" fecdse~1.exe Mar 16 2008 1092913 "FECDsetupTrial.exe" flash_~1.exe Apr 10 2008 103802 "Flash_Disinfector.exe" fxorde~1.exe Mar 20 2008 1686497 "fxorder2gore.exe" HEN3_2~1 Mar 2 2008 "hen3_2_017" hijack~1.lnk Apr 9 2008 1734 "HijackThis.lnk" hjtins~1.exe Apr 9 2008 812344 "HJTInstall.exe" ironma~1.mov Mar 1 2008 14939023 "ironman_sbtrailer_020408_qthighwide.mov" ironma~1.wmv Mar 1 2008 55662242 "ironman_trlr2_022808_wmvhighwide.wmv" iseeyo~1.lnk Apr 10 2008 534 "ISeeYouXP.lnk" itunes~1.exe Feb 21 2008 59163944 "iTunesSetup.exe" itunes~2.exe Feb 23 2008 59163944 "iTunesSetup(2).exe" itunes~3.exe Mar 16 2008 59163944 "iTunesSetup(3).exe" madein~1.zip Jan 19 2008 247883 "Made in Oregon.zip" msklc.exe Mar 22 2008 10597792 "MSKLC.exe" pirate~1.mid Feb 25 2008 9216 "pirate_song.mid" race_g~1.pdf Jan 16 2008 107664 "race_games.pdf" realpl~1.exe Mar 15 2008 329264 "RealPlayer11GOLD.exe" realpl~2.exe Mar 15 2008 329264 "RealPlayer11GOLD(2).exe" smartd~1.exe Apr 8 2008 426336 "smartdraw_11R_61IN1_setup.exe" smartd~1.lnk Apr 8 2008 729 "SmartDraw 2008.lnk" solemn~1.zip Jan 15 2008 14998 "solemnity.zip" spyswe~1.txt Apr 9 2008 37021 "Spy Sweeper Session Log.txt" SVIL2_~1 Mar 2 2008 "svil2_017" TESTTE~1 Jan 15 2008 "Test Template" thepir~1.mp3 Feb 25 2008 2750296 "thepiratesong.mp3" tlmpro~1.exe Apr 8 2008 15869360 "TLMProfessional20Install.exe" tnthf_~1.msi Mar 20 2008 3273216 "tnthf_setup.msi" UNUSED~1 Feb 21 2008 "Unused Desktop Shortcuts" VANCAM~1 Mar 2 2008 "VanCamperEbay_files" vancam~1.htm Mar 2 2008 121624 "VanCamperEbay.htm" virtua~1.zip Mar 1 2008 0 "virtualhottie2demo.zip" VJEN2_~1 Mar 2 2008 "vjen2_017" winamp~1.exe Feb 21 2008 8705840 "winamp552_full_emusic-7plus_en-us.exe" 45 items found: 39 files, 6 directories. Total of file sizes: 321,646,915 bytes 306.75 M Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. "C:\Documents and Settings\All Users\Desktop\" hpsolu~1.lnk Mar 29 2008 984 "HP Solution Center.lnk" itunes.lnk Apr 5 2008 1804 "iTunes.lnk" quickt~1.lnk Apr 5 2008 1604 "QuickTime Player.lnk" tellme~1.lnk Mar 18 2008 1835 "TELL ME MORE.lnk" track'~1.lnk Mar 20 2008 1755 "Track 'n Trade High Finance.lnk" 5 items found: 5 files, 0 directories. Total of file sizes: 7,982 bytes 7.79 K -------------------------------------------------------------------------- Start Menu Items: -------------------------------------------------------------------------- Locating all files created inC:\Documents and Settings\Mr. Admin\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\Mr. Admin\Start Menu\Programs\Startup within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. "C:\Documents and Settings\All Users\Start Menu\" hpsolu~1.lnk Mar 29 2008 984 "HP Solution Center.lnk" 1 item found: 1 file, 0 directories. Total of file sizes: 984 bytes 0.96 K Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\" hpdigi~1.lnk Mar 29 2008 1808 "HP Digital Imaging Monitor.lnk" systray.lnk Apr 10 2008 2391 "SysTray.lnk" 2 items found: 2 files, 0 directories. Total of file sizes: 4,199 bytes 4.10 K -------------------------------------------------------------------------- Application Data Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Mr. Admin\Application Data\ within the last 90 days. "C:\Documents and Settings\Mr. Admin\Application Data\" fronte~1.ini Mar 16 2008 1 "FrontEndCD.ini" HP Mar 29 2008 "HP" PROGENY Apr 8 2008 "Progeny" SMARTD~1 Apr 8 2008 "SmartDraw" 4 items found: 1 file, 3 directories. Total of file sizes: 1 byte 0.00 K Locating all files created in C:\Documents and Settings\Mr. Admin\Local Settings\Application Data\ within the last 90 days. "C:\Documents and Settings\Mr. Admin\Local Settings\Application Data\" dcbc2a~1.ini Mar 17 2008 187392 "DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" gdipfo~1.dat Mar 14 2008 83800 "GDIPFONTCACHEV1.DAT" MSKLC Mar 22 2008 "MSKLC" 3 items found: 2 files, 1 directory. Total of file sizes: 271,192 bytes 264.84 K Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. "C:\Documents and Settings\All Users\Application Data\" 16d83d~1.sys Apr 8 2008 88 "16D83DFFEA.sys" hpzins~1.log Mar 29 2008 8314 "hpzinstall.log" kgygaavl.sys Apr 8 2008 952 "KGyGaAvL.sys" LAVASOFT Mar 22 2008 "Lavasoft" qtsban~1 Jan 20 2008 1359 "QTSBandwidthCache" TNT-HF Mar 20 2008 "TNT-HF" TRANSP~1 Mar 14 2008 "Transparent" 7 items found: 4 files (2 H/S), 3 directories. Total of file sizes: 10,713 bytes 10.46 K -------------------------------------------------------------------------- C:\Documents and Settings\Mr. Admin\Local Settings\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Mr. Admin\Local Settings\TEMP within the last 90 days. -------------------------------------------------------------------------- Items in Templates Folder: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Mr. Admin\Templates No matches found. -------------------------------------------------------------------------- Items in Program Files: -------------------------------------------------------------------------- Locating all files created in C:\Program Files\ within the last 90 days. "C:\Program Files\" AURALOG Mar 18 2008 "Auralog" BONJOUR Feb 21 2008 "Bonjour" CANDLE~1 Mar 20 2008 "CandleWorks" GECKOS~1 Mar 20 2008 "Gecko Software" HIJACK~1 Apr 9 2008 "HijackThis" IPOD Apr 5 2008 "iPod" ITUNES Apr 5 2008 "iTunes" MICROS~1.4 Mar 22 2008 "Microsoft Keyboard Layout Creator 1.4" POWERT~1 Mar 14 2008 "Power Translator 11 Professional Multilanguage" POWERT~2 Mar 15 2008 "Power Translator 11" SMARTD~1 Apr 8 2008 "SmartDraw 2008" SMEADV~1 Mar 30 2008 "Smead Viewables" TELLME~1 Jan 23 2008 "TeLLmeMore" THRIXXX Mar 2 2008 "thriXXX" TIMELI~1 Apr 8 2008 "TimeLine Maker" TRENDM~1 Apr 9 2008 "Trend Micro" 16 items found: 0 files, 16 directories. Locating all files created in C:\Program Files\Common Files\ within the last 90 days. "C:\Program Files\Common Files\" APPLE Feb 21 2008 "Apple" PROGENY Apr 8 2008 "Progeny" XINGSH~1 Mar 15 2008 "xing shared" 3 items found: 0 files, 3 directories. Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days. No matches found. -------------------------------------------------------------------------- Items in the Windows Directory: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\ within the last 90 days. "C:\WINDOWS\" $N40DC~1 Feb 22 2008 "$NtUninstallKB943055$" $N44C0~1 Feb 22 2008 "$NtUninstallKB944533$" $N54C4~1 Feb 22 2008 "$NtUninstallKB946026$" 0.log Apr 10 2008 0 "0.log" bootstat.dat Apr 10 2008 2048 "BOOTSTAT.DAT" bykido~1.log Mar 14 2008 8959 "BYKIDownloader.log" cdplayer.ini Mar 26 2008 19637 "cdplayer.ini" comsetup.log Feb 22 2008 10278 "comsetup.log" dhcpupg.log Apr 10 2008 403 "DHCPUPG.LOG" err.txt Mar 18 2008 504 "err.txt" faxsetup.log Feb 22 2008 30912 "FaxSetup.log" hpoins11.dat Mar 29 2008 117655 "hpoins11.dat" hpoins~2.tem Mar 29 2008 117482 "hpoins11.dat.temp" iis6.log Feb 22 2008 33476 "iis6.log" imsins.bak Feb 22 2008 1374 "imsins.BAK" imsins.log Feb 22 2008 1374 "imsins.log" kb943055.log Feb 22 2008 11279 "KB943055.log" kb944533.log Feb 22 2008 19614 "KB944533.log" kb946026.log Feb 22 2008 16266 "KB946026.log" LHSP Jan 23 2008 "Lhsp" medctroc.log Feb 22 2008 2125 "MedCtrOC.log" mplayer.ini Mar 3 2008 82 "MPLAYER.INI" mscpt.dat Jan 20 2008 50 "mscpt.dat" msgsocm.log Feb 22 2008 1545 "msgsocm.log" msmqinst.log Feb 22 2008 9438 "msmqinst.log" netfxocm.log Feb 22 2008 5415 "netfxocm.log" ntdtcs~1.log Feb 22 2008 6232 "ntdtcsetup.log" ocgen.log Feb 22 2008 14580 "ocgen.log" ocmsn.log Feb 22 2008 1710 "ocmsn.log" qtfont.for Apr 5 2008 1409 "QTFont.for" qtfont.qfn Apr 10 2008 54156 "QTFont.qfn" randseed.rnd Apr 7 2008 512 "randseed.rnd" schedlgu.txt Apr 10 2008 32478 "SchedLgU.Txt" SETUP.PSS Apr 10 2008 "setup.pss" setupact.log Apr 10 2008 139 "setupact.log" setupapi.log Apr 10 2008 95191 "setupapi.log" ssce.ini Apr 8 2008 933 "SSCE.INI" system.ini Apr 10 2008 227 "system.ini" tabletoc.log Feb 22 2008 1555 "tabletoc.log" tlmpro.ini Apr 8 2008 2286 "TLMPRO.INI" tsoc.log Feb 22 2008 14105 "tsoc.log" updspapi.log Feb 22 2008 3399 "updspapi.log" upgrade.txt Apr 10 2008 264 "UPGRADE.TXT" vui~1.pre Mar 23 2008 76 "VUI.pref" wiadebug.log Apr 10 2008 159 "WIADEBUG.LOG" wiaservc.log Apr 10 2008 49 "WIASERVC.LOG" win.ini Mar 29 2008 899 "WIN.INI" window~2.log Apr 10 2008 1530268 "WindowsUpdate.log" wininit.ini Mar 29 2008 10 "WININIT.INI" winnt32.log Apr 10 2008 17779 "WINNT32.LOG" wmsetup.log Mar 18 2008 1724 "wmsetup.log" wsdu.log Apr 10 2008 268 "wsdu.log" _msrstrt.exe Apr 10 2008 2560 "_MSRSTRT.EXE" 53 items found: 48 files (2 H/S), 5 directories (3 H/S). Total of file sizes: 2,192,884 bytes 2.09 M -------------------------------------------------------------------------- C:\WINDOWS\Downloaded Program Files: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\PCHealth\HelpCtr\Binaries: -------------------------------------------------------------------------- Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries "C:\WINDOWS\PCHealth\HelpCtr\Binaries\" brpinfo.dll Mar 19 2004 21504 "BRPINFO.DLL" hcappres.dll Mar 19 2004 6656 "HCAppRes.dll" helpctr.exe Aug 4 2004 768512 "helpctr.exe" helphost.exe Mar 19 2004 99840 "HelpHost.exe" helpsvc.exe Aug 4 2004 743936 "helpsvc.exe" hscmui.cab Jul 17 2004 68327 "hscmui.cab" hscsp_w3.cab Jul 17 2004 305145 "hscsp_w3.cab" hscupd.exe Aug 4 2004 18944 "hscupd.exe" msconfig.exe Aug 4 2004 158208 "msconfig.exe" msinfo.dll Aug 4 2004 376320 "msinfo.dll" notiflag.exe Mar 19 2004 35328 "NOTIFLAG.EXE" pchdt_w3.cab Mar 19 2004 2330186 "PCHDT_W3.CAB" pchshell.dll Aug 4 2004 102400 "pchshell.dll" pchsvc.dll Aug 4 2004 38912 "pchsvc.dll" 14 items found: 14 files, 0 directories. Total of file sizes: 5,074,218 bytes 4.84 M -------------------------------------------------------------------------- C:\WINDOWS\system: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32 within the last 90 days. "C:\WINDOWS\SYSTEM32\" amcompat.tlb Mar 18 2008 16832 "amcompat.tlb" d3d9caps.dat Apr 6 2008 1324 "d3d9caps.dat" DRVSTORE Feb 21 2008 "DRVSTORE" dvkspa01.dll Mar 22 2008 6144 "DVKSPA01.dll" dvkswe01.dll Mar 22 2008 6144 "DVKSWE01.dll" fntcache.dat Mar 15 2008 286904 "FNTCACHE.DAT" gearaspi.dll Jan 29 2008 107368 "GEARAspi.dll" lsprst7.tgz Mar 27 2008 219 "lsprst7.tgz" mrt.exe Mar 5 2008 19148408 "MRT.exe" msvcp71.dll Mar 15 2008 499712 "msvcp71.dll" msvcr71.dll Mar 15 2008 348160 "msvcr71.dll" nscompat.tlb Mar 18 2008 23392 "nscompat.tlb" perfc009.dat Apr 10 2008 95100 "PERFC009.DAT" perfh009.dat Apr 10 2008 477198 "PERFH009.DAT" perfst~1.ini Apr 10 2008 582228 "PerfStringBackup.INI" pncrt.dll Mar 15 2008 278528 "pncrt.dll" pndx5016.dll Mar 15 2008 6656 "pndx5016.dll" pndx5032.dll Mar 15 2008 5632 "pndx5032.dll" quickt~1.qts Mar 28 2008 57344 "QuickTime.qts" quickt~1.qtx Mar 28 2008 90112 "QuickTimeVR.qtx" rmoc3260.dll Mar 15 2008 185944 "rmoc3260.dll" ssprs.tgz Mar 27 2008 87 "ssprs.tgz" w95inf16.dll Mar 18 2008 2272 "w95inf16.dll" w95inf32.dll Mar 18 2008 4608 "w95inf32.dll" wpa.dbl Apr 8 2008 2278 "WPA.DBL" 25 items found: 24 files, 1 directory. Total of file sizes: 22,232,594 bytes 21.20 M -------------------------------------------------------------------------- C:\WINDOWS\system32\com: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\com within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\components: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\components within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days. "C:\WINDOWS\SYSTEM32\DRIVERS\" DOWNLD Apr 8 2008 "downld" gearas~1.sys Jan 29 2008 16168 "GEARAspiWDM.sys" 2 items found: 1 file, 1 directory. Total of file sizes: 16,168 bytes 15.79 K -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers\etc: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days. "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\" hosts Apr 10 2008 27 "hosts" 1 item found: 1 file, 0 directories. Total of file sizes: 27 bytes 0.02 K -------------------------------------------------------------------------- C:\WINDOWS\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\TEMP within the last 90 days. "C:\WINDOWS\Temp\" perfli~1.dat Apr 10 2008 16384 "Perflib_Perfdata_2c0.dat" perfli~2.dat Apr 10 2008 16384 "Perflib_Perfdata_318.dat" 2 items found: 2 files, 0 directories. Total of file sizes: 32,768 bytes 32.00 K ************************************************************************************ Checking for .COM files to Delete. They will only print if deleted! Locating .COM files in the C:\WINDOWS\System32 folder "C:\WINDOWS\SYSTEM32\" chcp.com Mar 19 2004 7680 "CHCP.COM" command.com Mar 19 2004 50620 "COMMAND.COM" diskcomp.com Mar 19 2004 9216 "DISKCOMP.COM" diskcopy.com Mar 19 2004 7168 "DISKCOPY.COM" edit.com Mar 19 2004 69886 "EDIT.COM" format.com Mar 19 2004 25600 "FORMAT.COM" graftabl.com Mar 19 2004 26112 "GRAFTABL.COM" graphics.com Mar 19 2004 19694 "GRAPHICS.COM" kb16.com Mar 19 2004 14710 "KB16.COM" loadfix.com Mar 19 2004 1131 "LOADFIX.COM" locate.com Jan 14 2005 11254 "locate.com" mode.com Mar 19 2004 19456 "MODE.COM" more.com Mar 19 2004 15872 "MORE.COM" SUPERA~1.COM Apr 8 2007 "SuperAdBlocker.com" tree.com Mar 19 2004 11264 "TREE.COM" win.com Mar 19 2004 18432 "WIN.COM" 16 items found: 15 files, 1 directory. Total of file sizes: 308,095 bytes 300.87 K ************************************************************************************ Miscellaneous Malware Detections: ------------------------------------------------------------------------------------ **** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! **** **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! **** **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! **** **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! **** **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! **** **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! **** **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! **** **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! **** **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! **** **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! **** **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! **** **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! **** **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! **** **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! **** **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! **** **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! **** **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! **** **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! **** **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! **** **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! **** **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! **** **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! **** **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! **** **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! **** **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! **** **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! **** **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! **** **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! **** **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! **** **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! **** **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! **** **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! **** **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! **** **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! **** **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! **** **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! **** **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! **** **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! **** **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! **** **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! **** **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! **** **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! **** **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! **** **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! **** **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! **** **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! **** **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! **** **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! **** **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! **** **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! **** **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! **** **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! **** **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! **** **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! **** **** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! **** **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! **** **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! **** **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! **** **** W32/Almanahe.a Worm NOT FOUND by this tool! **** **** msctl32.dll SpamBot NOT FOUND by this tool! **** **** KeyLogger NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR BOT-TYPE WORMS: -------------------------------------------------------------------------- **** W32/Sdbot Worm NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: -------------------------------------------------------------------------- **** i386p.* Stealthing Agent NOT FOUND by this tool! **** **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: -------------------------------------------------------------------------- **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! **** **** CmdService adware NOT FOUND by this tool! **** **** Network_Monitor adware NOT FOUND by this tool! **** **** Trojan.Peacomm NOT FOUND by this tool! **** **** Trojan.Peacomm windev NOT FOUND by this tool! **** **** AVPE Haxdoor NOT FOUND by this tool! **** **** MEMLOW Haxdoor NOT FOUND by this tool! **** **** VDMT Haxdoor NOT FOUND by this tool! **** **** YCSVGA Haxdoor NOT FOUND by this tool! **** **** PPTP Haxdoor NOT FOUND by this tool! **** **** DVB Haxdoor NOT FOUND by this tool! **** **** YVBB Haxdoor NOT FOUND by this tool! **** **** YVPP Haxdoor NOT FOUND by this tool! **** **** NKGFS Haxdoor NOT FOUND by this tool! **** **** XMSK Haxdoor NOT FOUND by this tool! **** **** AVPX Haxdoor NOT FOUND by this tool! **** **** MMXF Haxdoor NOT FOUND by this tool! **** **** DP1112 Vundo Rootkit NOT FOUND by this tool! **** **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! **** **** I386P Rootkit Driver NOT FOUND by this tool! **** **** ERSSDD Rootkit NOT FOUND by this tool! **** **** GencTurK RootKit NOT FOUND by this tool! **** **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! **** **** W32/Almanahe.sys NOT FOUND by this tool! **** ************************************************************************************ Dumping HKLM Uninstall Programs list DisplayName REG_SZ 2Wire Wireless Client DisplayName REG_SZ 7200 DisplayName REG_SZ 7200_Help DisplayName REG_SZ 7200Trb DisplayName REG_SZ Acronis True Image DisplayName REG_SZ Across Lite DisplayName REG_SZ Adobe After Effects 6.5 DisplayName REG_SZ Adobe Bridge 1.0 DisplayName REG_SZ Adobe Common File Installer DisplayName REG_SZ Adobe Flash Player ActiveX DisplayName REG_SZ Adobe Flash Player Plugin DisplayName REG_SZ Adobe Help Center 1.0 DisplayName REG_SZ Adobe Photoshop CS2 DisplayName REG_SZ Adobe Photoshop CS2 DisplayName REG_SZ Adobe Photoshop Elements 3.0 DisplayName REG_SZ Adobe Premiere Pro 1.5 DisplayName REG_SZ Adobe Reader 7.0.9 DisplayName REG_SZ Adobe Stock Photos 1.0 DisplayName REG_SZ Ahead Nero - Burning Rom DisplayName REG_SZ AiO_Scan DisplayName REG_SZ AiO_Scan_CDA DisplayName REG_SZ AiOSoftware DisplayName REG_SZ AiOSoftwareNPI DisplayName REG_SZ ALPS Touch Pad Driver DisplayName REG_SZ Apple Mobile Device Support DisplayName REG_SZ Apple Software Update DisplayName REG_SZ ASF DisplayName REG_SZ ATI Display Driver (Omega 2.6.05a) DisplayName REG_SZ Audacity 1.3.4 (Unicode) DisplayName REG_SZ Before You Know It 3.6 DisplayName REG_SZ Bonjour DisplayName REG_SZ Boston Central Artery Tunnel - Ramp A-CN DisplayName REG_SZ Bridge Baron 14 DisplayName REG_SZ Broadcom Advanced Control Suite DisplayName REG_SZ Broadcom Advanced Control Suite DisplayName REG_SZ Broadcom ASF Management Applications DisplayName REG_SZ BufferChm DisplayName REG_SZ Business Contact Manager for Outlook 2003 DisplayName REG_SZ Camera Support Core Library DisplayName REG_SZ Canon Camera Support Core Library DisplayName REG_SZ Canon Utilities PhotoStitch 3.1 DisplayName REG_SZ CCleaner (remove only) DisplayName REG_SZ Clusterball 1.003 Base Version DisplayName REG_SZ Clusterball 1.004 (Free Version 2) DisplayName REG_SZ Clusterball Venue Antarctica DisplayName REG_SZ Clusterball Venue Bora Bora DisplayName REG_SZ Clusterball Venue China DisplayName REG_SZ Clusterball Venue Easter Island DisplayName REG_SZ Clusterball Venue Lunar DisplayName REG_SZ Clusterball Venue Metropolactica DisplayName REG_SZ Clusterball Venue Ruhrmansk DisplayName REG_SZ Clusterball Venue Stonehenge DisplayName REG_SZ Clusterball Venue Taj Mahal DisplayName REG_SZ Clusterball Venue Yucatan DisplayName REG_SZ Conexant D480 MDC V.9x Modem DisplayName REG_SZ Copy DisplayName REG_SZ CP_AtenaShokunin1Config DisplayName REG_SZ cp_dwShrek2Albums1 DisplayName REG_SZ cp_dwShrek2Cards1 DisplayName REG_SZ CreativeProjects DisplayName REG_SZ CreativeProjectsTemplates DisplayName REG_SZ CueTour DisplayName REG_SZ CustomerResearchQFolder DisplayName REG_SZ Cypress USB Mass Storage Driver Installation DisplayName REG_SZ Dell Solution Center DisplayName REG_SZ Dell Wireless WLAN Utility DisplayName REG_SZ Destinations DisplayName REG_SZ DeviceManagementQFolder DisplayName REG_SZ Digital Line Detect DisplayName REG_SZ DivX DisplayName REG_SZ DivX Content Uploader DisplayName REG_SZ DivX Player DisplayName REG_SZ DivX Web Player DisplayName REG_SZ DocProc DisplayName REG_SZ DocumentViewer DisplayName REG_SZ DrillAssistant version 4.0.3 DisplayName REG_SZ DV Rack Demo DisplayName REG_SZ DVD Decrypter (Remove Only) DisplayName REG_SZ DVDSentry DisplayName REG_SZ Dvorak DCO custom - incl Spanish DisplayName REG_SZ Dvorak DCO custom - incl Swedish DisplayName REG_SZ ERUNT 1.1j DisplayName REG_SZ eSupportQFolder DisplayName REG_SZ F300 DisplayName REG_SZ F300_Help DisplayName REG_SZ Family Tree Maker 2005 DisplayName REG_SZ Family Tree Maker 2006 DisplayName REG_SZ Fax DisplayName REG_SZ Fax_CDA DisplayName REG_SZ File, Print FedEx Kinko's DisplayName REG_SZ FXOrder2GoRE DisplayName REG_SZ GdiplusUpgrade DisplayName REG_SZ Genline FamilyFinder 2.0 DisplayName REG_SZ GIB DisplayName REG_SZ gmax DisplayName REG_SZ Google Earth DisplayName REG_SZ Help and Support Customization DisplayName REG_SZ HighMAT Extension to Microsoft Windows XP CD Writing Wizard DisplayName REG_SZ Hotfix for Windows Media Format 11 SDK (KB929399) DisplayName REG_SZ Hotfix for Windows Media Player 11 (KB939683) DisplayName REG_SZ Hotfix for Windows XP (KB926239) DisplayName REG_SZ HP Customer Participation Program 7.0 DisplayName REG_SZ HP Image Zone 4.7 DisplayName REG_SZ HP Imaging Device Functions 7.0 DisplayName REG_SZ HP Photosmart Essential DisplayName REG_SZ HP Photosmart, Officejet and Deskjet 7.0.A DisplayName REG_SZ hp print screen utility DisplayName REG_SZ HP PSC & OfficeJet 4.7 DisplayName REG_SZ HP Software Update DisplayName REG_SZ HP Solution Center 7.0 DisplayName REG_SZ HP Update DisplayName REG_SZ HPPhotoSmartExpress DisplayName REG_SZ HPProductAssistant DisplayName REG_SZ HPSystemDiagnostics DisplayName REG_SZ InstantShare DisplayName REG_SZ InstantShareDevicesMFC DisplayName REG_SZ InterActual Player DisplayName REG_SZ InterVideo WinDVD DisplayName REG_SZ iTunes DisplayName REG_SZ Java(TM) 6 Update 3 DisplayName REG_SZ Java(TM) SE Runtime Environment 6 Update 1 DisplayName REG_SZ LEC Translate DisplayName REG_SZ LiveReg (Symantec Corporation) DisplayName REG_SZ LiveUpdate 2.6 (Symantec Corporation) DisplayName REG_SZ Lizardtech Express View DisplayName REG_SZ Logitech Desktop Messenger DisplayName REG_SZ Logitech MouseWare 9.78 DisplayName REG_SZ Macromedia Shockwave Player DisplayName REG_SZ MarketResearch DisplayName REG_SZ MasterCook Deluxe 9 DisplayName REG_SZ MasterCook Deluxe 9 DisplayName REG_SZ McAfee VirusScan Enterprise DisplayName REG_SZ Microsoft .NET Framework 1.1 DisplayName REG_SZ Microsoft .NET Framework 1.1 DisplayName REG_SZ Microsoft .NET Framework 1.1 Hotfix (KB928366) DisplayName REG_SZ Microsoft .NET Framework 2.0 DisplayName REG_SZ Microsoft .NET Framework 2.0 DisplayName REG_SZ Microsoft Compression Client Pack 1.0 for Windows XP DisplayName REG_SZ Microsoft Data Access Components KB870669 DisplayName REG_SZ Microsoft Keyboard Layout Creator DisplayName REG_SZ Microsoft Keyboard Layout Creator 1.4 DisplayName REG_SZ Microsoft Office 2003 Proofing Tools DisplayName REG_SZ Microsoft Office OneNote 2003 DisplayName REG_SZ Microsoft Office Outlook 2003 DisplayName REG_SZ Microsoft Office Professional Edition 2003 DisplayName REG_SZ Microsoft Outlook Personal Folders Backup DisplayName REG_SZ Microsoft SQL Server Desktop Engine (INVENTORCONTENT) DisplayName REG_SZ Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) DisplayName REG_SZ Microsoft User-Mode Driver Framework Feature Pack 1.0 DisplayName REG_SZ Microsoft Windows Journal Viewer DisplayName REG_SZ Microsoft WSE 2.0 Runtime DisplayName REG_SZ Modem Helper DisplayName REG_SZ Mozilla Firefox (2.0.0.13) DisplayName REG_SZ MSXML 4.0 SP2 (KB927978) DisplayName REG_SZ MSXML 4.0 SP2 (KB936181) DisplayName REG_SZ MultiRes (remove only) DisplayName REG_SZ Native Instruments Traktor DJ Studio v2.6.1.022 DisplayName REG_SZ NetWaiting DisplayName REG_SZ Network Addon Mod Version June 2007 DisplayName REG_SZ NetworkAddonMod Beta Version 2006.12.24 DisplayName REG_SZ NewCopy_CDA DisplayName REG_SZ NutriBase EZ DisplayName REG_SZ NätLex 1.1.11 DisplayName REG_SZ OMCI DisplayName REG_SZ OpenMG AAC Add-on Module 1.0.00 DisplayName REG_SZ OpenMG AAC Add-on Module 1.0.00 DisplayName REG_SZ OpenMG Limited Patch 4.5-06-05-12-01 DisplayName REG_SZ OpenMG Secure Module 4.5.01 DisplayName REG_SZ OpenMG Secure Module 4.5.01 DisplayName REG_SZ PanoStandAlone DisplayName REG_SZ PC Wizard 2007.1.73 DisplayName REG_SZ PDF-XChange 3.5 DisplayName REG_SZ PDF Manual NW-S200 Series DisplayName REG_SZ PhotoGallery DisplayName REG_SZ PhotoStitch DisplayName REG_SZ PopCap Browser Plugin DisplayName REG_SZ ProductContext DisplayName REG_SZ ProductContextNPI DisplayName REG_SZ QFolder DisplayName REG_SZ QuickSet DisplayName REG_SZ QuickTime DisplayName REG_SZ Qwest QuickNetworking DisplayName REG_SZ Radeon Omega Drivers v2.6.05a Setup Files DisplayName REG_SZ RadLinker DisplayName REG_SZ Readme DisplayName REG_SZ RealPlayer DisplayName REG_SZ Scan DisplayName REG_SZ ScannerCopy DisplayName REG_SZ ScreenPrint32 v3.5 DisplayName REG_SZ Security Update for Microsoft .NET Framework 2.0 (KB928365) DisplayName REG_SZ Security Update for Step By Step Interactive Training (KB898458) DisplayName REG_SZ Security Update for Step By Step Interactive Training (KB923723) DisplayName REG_SZ Security Update for Windows Media Player (KB911564) DisplayName REG_SZ Security Update for Windows Media Player 10 (KB911565) DisplayName REG_SZ Security Update for Windows Media Player 11 (KB936782) DisplayName REG_SZ Security Update for Windows Media Player 6.4 (KB925398) DisplayName REG_SZ Security Update for Windows XP (KB883939) DisplayName REG_SZ Security Update for Windows XP (KB890046) DisplayName REG_SZ Security Update for Windows XP (KB893756) DisplayName REG_SZ Security Update for Windows XP (KB896358) DisplayName REG_SZ Security Update for Windows XP (KB896422) DisplayName REG_SZ Security Update for Windows XP (KB896423) DisplayName REG_SZ Security Update for Windows XP (KB896424) DisplayName REG_SZ Security Update for Windows XP (KB896428) DisplayName REG_SZ Security Update for Windows XP (KB896688) DisplayName REG_SZ Security Update for Windows XP (KB899587) DisplayName REG_SZ Security Update for Windows XP (KB899588) DisplayName REG_SZ Security Update for Windows XP (KB899589) DisplayName REG_SZ Security Update for Windows XP (KB899591) DisplayName REG_SZ Security Update for Windows XP (KB900725) DisplayName REG_SZ Security Update for Windows XP (KB901017) DisplayName REG_SZ Security Update for Windows XP (KB901214) DisplayName REG_SZ Security Update for Windows XP (KB902400) DisplayName REG_SZ Security Update for Windows XP (KB903235) DisplayName REG_SZ Security Update for Windows XP (KB904706) DisplayName REG_SZ Security Update for Windows XP (KB905414) DisplayName REG_SZ Security Update for Windows XP (KB905749) DisplayName REG_SZ Security Update for Windows XP (KB905915) DisplayName REG_SZ Security Update for Windows XP (KB908519) DisplayName REG_SZ Security Update for Windows XP (KB908531) DisplayName REG_SZ Security Update for Windows XP (KB911280) DisplayName REG_SZ Security Update for Windows XP (KB911562) DisplayName REG_SZ Security Update for Windows XP (KB911567) DisplayName REG_SZ Security Update for Windows XP (KB911927) DisplayName REG_SZ Security Update for Windows XP (KB912812) DisplayName REG_SZ Security Update for Windows XP (KB912919) DisplayName REG_SZ Security Update for Windows XP (KB913446) DisplayName REG_SZ Security Update for Windows XP (KB913580) DisplayName REG_SZ Security Update for Windows XP (KB914388) DisplayName REG_SZ Security Update for Windows XP (KB914389) DisplayName REG_SZ Security Update for Windows XP (KB916281) DisplayName REG_SZ Security Update for Windows XP (KB917159) DisplayName REG_SZ Security Update for Windows XP (KB917344) DisplayName REG_SZ Security Update for Windows XP (KB917422) DisplayName REG_SZ Security Update for Windows XP (KB917953) DisplayName REG_SZ Security Update for Windows XP (KB918118) DisplayName REG_SZ Security Update for Windows XP (KB918439) DisplayName REG_SZ Security Update for Windows XP (KB918899) DisplayName REG_SZ Security Update for Windows XP (KB919007) DisplayName REG_SZ Security Update for Windows XP (KB920213) DisplayName REG_SZ Security Update for Windows XP (KB920214) DisplayName REG_SZ Security Update for Windows XP (KB920670) DisplayName REG_SZ Security Update for Windows XP (KB920683) DisplayName REG_SZ Security Update for Windows XP (KB920685) DisplayName REG_SZ Security Update for Windows XP (KB921398) DisplayName REG_SZ Security Update for Windows XP (KB921503) DisplayName REG_SZ Security Update for Windows XP (KB921883) DisplayName REG_SZ Security Update for Windows XP (KB922616) DisplayName REG_SZ Security Update for Windows XP (KB922760) DisplayName REG_SZ Security Update for Windows XP (KB922819) DisplayName REG_SZ Security Update for Windows XP (KB923191) DisplayName REG_SZ Security Update for Windows XP (KB923414) DisplayName REG_SZ Security Update for Windows XP (KB923694) DisplayName REG_SZ Security Update for Windows XP (KB923789) DisplayName REG_SZ Security Update for Windows XP (KB923980) DisplayName REG_SZ Security Update for Windows XP (KB924191) DisplayName REG_SZ Security Update for Windows XP (KB924270) DisplayName REG_SZ Security Update for Windows XP (KB924496) DisplayName REG_SZ Security Update for Windows XP (KB924667) DisplayName REG_SZ Security Update for Windows XP (KB925454) DisplayName REG_SZ Security Update for Windows XP (KB925486) DisplayName REG_SZ Security Update for Windows XP (KB925902) DisplayName REG_SZ Security Update for Windows XP (KB926255) DisplayName REG_SZ Security Update for Windows XP (KB926436) DisplayName REG_SZ Security Update for Windows XP (KB927779) DisplayName REG_SZ Security Update for Windows XP (KB927802) DisplayName REG_SZ Security Update for Windows XP (KB928090) DisplayName REG_SZ Security Update for Windows XP (KB928255) DisplayName REG_SZ Security Update for Windows XP (KB928843) DisplayName REG_SZ Security Update for Windows XP (KB929123) DisplayName REG_SZ Security Update for Windows XP (KB929969) DisplayName REG_SZ Security Update for Windows XP (KB930178) DisplayName REG_SZ Security Update for Windows XP (KB931261) DisplayName REG_SZ Security Update for Windows XP (KB931768) DisplayName REG_SZ Security Update for Windows XP (KB931784) DisplayName REG_SZ Security Update for Windows XP (KB932168) DisplayName REG_SZ Security Update for Windows XP (KB933566) DisplayName REG_SZ Security Update for Windows XP (KB933729) DisplayName REG_SZ Security Update for Windows XP (KB935839) DisplayName REG_SZ Security Update for Windows XP (KB935840) DisplayName REG_SZ Security Update for Windows XP (KB936021) DisplayName REG_SZ Security Update for Windows XP (KB937143) DisplayName REG_SZ Security Update for Windows XP (KB937894) DisplayName REG_SZ Security Update for Windows XP (KB938127) DisplayName REG_SZ Security Update for Windows XP (KB938829) DisplayName REG_SZ Security Update for Windows XP (KB939653) DisplayName REG_SZ Security Update for Windows XP (KB941202) DisplayName REG_SZ Security Update for Windows XP (KB941568) DisplayName REG_SZ Security Update for Windows XP (KB941569) DisplayName REG_SZ Security Update for Windows XP (KB941644) DisplayName REG_SZ Security Update for Windows XP (KB942615) DisplayName REG_SZ Security Update for Windows XP (KB943055) DisplayName REG_SZ Security Update for Windows XP (KB943460) DisplayName REG_SZ Security Update for Windows XP (KB943485) DisplayName REG_SZ Security Update for Windows XP (KB944533) DisplayName REG_SZ Security Update for Windows XP (KB944653) DisplayName REG_SZ Security Update for Windows XP (KB946026) DisplayName REG_SZ Sentinel Protection Installer 7.0.0 DisplayName REG_SZ Shutterfly Plugin DisplayName REG_SZ SimCity 4 Rush Hour DisplayName REG_SZ SkinsHP1 DisplayName REG_SZ Skype 2.0 DisplayName REG_SZ SmartSound Common Data DisplayName REG_SZ SmartSound Common Data DisplayName REG_SZ SmartSound Sonicfire Pro 4 DisplayName REG_SZ SmartSound Sonicfire Pro 4 DisplayName REG_SZ Smead Viewables DisplayName REG_SZ SolutionCenter DisplayName REG_SZ SonicStage 4.0 DisplayName REG_SZ Sony Media Manager 2.0 DisplayName REG_SZ SSH Secure Shell DisplayName REG_SZ Status DisplayName REG_SZ Swedish Dvorak keyboard layout for Windows 2000 DisplayName REG_SZ SwedishNow! DisplayName REG_SZ SYSTRAN Premium 5.0 DisplayName REG_SZ Tablet DisplayName REG_SZ Teleport Pro DisplayName REG_SZ TeLL me More DisplayName REG_SZ TELL ME MORE DisplayName REG_SZ The Rosetta Stone DisplayName REG_SZ Toolbox DisplayName REG_SZ Track 'n Trade High Finance DisplayName REG_SZ TrayApp DisplayName REG_SZ United States-Dvorak DCO custom DisplayName REG_SZ Unload DisplayName REG_SZ Update for Windows XP (KB894391) DisplayName REG_SZ Update for Windows XP (KB896727) DisplayName REG_SZ Update for Windows XP (KB898461) DisplayName REG_SZ Update for Windows XP (KB900485) DisplayName REG_SZ Update for Windows XP (KB910437) DisplayName REG_SZ Update for Windows XP (KB916595) DisplayName REG_SZ Update for Windows XP (KB920872) DisplayName REG_SZ Update for Windows XP (KB922582) DisplayName REG_SZ Update for Windows XP (KB927891) DisplayName REG_SZ Update for Windows XP (KB929338) DisplayName REG_SZ Update for Windows XP (KB930916) DisplayName REG_SZ Update for Windows XP (KB931836) DisplayName REG_SZ Update for Windows XP (KB933360) DisplayName REG_SZ Update for Windows XP (KB936357) DisplayName REG_SZ Update for Windows XP (KB938828) DisplayName REG_SZ Update for Windows XP (KB942763) DisplayName REG_SZ Update for Windows XP (KB942840) DisplayName REG_SZ Update for Windows XP (KB946627) DisplayName REG_SZ USB Storage Adapter FX (SM1) DisplayName REG_SZ Viewpoint Media Player DisplayName REG_SZ ViviCam V35 DisplayName REG_SZ WebFldrs XP DisplayName REG_SZ WebReg DisplayName REG_SZ Winamp Toolbar for Firefox DisplayName REG_SZ Windows Genuine Advantage Notifications (KB905474) DisplayName REG_SZ Windows Installer 3.1 (KB893803) DisplayName REG_SZ Windows Installer 3.1 (KB893803) DisplayName REG_SZ Windows Installer Clean Up DisplayName REG_SZ Windows Media Format 11 runtime DisplayName REG_SZ Windows Media Format 11 runtime DisplayName REG_SZ Windows Media Player 11 DisplayName REG_SZ Windows Media Player 11 DisplayName REG_SZ Windows XP Hotfix - KB834707 DisplayName REG_SZ Windows XP Hotfix - KB867282 DisplayName REG_SZ Windows XP Hotfix - KB873333 DisplayName REG_SZ Windows XP Hotfix - KB873339 DisplayName REG_SZ Windows XP Hotfix - KB885250 DisplayName REG_SZ Windows XP Hotfix - KB885835 DisplayName REG_SZ Windows XP Hotfix - KB885836 DisplayName REG_SZ Windows XP Hotfix - KB886185 DisplayName REG_SZ Windows XP Hotfix - KB887472 DisplayName REG_SZ Windows XP Hotfix - KB887742 DisplayName REG_SZ Windows XP Hotfix - KB888113 DisplayName REG_SZ Windows XP Hotfix - KB888302 DisplayName REG_SZ Windows XP Hotfix - KB890047 DisplayName REG_SZ Windows XP Hotfix - KB890175 DisplayName REG_SZ Windows XP Hotfix - KB890859 DisplayName REG_SZ Windows XP Hotfix - KB890923 DisplayName REG_SZ Windows XP Hotfix - KB891781 DisplayName REG_SZ Windows XP Hotfix - KB893066 DisplayName REG_SZ Windows XP Hotfix - KB893086 DisplayName REG_SZ Windows XP Service Pack 2 DisplayName REG_SZ WinRAR archiver DisplayName REG_SZ WordBanker Multilanguage English (Full Version) ParentDisplayName REG_SZ ParentDisplayName REG_SZ ParentDisplayName REG_SZ Microsoft .NET Framework 2.0 ParentDisplayName REG_SZ Microsoft Learning - Software Updates ParentDisplayName REG_SZ Microsoft Learning - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates QuietDisplayName REG_SZ Microsoft Data Access Components KB870669 QuietDisplayName REG_SZ Shockwave Director 10.1 QuietDisplayName REG_SZ Shockwave Flash ##################################################################################################### -- All DONE! :) ~ ShadowPuterDude ~