reports you requested . . . .
11/02/06 19:46:27 [Info]: BlackLight Engine 1.0.47 initialized
11/02/06 19:46:27 [Info]: OS: 5.0 build 2195 (Service Pack 4)
11/02/06 19:46:28 [Note]: 7019 4
11/02/06 19:46:28 [Note]: 7005 0
11/02/06 19:46:41 [Note]: 7006 0
11/02/06 19:46:41 [Note]: 7011 856
11/02/06 19:46:42 [Note]: 7026 0
11/02/06 19:46:42 [Note]: 7026 0
11/02/06 19:47:22 [Note]: FSRAW library version 1.7.1020
11/02/06 19:56:28 [Note]: 7007 0
Logfile created on: 11/02/2006 20:13
WinPFind2 by OldTimer - Version 1.0.12 Folder = C:\Documents and Settings\Lawrence Luecke\Desktop\WinPFind2\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2600.0000)
< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\winnt\system32\csrss.exe - (Microsoft Corporation )
\??\c:\winnt\system32\winlogon.exe - (Microsoft Corporation )
c:\winnt\system32\services.exe - (Microsoft Corporation )
c:\winnt\system32\lsass.exe - (Microsoft Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINNT\system32\rpcss.dll - (Microsoft Corporation )
c:\winnt\system32\spoolsv.exe - (Microsoft Corporation )
c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\program files\common files\symantec shared\ccsetmgr.exe - (Symantec Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(EventSystem) C:\WINNT\System32\es.dll - (Microsoft Corporation )
(Netman) C:\WINNT\System32\netman.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINNT\System32\NtmsSvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINNT\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINNT\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINNT\System32\mprdim.dll - (Microsoft Corporation )
(SENS) C:\WINNT\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINNT\System32\ipnathlp.dll - (Microsoft Corporation )
(TapiSrv) C:\WINNT\System32\tapisrv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINNT\System32\wzcsvc.dll - (Microsoft Corporation )
c:\program files\norton antivirus\navapsvc.exe - (Symantec Corporation )
c:\program files\norton antivirus\iwp\npfmntor.exe - (Symantec Corporation )
c:\winnt\system32\mstask.exe - (Microsoft Corporation )
c:\program files\common files\symantec shared\sndsrvc.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe - (Symantec Corporation )
c:\winnt\explorer.exe - (Microsoft Corporation )
c:\winnt\system32\stisvc.exe - (Microsoft Corporation )
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe - (Symantec Corporation )
c:\winnt\system32\wbem\winmgmt.exe - (Microsoft Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K WUGROUP] - (Microsoft Corporation )
(wuauserv) C:\WINNT\system32\wuauserv.dll - (Microsoft Corporation )
c:\program files\common files\symantec shared\ccevtmgr.exe - (Symantec Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K BITSGROUP] - (Microsoft Corporation )
(BITS) C:\WINNT\System32\qmgr.dll - (Microsoft Corporation )
c:\winnt\tppaldr.exe - (In-System Design, Inc. )
c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe - (Hewlett-Packard )
c:\program files\real\realplayer\realplay.exe - (RealNetworks, Inc. )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\winnt\system32\hphmon04.exe - (Hewlett-Packard )
c:\winnt\system32\spool\drivers\w32x86\3\hpztsb05.exe - (HP )
c:\program files\hewlett-packard\hp share-to-web\hpgs2wnf.exe - ( )
c:\winnt\system32\spool\drivers\w32x86\3\e_s4i2p1.exe - (SEIKO EPSON CORPORATION )
c:\program files\common files\symantec shared\ccapp.exe - (Symantec Corporation )
c:\program files\java\jre1.5.0_06\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\trojanhunter 4.6\thguard.exe - (Mischel Internet Security )
c:\program files\epson\epson cardmonitor\epson cardmonitor1.1.exe - (SEIKO EPSON CORPORATION )
c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
c:\documents and settings\lawrence luecke\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
< Registry Entries >
[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page -
http://www.microsoft...p...ER}&ar=home HKLM->Main\\Default_Page_URL -
http://cgi.verizon.n...a...&bm=ho_home HKLM->Main\\Default_Search_URL -
http://www.microsoft...amp;ar=iesearch HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page -
http://www.google.com/ HKCU->Main\\Default_Page_URL -
http://start.earthlink.net HKCU->Main\\Local Page - C:\WINNT\System32\blank.htm
HKLM->Search\\CustomizeSearch -
http://ie.search.msn...st/srchcust.htm HKLM->Search\\SearchAssistant -
http://ie.search.msn...st/srchasst.htm HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - 127.0.0.1;<local>
[>> BHO's <<]
[>> Internet Explorer Bars, Toolbars and Extensions <<]
[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINNT\System32\Shdocvw.dll (Microsoft Corporation )
[HKCU-> Internet Explorer Bars]
{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
[HKLM-> Internet Explorer ToolBars]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINNT\System32\msdxm.ocx ( )
{D7F30B62-8269-41AF-9539-B2697FA7D77E} - EarthLink Toolbar = C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc. )
[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8196 - Sun Java Console
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8193 - Reg Data - Key not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8194 - Reg Data - Value does not exist
NextId - 8197
[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = Reg Data - Value does not exist (File not found)
CmdMapping - MenuText: Reg Data - Value does not exist = Reg Data - Key not found (File not found)
[HKCU-> Internet Explorer Menu Extensions]
&AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (File not found)
&Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html (Google Inc. )
&Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html (Google Inc. )
Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html (Google Inc. )
Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html (Google Inc. )
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation )
Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html (Google Inc. )
Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html (Google Inc. )
[>> Approved Shell Extensions (Non-Microsoft only) <<]
[HKLM-> Approved Shell Extensions]
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc. )
{A4DF5659-0801-4A60-9607-1C48695EFDA9} - Share-to-Web Upload Folder = C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL (Hewlett-Packard )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
[>> ContextMenuHandlers (Non-Microsoft only) <<]
[HKLM-> ContextMenuHandlers]
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
* - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Folder - Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
Folder - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
[>> ColumnHandlers (Non-Microsoft only) <<]
[HKLM-> ColumnHandlers]
[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINNT\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1
[>> Registry Run Keys <<]
HKLM->Run\\a-winpoet-service - "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe" (File not found)
HKLM->Run\\ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation )
HKLM->Run\\EPSON PictureMate - C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate" (SEIKO EPSON CORPORATION )
HKLM->Run\\HPDJ Taskbar Utility - C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe (HP )
HKLM->Run\\HPHmon04 - C:\WINNT\System32\hphmon04.exe (Hewlett-Packard )
HKLM->Run\\HPHUPD04 - "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" (Hewlett-Packard )
HKLM->Run\\LoadQM - loadqm.exe (Microsoft Corporation )
HKLM->Run\\NeroCheck - C:\WINNT\System32\NeroCheck.exe (Ahead Software Gmbh )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc. )
HKLM->Run\\Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard )
HKLM->Run\\SSC_UserPrompt - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation )
HKLM->Run\\Synchronization Manager - mobsync.exe /logon (Microsoft Corporation )
HKLM->Run\\THGuard - "C:\Program Files\TrojanHunter 4.6\THGuard.exe" (Mischel Internet Security )
HKLM->Run\\TPP Auto Loader - C:\WINNT\TPPALDR.EXE (In-System Design, Inc. )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\SpySweeper - (File not found)
[>> Miscellaneous Startup Keys <<]
[AppInit DLLs]
AppInit_DLL - (File not found)
[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d
[Shell Service Object Delay Load]
Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )
[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )
[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
[SafeBoot Option]
[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -
[HKCU Command Processor AutoRun]
[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;
[PendingFileRenameOperations]
[FileRenameOperations]
[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -
[>> Disabled MSConfig Items <<]
[>> User Agent Post Platform <<]
[>> Winlogon <<]
HMLM->AltDefaultDomainName - LLUECKE
HMLM->AltDefaultUserName - Lawrence Luecke
HMLM->AutoAdminLogon - 1
HMLM->DefaultDomainName - LLUECKE
HMLM->DefaultUserName - Lawrence Luecke
HKLM->Shell - explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - c:\winnt\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\wzcnotif - wzcdlg.dll (Microsoft Corporation )
[>> DNS Name Servers <<]
{A16A77C7-5F3E-4C8B-B109-A15B299C71BA} - (Linksys LNE100TX(v5) Fast Ethernet Adapter)
[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)
vnd.ms.radio - C:\WINNT\System32\msdxm.ocx ( )
[>> Protocol Filters (Non-Microsoft only) <<]
< All Services >
Abiosdsk (Abiosdsk) - (File not found)) [Disabled - Stopped - Kernel driver]
abp480n5 (abp480n5) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft ACPI Driver (ACPI) - \SystemRoot\System32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ACPIEC (ACPIEC) - (File not found)) [Disabled - Stopped - Kernel driver]
adpu160m (adpu160m) - (File not found)) [Disabled - Stopped - Kernel driver]
AFD Networking Support Environment (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [Automatic - Running - Kernel driver]
AFS2k (AFS2K) - (File not found)) [ - Running - Kernel driver]
Aha154x (Aha154x) - (File not found)) [Disabled - Stopped - Kernel driver]
aic116x (aic116x) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78u2 (aic78u2) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78xx (aic78xx) - (File not found)) [Disabled - Stopped - Kernel driver]
Alerter (Alerter) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
ami0nt (ami0nt) - (File not found)) [Disabled - Stopped - Kernel driver]
amsint (amsint) - (File not found)) [Disabled - Stopped - Kernel driver]
AOL Spyware Protection Service (AOLService) - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Application Management (AppMgmt) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
asc (asc) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3350p (asc3350p) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3550 (asc3550) - (File not found)) [Disabled - Stopped - Kernel driver]
ASCTRM (ASCTRM) - (File not found)) [Automatic - Running - Kernel driver]
RAS Asynchronous Media Driver (AsyncMac) - System32\DRIVERS\asyncmac.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\System32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Atdisk (Atdisk) - (File not found)) [Disabled - Stopped - Kernel driver]
ATM ARP Client Protocol (Atmarpc) - System32\DRIVERS\atmarpc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Audio Stub Driver (audstub) - System32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ( ) [ - Running - Kernel driver]
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
AVG Anti-Spyware Clean Driver (AvgAsCln) - System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
Beep (Beep) - (File not found)) [ - Running - Kernel driver]
Background Intelligent Transfer Service (BITS) - C:\WINNT\System32\svchost.exe -k BITSgroup (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Computer Browser (Browser) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
BusLogic (BusLogic) - (File not found)) [Disabled - Stopped - Kernel driver]
Closed Caption Decoder (ccdecode) - system32\drivers\ccdecode.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Password Validation (ccPwdSvc) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (Symantec Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
cd20xrnt (cd20xrnt) - (File not found)) [Disabled - Stopped - Kernel driver]
Cdaudio (Cdaudio) - (File not found)) [ - Stopped - Kernel driver]
Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver]
CD-ROM Driver (Cdrom) - System32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Changer (Changer) - (File not found)) [ - Stopped - Kernel driver]
Indexing Service (cisvc) - C:\WINNT\System32\cisvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
ClipBook (ClipSrv) - C:\WINNT\system32\clipsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Cpqarray (Cpqarray) - (File not found)) [Disabled - Stopped - Kernel driver]
cpqarry2 (cpqarry2) - (File not found)) [Disabled - Stopped - Kernel driver]
cpqfcalm (cpqfcalm) - (File not found)) [Disabled - Stopped - Kernel driver]
cpqfws2e (cpqfws2e) - (File not found)) [Disabled - Stopped - Kernel driver]
dac960nt (dac960nt) - (File not found)) [Disabled - Stopped - Kernel driver]
deckzpsx (deckzpsx) - (File not found)) [Disabled - Stopped - Kernel driver]
DHCP Client (Dhcp) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Disk Driver (Disk) - \SystemRoot\System32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Diskperf (Diskperf) - (File not found)) [ - Running - Kernel driver]
Logical Disk Manager Administrative Service (dmadmin) - C:\WINNT\System32\dmadmin.exe /com (VERITAS Software Corp. ) [On Demand - Stopped - Win32, running in a shared process]
dmboot (dmboot) - System32\drivers\dmboot.sys (VERITAS Software Corp. ) [Disabled - Stopped - Kernel driver]
Logical Disk Manager Driver (dmio) - \SystemRoot\System32\drivers\dmio.sys (VERITAS Software Corp. ) [ - Running - Kernel driver]
dmload (dmload) - \SystemRoot\System32\drivers\dmload.sys (VERITAS Software Corp. ) [ - Running - Kernel driver]
Logical Disk Manager (dmserver) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft DirectMusic SW Synth (WDM) (DMusic) - system32\drivers\DMusic.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
DNS Client (Dnscache) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Dot4 HPH11 (Dot4 HPH11) - System32\DRIVERS\hphid411.sys (HP ) [On Demand - Stopped - Kernel driver]
Print Class Driver for IEEE-1284.4 HPH11 (Dot4Print HPH11) - System32\DRIVERS\hphipr11.sys (HP ) [On Demand - Stopped - Kernel driver]
Dot4Usb HPH11 (Dot4Usb HPH11) - System32\drivers\hphius11.sys (HP ) [On Demand - Stopped - Kernel driver]
EFS (EFS) - (File not found)) [Disabled - Running - Filesystem driver]
Creative AudioPCI (ES1371,ES1373) (WDM) (es1371) - system32\drivers\es1371mp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Event Log (Eventlog) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fastfat (Fastfat) - (File not found)) [Disabled - Running - Filesystem driver]
Fax Service (Fax) - C:\WINNT\system32\faxsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Fd16_700 (Fd16_700) - (File not found)) [Disabled - Stopped - Kernel driver]
Floppy Disk Controller Driver (Fdc) - System32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Fips (Fips) - (File not found)) [Automatic - Running - Kernel driver]
fireport (fireport) - (File not found)) [Disabled - Stopped - Kernel driver]
flashpnt (flashpnt) - (File not found)) [Disabled - Stopped - Kernel driver]
Floppy Disk Driver (Flpydisk) - System32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
FltMgr (FltMgr) - \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Volume Manager Driver (Ftdisk) - \SystemRoot\System32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Generic Packet Classifier (Gpc) - System32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - System32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
i81x (i81x) - System32\DRIVERS\i81xnt5.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
ini910u (ini910u) - (File not found)) [Disabled - Stopped - Kernel driver]
IntelIde (IntelIde) - \SystemRoot\System32\DRIVERS\intelide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IP Traffic Filter Driver (IpFilterDriver) - System32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP in IP Tunnel Driver (IpInIp) - System32\DRIVERS\ipinip.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Network Address Translator (IpNat) - System32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IPSEC driver (IPSEC) - System32\DRIVERS\ipsec.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
ipsraidn (ipsraidn) - (File not found)) [Disabled - Stopped - Kernel driver]
IR Enumerator Service (IRENUM) - System32\DRIVERS\irenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\System32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard Class Driver (Kbdclass) - System32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver]
Server (lanmanserver) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
lbrtfdc (lbrtfdc) - (File not found)) [ - Stopped - Kernel driver]
LiveUpdate (LiveUpdate) - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (Symantec Corporation ) [On Demand - Stopped - Win32, running in it's own process]
TCP/IP NetBIOS Helper Service (LmHosts) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Linksys LNE100TX(v5) Fast Ethernet Adapter (lne100v5) - System32\DRIVERS\lne100v5.sys (LinkSys Group Inc. ) [On Demand - Running - Kernel driver]
lp6nds35 (lp6nds35) - (File not found)) [Disabled - Stopped - Kernel driver]
Messenger (Messenger) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Microsoft Security Login Service (Microsoft Security Login Service) - (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Microsoft update Service (Microsoft update Service) - (File not found)) [Automatic - Stopped - Win32, running in it's own process]
mnmdd (mnmdd) - (File not found)) [ - Running - Kernel driver]
NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINNT\System32\mnmsrvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Modem (Modem) - (File not found)) [On Demand - Running - Kernel driver]
Mouse Class Driver (Mouclass) - System32\DRIVERS\mouclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
MountMgr (MountMgr) - (File not found)) [ - Running - Kernel driver]
BDA MPE Filter (MPE) - System32\DRIVERS\MPE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
mraid35x (mraid35x) - (File not found)) [Disabled - Stopped - Kernel driver]
MRXSMB (MRxSmb) - System32\DRIVERS\mrxsmb.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Distributed Transaction Coordinator (MSDTC) - C:\WINNT\System32\msdtc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Msfs (Msfs) - (File not found)) [ - Running - Filesystem driver]
Windows Installer (MSIServer) - C:\WINNT\system32\msiexec.exe /V (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Microsoft Streaming Service Proxy (MSKSSRV) - system32\drivers\MSKSSRV.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Clock Proxy (MSPCLOCK) - system32\drivers\MSPCLOCK.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Quality Manager Proxy (MSPQM) - system32\drivers\MSPQM.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Tee/Sink-to-Sink Converter (MSTEE) - system32\drivers\MSTEE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Mup (Mup) - (File not found)) [ - Running - Filesystem driver]
NABTS/FEC VBI Codec (NABTSFEC) - System32\DRIVERS\NABTSFEC.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Norton AntiVirus Auto-Protect Service (navapsvc) - "C:\Program Files\Norton AntiVirus\navapsvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
NAVENG (NAVENG) - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061101.019\NAVENG.Sys (Symantec Corporation ) [On Demand - Running - Kernel driver]
NAVEX15 (NAVEX15) - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061101.019\NavEx15.Sys (Symantec Corporation ) [On Demand - Running - Kernel driver]
Ncrc710 (Ncrc710) - (File not found)) [Disabled - Stopped - Kernel driver]
NDIS System Driver (NDIS) - (File not found)) [ - Running - Kernel driver]
Remote Access NDIS TAPI Driver (NdisTapi) - System32\DRIVERS\ndistapi.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Usermode I/O Protocol (Ndisuio) - System32\DRIVERS\ndisuio.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Remote Access NDIS WAN Driver (NdisWan) - System32\DRIVERS\ndiswan.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Proxy (NDProxy) - (File not found)) [On Demand - Running - Kernel driver]
NetBIOS Interface (NetBIOS) - System32\DRIVERS\netbios.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
NetBios over Tcpip (NetBT) - System32\DRIVERS\netbt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Network DDE (NetDDE) - C:\WINNT\system32\netdde.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network DDE DSDM (NetDDEdsdm) - C:\WINNT\system32\netdde.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
NetDetect (NetDetect) - \SystemRoot\system32\drivers\netdtect.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Net Logon (Netlogon) - C:\WINNT\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network Connections (Netman) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Norton AntiVirus Firewall Monitor Service (NPFMntor) - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Npfs (Npfs) - (File not found)) [ - Running - Filesystem driver]
Ntfs (Ntfs) - (File not found)) [Disabled - Running - Filesystem driver]
NT LM Security Support Provider (NtLmSsp) - C:\WINNT\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Removable Storage (NtmsSvc) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Null (Null) - (File not found)) [ - Running - Kernel driver]
IPX Traffic Filter Driver (NwlnkFlt) - System32\DRIVERS\nwlnkflt.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IPX Traffic Forwarder Driver (NwlnkFwd) - System32\DRIVERS\nwlnkfwd.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB Open Host Controller Driver (openhci) - System32\DRIVERS\openhci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
OrangeWare USB 2.0 Root Hub Support (ousb2hub) - System32\DRIVERS\ousb2hub.sys (OrangeWare Corporation ) [On Demand - Running - Kernel driver]
NEC PCI to USB Enhanced Host Controller (ousbehci) - System32\Drivers\ousbehci.sys (OrangeWare Corporation ) [Automatic - Running - Kernel driver]
Parallel class driver (Parallel) - System32\DRIVERS\parallel.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Parallel port driver (Parport) - System32\DRIVERS\parport.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PartMgr (PartMgr) - (File not found)) [ - Running - Kernel driver]
ParVdm (ParVdm) - (File not found)) [Automatic - Running - Kernel driver]
PCI Bus Driver (PCI) - \SystemRoot\System32\DRIVERS\pci.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PCIDump (PCIDump) - (File not found)) [ - Stopped - Kernel driver]
PCIIde (PCIIde) - (File not found)) [Disabled - Stopped - Kernel driver]
Pcmcia (Pcmcia) - (File not found)) [Disabled - Stopped - Kernel driver]
Plug and Play (PlugPlay) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Pml Driver HPH11 (Pml Driver HPH11) - C:\WINNT\System32\HPHipm11.exe (HP ) [On Demand - Stopped - Win32, running in it's own process]
IPSEC Policy Agent (PolicyAgent) - C:\WINNT\System32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
WAN Miniport (PPTP) (PptpMiniport) - System32\DRIVERS\raspptp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Protected Storage (ProtectedStorage) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Direct Parallel Link Driver (Ptilink) - System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc. ) [On Demand - Running - Kernel driver]
ql1080 (ql1080) - (File not found)) [Disabled - Stopped - Kernel driver]
Ql10wnt (Ql10wnt) - (File not found)) [Disabled - Stopped - Kernel driver]
ql1240 (ql1240) - (File not found)) [Disabled - Stopped - Kernel driver]
ql2100 (ql2100) - (File not found)) [Disabled - Stopped - Kernel driver]
Remote Access Auto Connection Driver (RasAcd) - System32\DRIVERS\rasacd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Remote Access Auto Connection Manager (RasAuto) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WAN Miniport (L2TP) (Rasl2tp) - System32\DRIVERS\rasl2tp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access Connection Manager (RasMan) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Direct Parallel (Raspti) - System32\DRIVERS\raspti.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Streaming Network Raw Channel Access (RCA) - system32\drivers\RCA.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Rdbss (Rdbss) - System32\DRIVERS\rdbss.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Digital CD Audio Playback Filter Driver (redbook) - System32\DRIVERS\redbook.sys (Microsoft Corporation ) [ - Stopped - Kernel driver]
Routing and Remote Access (RemoteAccess) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Remote Registry Service (RemoteRegistry) - C:\WINNT\system32\regsvc.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINNT\System32\locator.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Remote Procedure Call (RPC) (RpcSs) - C:\WINNT\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
QoS RSVP (RSVP) - C:\WINNT\System32\rsvp.exe -s (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Security Accounts Manager (SamSs) - C:\WINNT\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
SAVRT (SAVRT) - \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SAVRTPEL (SAVRTPEL) - \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation ) [ - Running - Kernel driver]
SAVScan (SAVScan) - C:\Program Files\Norton AntiVirus\SAVScan.exe (Symantec Corporation ) [On Demand - Stopped - Win32, running in it's own process]
ScriptBlocking Service (SBService) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (Symantec Corporation ) [Automatic - Stopped - Win32, running in it's own process]
Smart Card Helper (SCardDrv) - C:\WINNT\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Smart Card (SCardSvr) - C:\WINNT\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Task Scheduler (Schedule) - C:\WINNT\system32\MSTask.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
RunAs Service (seclogon) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
System Event Notification (SENS) - C:\WINNT\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Serenum Filter Driver (serenum) - System32\DRIVERS\serenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Serial port driver (Serial) - System32\DRIVERS\serial.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Serv-U FTP Server (Serv-U) - C:\WINNT\system32\MSupdate.exe (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Sfloppy (Sfloppy) - (File not found)) [ - Stopped - Kernel driver]
sglfb (sglfb) - (File not found)) [ - Stopped - Kernel driver]
Internet Connection Sharing (SharedAccess) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Simbad (Simbad) - (File not found)) [Disabled - Stopped - Kernel driver]
BDA Slip De-Framer (SLIP) - System32\DRIVERS\SLIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Symantec Network Drivers Service (SNDSrvc) - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Sparrow (Sparrow) - (File not found)) [Disabled - Stopped - Kernel driver]
SPBBCDrv (SPBBCDrv) - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation ) [ - Running - Kernel driver]
Symantec SPBBCSvc (SPBBCSvc) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Print Spooler (Spooler) - C:\WINNT\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Srv (Srv) - System32\DRIVERS\srv.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
Still Image Service (StiSvc) - C:\WINNT\system32\stisvc.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
BDA IPSink (streamip) - System32\DRIVERS\StreamIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Software Bus Driver (swenum) - System32\DRIVERS\swenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel GS Wavetable Synthesizer (swmidi) - system32\drivers\swmidi.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Symantec Core LC (Symantec Core LC) - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
symc810 (symc810) - (File not found)) [Disabled - Stopped - Kernel driver]
symc8xx (symc8xx) - (File not found)) [Disabled - Stopped - Kernel driver]
SYMDNS (SYMDNS) - \SystemRoot\System32\Drivers\SYMDNS.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SymEvent (SymEvent) - \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMFW (SYMFW) - \SystemRoot\System32\Drivers\SYMFW.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMIDS (SYMIDS) - \SystemRoot\System32\Drivers\SYMIDS.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMIDSCO (SYMIDSCO) - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20061025.029\symidsco.sys (Symantec Corporation ) [On Demand - Running - Kernel driver]
symlcbrd (symlcbrd) - \??\C:\WINNT\System32\drivers\symlcbrd.sys (Symantec Corporation ) [Automatic - Running - Kernel driver]
SYMNDIS (SYMNDIS) - \SystemRoot\System32\Drivers\SYMNDIS.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMREDRV (SYMREDRV) - \SystemRoot\System32\Drivers\SYMREDRV.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMTDI (SYMTDI) - \SystemRoot\System32\Drivers\SYMTDI.SYS (Symantec Corporation ) [ - Running - Kernel driver]
sym_hi (sym_hi) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft System Audio Device (sysaudio) - system32\drivers\sysaudio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Performance Logs and Alerts (SysmonLog) - C:\WINNT\system32\smlogsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
System Spooler Host (System Spooler Host) - (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Telephony (TapiSrv) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
TCP/IP Protocol Driver (Tcpip) - System32\DRIVERS\tcpip.sys (Microsoft Corporation ) [ - Running - Kernel driver]
tga (tga) - (File not found)) [ - Stopped - Kernel driver]
Telnet (TlntSvr) - C:\WINNT\system32\tlntsvr.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
tmcomm (tmcomm) - \??\C:\WINNT\system32\drivers\tmcomm.sys (Trend Micro Inc. ) [Automatic - Running - Kernel driver]
USB Storage Adapter V3 (TPP) (TPP300) - System32\DRIVERS\TPP300.SYS (In-System Design, Inc. ) [On Demand - Stopped - Kernel driver]
Distributed Link Tracking Client (TrkWks) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Task Manager Help (TskHlp) - C:\WINNT\system32\config\msconfig\taskmgr.exe (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Udfs (Udfs) - (File not found)) [Disabled - Stopped - Filesystem driver]
Microsoft USB Universal Host Controller Driver (uhcd) - System32\DRIVERS\uhcd.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
ultra66 (ultra66) - (File not found)) [Disabled - Stopped - Kernel driver]
Microcode Update Driver (Update) - System32\DRIVERS\update.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Uninterruptible Power Supply (UPS) - C:\WINNT\System32\ups.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Microsoft USB Standard Hub Driver (usbhub) - System32\DRIVERS\usbhub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB PRINTER Class (usbprint) - System32\DRIVERS\usbprint.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Scanner Driver (usbscan) - System32\DRIVERS\usbscan.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Mass Storage Driver (USBSTOR) - System32\DRIVERS\USBSTOR.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Utility Manager (UtilMan) - C:\WINNT\System32\UtilMan.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
VgaSave (VgaSave) - \SystemRoot\System32\drivers\vga.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Windows Time (W32Time) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Remote Access IP ARP Driver (Wanarp) - System32\DRIVERS\wanarp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WAN Miniport (ATW) (wanatw) - System32\DRIVERS\wanatw4.sys (File not found)) [On Demand - Stopped - Kernel driver]
Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - system32\drivers\wdmaud.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Winacpci (Winacpci) - System32\DRIVERS\winacpci.sys (Conexant ) [On Demand - Running - Kernel driver]
Windows Management Instrumentation (WinMgmt) - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Windows Management Instrumentation Driver Extensions (Wmi) - C:\WINNT\system32\Services.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
iVasion PoET Adapter (WRSWanDD) - System32\DRIVERS\WrKPoETNic2000.sys ( ) [On Demand - Stopped - Kernel driver]
Windows Socket 2.0 Non-IFS Service Provider Support Environment (WS2IFSL) - \SystemRoot\System32\drivers\ws2ifsl.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
World Standard Teletext Codec (WSTCODEC) - System32\DRIVERS\WSTCODEC.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Automatic Updates (wuauserv) - C:\WINNT\system32\svchost.exe -k wugroup (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Wireless Configuration (WZCSVC) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
< Files >
%SystemDrive%
C:\ComboFix2.txt - qoologic ( [Ver = | Size = 18193 bytes | Date = 10/21/2006 16:50 | Attr = ])
%ProgramFilesDir%
%WinDir%
C:\WINNT\pxinstall_log.txt - Umonitor ( [Ver = | Size = 49290 bytes | Date = 10/11/2006 18:44 | Attr = ])
C:\WINNT\tpwkjqa.exe - WSUD ( [Ver = | Size = 550000 bytes | Date = 12/12/1989 09:10 | Attr = RHS])
%System%
C:\WINNT\SYSTEM32\Libparse.exe - aspack ( [Ver = | Size = 29696 bytes | Date = 11/06/2005 15:18 | Attr = ])
C:\WINNT\SYSTEM32\mfc42u.dll - WSUD (Microsoft Corporation [Ver = 6.00.9586.0 | Size = 1011764 bytes | Date = 06/19/2003 13:05 | Attr = ])
C:\WINNT\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.21.1628.0 | Size = 9639336 bytes | Date = 10/04/2006 12:03 | Attr = ])
C:\WINNT\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.21.1628.0 | Size = 9639336 bytes | Date = 10/04/2006 12:03 | Attr = ])
C:\WINNT\SYSTEM32\MSupdate.exe_tobedeleted - aspack (Cat Soft [Ver = 5.2.0.1 | Size = 711168 bytes | Date = 11/12/2004 21:35 | Attr = ])
C:\WINNT\SYSTEM32\RASDLG.DLL - Umonitor (Microsoft Corporation [Ver = 5.00.2195.6920 | Size = 531216 bytes | Date = 01/12/2005 13:39 | Attr = ])
C:\WINNT\SYSTEM32\SrchSTS.exe - UPX! (S!Ri [Ver = | Size = 288417 bytes | Date = 04/27/2006 16:49 | Attr = ])
C:\WINNT\SYSTEM32\swreg.exe - UPX! (SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Date = 08/29/2006 18:43 | Attr = ])
C:\WINNT\SYSTEM32\swsc.exe - UPX! ( [Ver = | Size = 40960 bytes | Date = 01/09/2006 09:36 | Attr = ])
C:\WINNT\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 05/08/2001 06:00 | Attr = ])
C:\WINNT\SYSTEM32\xsys.dll - UPX! (influenced.net [Ver = 4.0.3.5 | Size = 39424 bytes | Date = 11/06/2005 15:14 | Attr = ])
%System%\Drivers folder and sub-folders
%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINNT\ShellIconCache - ( [Ver = | Size = 552896 bytes | Date = 11/01/2006 22:07 | Attr = H ])
C:\WINNT\CSC\00000001 - ( [Ver = | Size = 64 bytes | Date = 11/02/2006 03:24 | Attr = S])
C:\WINNT\CSC\00000002 - ( [Ver = | Size = 64 bytes | Date = 10/23/2006 20:25 | Attr = S])
C:\WINNT\CSC\csc1.tmp - ( [Ver = | Size = 64 bytes | Date = 09/27/2006 18:13 | Attr = S])
C:\WINNT\inf\oem20.inf - ( [Ver = | Size = 0 bytes | Date = 10/14/2006 07:09 | Attr = H ])
C:\WINNT\system32\fgiii.ini - ( [Ver = | Size = 1074752 bytes | Date = 09/29/2006 12:35 | Attr = HS])
C:\WINNT\system32\config\DEFAULT.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/02/2006 19:12 | Attr = H ])
C:\WINNT\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/02/2006 03:24 | Attr = H ])
C:\WINNT\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/02/2006 11:48 | Attr = H ])
C:\WINNT\system32\config\SOFTWARE.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/02/2006 19:57 | Attr = H ])
C:\WINNT\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 11/02/2006 03:24 | Attr = H ])
CPL files
C:\WINNT\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.00.2134.1 | Size = 67344 bytes | Date = 05/08/2001 06:00 | Attr = ])
C:\WINNT\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.00.2195.6624 | Size = 301328 bytes | Date = 06/19/2003 13:05 | Attr = ])
C:\WINNT\SYSTEM32\DESK.CPL -