|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt6.waq
|
|
|
nurmijan
Newbie
|
4. tammikuuta 2007 @ 07:38 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 12:23:47, on 4.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt6.waq
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
Hyvät alan ammattilaiset, koneen HT logissa on (O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt6.waq) mitä en saa poistettua. Joka kerta koneen käynnistyksessä myös Norton herjaa tuosta. Norton kertoo että se olisi trojan.linkoptimizer virus.
En saa poistettua tuota, mikä avuksi? Olen puhdistanut konetta safemodessa ad-awarella, AVG-antispywarella, Gromozon rootkit:lla, Symantecin linkoptimizer työkalulla ja muutamalla muulla poistosoftalla. Mutta siellä on ja pysyy.
|
AfterDawn Addict
|
4. tammikuuta 2007 @ 07:49 |
Linkki tähän viestiin
|
Lataa gmer -> http://www.majorgeeks.com/GMER_d5198.html
Pura ja tuplaklikkaa gmer.exe
Klikkaa rootkit-välilehteä ja klikkaa scan.
Kun valmis, klikkaa Copy .
Lähetä gmerin tulokset.
[*] Avaa HijackThis
[*] Klikkaa "Config..."
[*] Klikkaa "Misc Tools"
[*] Merkkaa kaksi boxia "Generate StartupList log"in vieressä
[*] Klikkaa "Generate StartupList log"
[*] Lähetä startuplista
Eli lähetä gmerin loki ja staruplista.
Ei HjT-lokeja tms. yksityisviestillä!
|
|
nurmijan
Newbie
|
4. tammikuuta 2007 @ 08:20 |
Linkki tähän viestiin
|
Jostain syystä tuo gmer ei suostu käynnistymään koneella, testasin tuon saman tiedoston toisella koneella ja siinä se käynnistyi moitteetomasti. Yritän vielä...
Tässä kumminkin HT:n startuplist:
StartupList report, 4.1.2007, 13:19:01
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.exe
C:\Program Files\Internet Explorer\iexplore.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TrackPointSrv = tp4serv.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
LTWinModem1 = ltmsg.exe 9
PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
TPHOTKEY = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
TP4EX = tp4ex.exe
EZEJMNAP = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
BLOG = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
TPKMAPHELPER = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
QCTRAY = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
QCWLICON = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
BMMGAG = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
BMMLREF = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe
[>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
BMMTask.job
MP Scheduled Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shock...ash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: System32\DRIVERS\ACPIEC.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
ANC: System32\drivers\ANC.SYS (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
BFAIFILT: System32\Drivers\bfaifilt.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BUFADPT: \??\C:\WINDOWS\system32\BUFADPT.SYS (system)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft AC Adapter Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Crystal WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DefWatch: "C:\Program Files\NavNT\defwatch.exe" (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Network Connection Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IBMPMDRV: system32\DRIVERS\ibmpmdrv.sys (manual start)
ThinkPad PM Service: %SystemRoot%\system32\ibmpmsvc.exe (autostart)
IBMTPCHK: System32\drivers\IBMBLDID.SYS (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Lucent Modem Driver: system32\DRIVERS\ltmdmxp.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Nal Service : \??\C:\WINDOWS\system32\Drivers\iqvw32.sys (manual start)
NAVAPEL: \??\C:\Program Files\NavNT\NAVAPEL.SYS (autostart)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Client: "C:\Program Files\NavNT\rtvscan.exe" (manual start)
NSC Infrared Device Driver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QCNDISIF: System32\drivers\qcndisif.SYS (manual start)
QCONSVC: System32\QCONSVC.EXE (autostart)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
S3SSavage: system32\DRIVERS\s3ssavm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Smapint: System32\drivers\Smapint.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
TDSMAPI: System32\drivers\TDSMAPI.SYS (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
PS/2 TrackPoint Driver: system32\DRIVERS\tp4track.sys (manual start)
IBM KCU Service: C:\WINDOWS\system32\TpKmpSVC.exe (autostart)
TPPWR: System32\drivers\Tppwr.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TSMAPIP: System32\drivers\TSMAPIP.SYS (system)
IBM PS/2 TrackPoint Filter Driver: System32\DRIVERS\TwoTrack.sys (manual start)
BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service: system32\DRIVERS\rt2500usb.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop Search|||a
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 35 136 bytes
Report generated in 0,260 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
|
AfterDawn Addict
|
4. tammikuuta 2007 @ 08:46 |
Linkki tähän viestiin
|
Gmerin käynnistymättömyys johtuu juurikin sitten gromozon-rootkitistä.
Se osaa blokata tiettyjä ohjelmia ja juurikin gromon tekijöiden takia gmerin virallinen sivu on down (ddos-hyökkäys).
Kokeillaan josko avenger toimii, epäilen:
1. Lataa The Avenger (c) työpöydällesi.
[*]Klikkaa Avenger.zip filua avataksesi sen.
[*]Pura Avenger.exe työpöydällesi.
2. Kopioi kaikki teksti mustalla lainausboksissa alapuolella tyhjälle muistiolle:
Lainaus:
Files to delete:
C:\WINDOWS\system32\lpt6.waq
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Huomaa: yläpuolella oleva skripti on luotu erityisesti tälle käyttäjälle. Jos et ole tämä henkilö, ÄLÄ seuraa näitä ohjeita koska ne voisivat pilata koneesi toimintoja.
3. Nyt, aukaise The Avenger tupla-klikkaamalla sen kuvaketta pöydälläsi.
[*]"Script file to execute" alapuolelta valitse "Input Script Manually".
[*]Nyt klikkaa suurennuslasin kuvaa joka avaa uuden ikkunan nimeltä "View/edit script".
[*] Liitä se teksti jonka kopioit muistioon, tähän ikkunaan.
[*] Klikkaa Done.
[*] Nyt klikkaa vihreää valoa aloittaaksesi skriptin.
[*] Klikkaa "Yes" kun tulee kaksi varoitusboksia.
Avenger tekee automaattisesti seuraavat:[list]
[*] Käynnistää koneesi. (Tapauksissa joissa skripti sisältää "Drivers to Unload" -komennon, Avenger käynnistää koneesi kaksi kertaa.)
[*] Käynnistyksen yhteydessä, se lyhyesti avaa mustan komentoikkunan työpöydällesi, tämä on normaalia.
[*] Käynnistyksen jälkeen, se luo lokitiedoston jonka pitäisi aueta Avengerin tekojen tuloksena. Tämän lokin tiedostopolku on C:\avenger.txt
[*] Avenger on myös tehnyt varmuuskopion kaikista tiedostoista jne.. jotka pyysit sen poistaa, ja on pakannut ja siirtänyt ne zip filuihin polussa C:\avenger\backup.zip.
5. Kopioi ja liitä kaikki sisältö tiedostosta avenger.txt vastaukseesi tuoreen HjT lokin mukana.
EDIT: tuli vähän mokailtua :/ Jos ei avenger toimi, niin aja symantecin työkalu ja prevx:n työkalu vikasiedossa ja lähetä niiden lokit.
Ei HjT-lokeja tms. yksityisviestillä!
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 4. tammikuuta 2007 @ 09:07
|
|
nurmijan
Newbie
|
4. tammikuuta 2007 @ 09:20 |
Linkki tähän viestiin
|
|
Ei lähde myöskään käymään tuo avenger, yritin myös safemodessa. En ymmärrä miten tuo Gromozon rootkit voi blokata nuo ohjelmat? Kun eihän siittä ole mikään servicekään käynnissä??
|
AfterDawn Addict
|
4. tammikuuta 2007 @ 09:35 |
Linkki tähän viestiin
|
|
Siitä on service käynnissä, mutta ei se näy kun se on rootkit kerran (eli piilottaa itsensä järjestelmältä). Aja seuraavaksi se symantecin fixlinkoptimizer ja prevx:n työkalu safemodessa ja lähetä niiden lokit.
EDIT: Aja myös startuplist safe modessa; se service saattaa näkyä siinä.
Ei HjT-lokeja tms. yksityisviestillä!
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 4. tammikuuta 2007 @ 09:42
|
|
nurmijan
Newbie
|
5. tammikuuta 2007 @ 05:55 |
Linkki tähän viestiin
|
Ei suostuneet fixlinkoptimizer ja prevx enään käynistymään. Mutta kokeilin systemscan softaa, koka skannasi koneeni. Poisto työkaluna tuo tarjoaa AVRunner. Tässä logi systemscanilla. Myös alinmaisena HT:n startup logi safemodessa.
Olisiko noista logeista apua?
systemscan - www.suspectfile.com - ver. 2.0.23
Date: pe 05.01.2007
Time: 8:53:26,99
Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-------------Users folders -------------
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\documents and settings
03.01.2007 08:40 <DIR> Administrator
27.12.2005 20:13 <DIR> All Users
27.12.2005 18:23 <DIR> Default User
27.12.2005 19:06 <DIR> LocalService
27.12.2005 18:29 <DIR> NetworkService
29.11.2006 10:40 <DIR> Tapio Uotila
04.01.2007 15:41 <DIR> testi
-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Program Files\Common Files, C:\WINDOWS\temp
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\
04.01.2007 15:44 <DIR> Config.Msi
05.01.2007 08:53 <DIR> suspectfile
04.01.2007 13:05 <DIR> Documents and Settings
04.01.2007 15:44 <DIR> WINDOWS
04.01.2007 15:44 <DIR> Program Files
04.01.2007 12:02 0 gromozon_removal.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS
04.01.2007 15:44 <DIR> WBEM
05.01.2007 08:50 <DIR> temp
04.01.2007 15:44 <DIR> system32
05.01.2007 08:52 <DIR> Prefetch
03.01.2007 13:29 <DIR> Help
04.01.2007 15:41 <DIR> network diagnostic
21.11.2006 15:09 <DIR> msagent
03.01.2007 13:27 <DIR> Media
03.01.2007 13:23 11ÿ859 KB904942.log
03.01.2007 13:23 5ÿ640 KB914440.log
03.01.2007 13:24 6ÿ980 KB915865.log
20.11.2006 23:03 17ÿ414 KB920213.log
03.01.2007 13:27 1ÿ355 imsins.log
20.11.2006 23:03 31ÿ584 KB922760.log
03.01.2007 07:43 10ÿ795 KB923689.log
03.01.2007 07:43 11ÿ923 KB923694.log
20.11.2006 23:04 16ÿ159 KB923980.log
20.11.2006 23:04 15ÿ802 KB924270.log
03.01.2007 07:46 9ÿ141 KB925398.log
03.01.2007 07:46 33ÿ589 KB925454.log
03.01.2007 07:43 12ÿ115 KB926255.log
03.01.2007 13:27 44ÿ769 medctroc.Log
03.01.2007 13:25 1ÿ355 imsins.BAK
03.01.2007 13:27 774ÿ021 iis6.log
03.01.2007 13:28 25ÿ367 ie7_main.log
03.01.2007 13:27 47ÿ757 ie7.log
03.01.2007 13:27 32ÿ722 msgsocm.log
03.01.2007 13:27 214ÿ744 msmqinst.log
03.01.2007 13:25 7ÿ768 IDNMitigationAPIs.log
03.01.2007 13:27 110ÿ476 netfxocm.log
03.01.2007 13:24 7ÿ426 NLSDownlevelMapping.log
04.01.2007 15:51 1ÿ411ÿ686 ntbtlog.txt
03.01.2007 13:27 135ÿ039 ntdtcsetup.log
03.01.2007 13:27 324ÿ287 ocgen.log
03.01.2007 13:27 35ÿ869 ocmsn.log
04.01.2007 13:05 1ÿ859 OEWABLog.txt
03.01.2007 13:27 637ÿ985 FaxSetup.log
13.12.2006 18:02 1ÿ409 QTFont.for
04.01.2007 15:49 32ÿ634 SchedLgU.Txt
03.01.2007 13:27 222ÿ598 comsetup.log
03.01.2007 14:21 166ÿ052 setupact.log
03.01.2007 13:25 576ÿ401 setupapi.log
03.01.2007 07:53 741ÿ625 setuplog.txt
03.01.2007 13:30 38ÿ264 spupdsvc.log
08.11.2006 20:15 115 cdplayer.ini
03.01.2007 13:27 31ÿ539 tabletoc.log
03.01.2007 13:27 301ÿ558 tsoc.log
03.01.2007 13:27 55ÿ141 updspapi.log
05.01.2007 08:27 0 0.log
05.01.2007 08:27 159 wiadebug.log
05.01.2007 08:27 48 wiaservc.log
05.01.2007 08:48 1ÿ283ÿ208 WindowsUpdate.log
04.01.2007 13:05 72ÿ954 wmsetup.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS\system32
04.01.2007 15:40 <DIR> Restore
03.01.2007 13:27 <DIR> en-US
04.01.2007 15:41 <DIR> drivers
03.01.2007 13:27 <DIR> config
05.01.2007 08:30 <DIR> CatRoot2
03.01.2007 08:24 <DIR> appmgmt
07.11.2006 03:25 10ÿ240 advpack.dll.mui
07.11.2006 03:26 123ÿ904 advpack.dll
07.11.2006 21:03 131ÿ584 extmgr.dll
07.11.2006 03:26 54ÿ784 ie4uinit.exe
07.11.2006 03:26 152ÿ064 ieakeng.dll
07.11.2006 03:27 229ÿ376 ieaksie.dll
07.11.2006 03:25 161ÿ792 ieakui.dll
07.11.2006 03:27 382ÿ976 iedkcs32.dll
07.11.2006 21:03 6ÿ049ÿ280 ieframe.dll
07.11.2006 21:03 191ÿ488 iepeers.dll
07.11.2006 03:26 43ÿ008 iernonce.dll
07.11.2006 03:26 55ÿ296 iesetup.dll
07.11.2006 03:26 13ÿ312 ieudinit.exe
07.11.2006 21:03 180ÿ736 ieui.dll
07.11.2006 03:24 56ÿ483 ieuinit.inf
08.11.2006 07:06 679ÿ424 inetcomm.dll
07.11.2006 03:26 92ÿ672 inseng.dll
07.11.2006 21:03 27ÿ136 jsproxy.dll
12.12.2006 10:45 1ÿ474ÿ864 LegitCheckControl.DLL
08.12.2006 01:13 10ÿ716ÿ584 MRT.exe
07.11.2006 21:03 458ÿ752 msfeeds.dll
07.11.2006 21:03 50ÿ688 msfeedsbs.dll
07.11.2006 03:26 71ÿ680 admparse.dll
07.11.2006 21:03 3ÿ577ÿ856 mshtml.dll
07.11.2006 21:03 475ÿ648 mshtmled.dll
07.11.2006 21:03 156ÿ160 msls31.dll
07.11.2006 21:03 670ÿ720 mstime.dll
12.11.2006 19:16 1ÿ688 TRJ_NTAUTO.TMP
07.11.2006 21:03 1ÿ162ÿ240 urlmon.dll
07.11.2006 21:03 413ÿ696 vbscript.dll
07.11.2006 21:03 231ÿ424 webcheck.dll
07.11.2006 21:03 818ÿ688 wininet.dll
07.12.2006 07:29 2ÿ374ÿ472 wmvcore.dll
03.01.2007 13:25 2ÿ206 wpa.dbl
03.01.2007 08:32 0 ypsg.dll
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\Program Files\Common Files
03.01.2007 07:42 <DIR> System
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS\temp
05.01.2007 08:48 4ÿ790 MpSigStub.log
05.01.2007 08:48 3ÿ694 MpCmdRun.log
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
[Run]
-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------
[Windows]
"AppInit_DLLs"="\\?\C:\WINDOWS\system32\lpt6.waq"
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"DisplayName"=expand:"@iedkcs32.dll,-3051"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"DisplayName"=expand:"@iedkcs32.dll,-3014"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\NavLogon]
"DllName"="C:\WINDOWS\system32\NavLogon.dll"
"Logoff"="NavLogoffEvent"
"StartShell"="NavStartShellEvent"
[Winlogon\Notify\QConGina]
@Class="HKEY_LOCAL_MACHINE"
"DllName"="QConGina.dll"
"Logoff"="QConGinaWLEventLogoff"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\tphotkey]
@=""
"DllName"="tphklock.dll"
"Startup"="WLEventStartup"
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp"
"BuildNumber"=dword:00000a28
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
"TrackPointSrv"="tp4serv.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
"LTWinModem1"="ltmsg.exe 9"
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
"BLOG"="rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog"
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper"
"QCTRAY"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"
"QCWLICON"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"
"BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor"
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\""
"TkBellExe"="\"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe\" /startup"
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"vptray"="C:\Program Files\NavNT\vptray.exe"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------
[RunOnce]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------
[RunOnceEx]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------
[RunServices]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:000002ec
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="239650f4"
"Pattern"=hex:6c,b4,d2,8e,b9,10,7c,6f,92,40,70,a0,ee,d5,cd,50,32,33,39,36,35,\
30,66,34,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,18,e2,86,74
[Lsa\GBG]
@Class="18fb6b05"
"GrafBlumGroup"=hex:e2,cc,ea,56,3e,12,2a,07,57
[Lsa\JD]
@Class="0e4774b9"
"Lookup"=hex:c6,4f,67,d3,57,37
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="86e2d8c2"
"SkewMatrix"=hex:50,7f,78,97,13,a2,e3,3b,83,6a,7d,dc,8c,64,7b,f6
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:70,49,00,66,0c,0b,c6,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
[SharedAccess\Epoch]
"Epoch"=dword:000023dd
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe"="C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe:*:Disabled:DC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"
[SharedAccess\Security]
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-------------HKLM\Software\Microsoft\Ole-------------
[Ole]
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------
@="\"%1\" /S"
-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
@="Selaimen mukautukset"
"ComponentID"="BRANDING.CAB"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@="Windows Media Player"
"ComponentID"="WMPACCESS"
"StubPath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-21"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@C:\WINDOWS\system32\iedkcs32.dll,-3052"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\Microsoft Base Smart Card Crypto Provider Package]
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.5.0_06\bin\regutils.dll"
[Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
"ComponentID"="KB922770"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
@="Internet Explorerin Lueminut-tiedosto"
"ComponentID"="IEREADME"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
@="IEEX"
"ComponentID"="IEEX"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4CDAF616-D274-41F9-9478-64D5CCFADE80}]
@="Macromedia Shockwave Player"
"ComponentID"="CUSTOM1"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-20"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
"ComponentID"="M886903"
@="Microsoft .NET Framework 1.1 Hotfix (KB886903)"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"ComponentID"="KB917283"
[Installed Components\{C47D9DDA-83FF-4907-9056-DC7827271070}]
@="Macromedia FlashPlayer"
"ComponentID"="CUSTOM0"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
#### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx"
@="Macromedia Flash Player 8"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000FC0000000000000000000000000000004DF09D45010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 9181 (0x23DD)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 9178 (0x23DA)
Result compared: Different
-------------List of running services -------------
000) "ALG" - Application Layer Gateway Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
001) "AudioSrv" - Windows Audio
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
002) "AVG Anti-Spyware Guard" - AVG Anti-Spyware Guard
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
003) "BITS" - Background Intelligent Transfer Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
004) "CryptSvc" - Cryptographic Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
005) "DcomLaunch" - DCOM Server Process Launcher
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
006) "DefWatch" - DefWatch
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\defwatch.exe"
007) "Dhcp" - DHCP Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
008) "Dnscache" - DNS Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k NetworkService
009) "ERSvc" - Error Reporting Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
010) "Eventlog" - Event Log
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
011) "EventSystem" - COM+ Event System
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
012) "FastUserSwitchingCompatibility" - Fast User Switching Compatibility
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
013) "helpsvc" - Help and Support
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
014) "IBMPMSVC" - ThinkPad PM Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\ibmpmsvc.exe
015) "Irmon" - Infrared Monitor
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
016) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
017) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
018) "LmHosts" - TCP/IP NetBIOS Helper
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
019) "Netman" - Network Connections
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
020) "Nla" - Network Location Awareness (NLA)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
021) "Norton AntiVirus Server" - Norton AntiVirus Client
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\rtvscan.exe"
022) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
023) "PolicyAgent" - IPSEC Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\lsass.exe
024) "ProtectedStorage" - Protected Storage
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
025) "QCONSVC" - QCONSVC
---> STAT = (RUNNING) Started automatically
---> FILE = System32\QCONSVC.EXE
026) "RasMan" - Remote Access Connection Manager
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
027) "RemoteRegistry" - Remote Registry
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
028) "RpcSs" - Remote Procedure Call (RPC)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
029) "SamSs" - Security Accounts Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
030) "Schedule" - Task Scheduler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
031) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
032) "SENS" - System Event Notification
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
033) "SharedAccess" - Windows Firewall/Internet Connection Sharing (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
034) "ShellHWDetection" - Shell Hardware Detection
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
035) "Spooler" - Print Spooler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
036) "srservice" - System Restore Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
037) "SSDPSRV" - SSDP Discovery Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
038) "stisvc" - Windows Image Acquisition (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k imgsvc
039) "TapiSrv" - Telephony
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
040) "TermService" - Terminal Services
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
041) "Themes" - Themes
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
042) "TpKmpSVC" - IBM KCU Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\TpKmpSVC.exe
043) "TrkWks" - Distributed Link Tracking Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
044) "UMWdf" - Windows User Mode Driver Framework
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\wdfmgr.exe
045) "W32Time" - Windows Time
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
046) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
047) "WinDefend" - Windows Defender
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\Windows Defender\MsMpEng.exe"
048) "winmgmt" - Windows Management Instrumentation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
049) "wscsvc" - Security Center
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
050) "wuauserv" - Automatic Updates
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
051) "WZCSVC" - Wireless Zero Configuration
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
..:: BOOT REGISTRY ::..
0) "TrackPointSrv"
---> CMD = tp4serv.exe
---> FILE = C:\WINDOWS\System32\tp4serv.exe
1) "SunJavaUpdateSched"
---> CMD = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
2) "LTWinModem1"
---> CMD = ltmsg.exe 9
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\ltmsg.exe 9
3) "PRONoMgr.exe"
---> CMD = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
---> FILE = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
4) "TPHOTKEY"
---> CMD = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
5) "TP4EX"
---> CMD = tp4ex.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\tp4ex.exe
6) "EZEJMNAP"
---> CMD = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
---> FILE = C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
7) "BLOG"
---> CMD = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
---> FILE = (NOT EXISTS)
8) "TPKMAPHELPER"
---> CMD = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
---> FILE = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
9) "QCTRAY"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
10) "QCWLICON"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
11) "BMMGAG"
---> CMD = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
---> FILE = (NOT EXISTS)
12) "BMMLREF"
---> CMD = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
---> FILE = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
13) "NeroFilterCheck"
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe
14) "RemoteControl"
---> CMD = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
---> FILE = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
15) "TkBellExe"
---> CMD = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
---> FILE = (NOT EXISTS)
16) "QuickTime Task"
---> CMD = "C:\Program Files\QuickTime\qttask.exe" -atboottime
---> FILE = (NOT EXISTS)
17) "Google Desktop Search"
---> CMD = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
---> FILE = (NOT EXISTS)
18) "Windows Defender"
---> CMD = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
---> FILE = (NOT EXISTS)
19) "vptray"
---> CMD = C:\Program Files\NavNT\vptray.exe
---> FILE = C:\Program Files\NavNT\vptray.exe
-------------List of NOT running services -------------
000) "Alerter" - Alerter
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
001) "AppMgmt" - Application Management
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
002) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
003) "Browser" - Computer Browser
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
004) "cisvc" - Indexing Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\cisvc.exe
005) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe
006) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
007) "COMSysApp" - COM+ System Application
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
008) "dmadmin" - Logical Disk Manager Administrative Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
009) "dmserver" - Logical Disk Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
010) "HidServ" - Human Interface Device Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
011) "HTTPFilter" - HTTP SSL
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
012) "IDriverT" - InstallDriver Table Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
013) "ImapiService" - IMAPI CD-Burning COM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\imapi.exe
014) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
015) "mnmsrvc" - NetMeeting Remote Desktop Sharing
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\mnmsrvc.exe
016) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msdtc.exe
017) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V
018) "NetDDE" - Network DDE
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
019) "NetDDEdsdm" - Network DDE DSDM
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
020) "Netlogon" - Net Logon
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe
021) "NetSvc" - Intel NCS NetService
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Intel\NCS\Sync\NetSvc.exe
022) "NtLmSsp" - NT LM Security Support Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe
023) "NtmsSvc" - Removable Storage
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
024) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
025) "RasAuto" - Remote Access Auto Connection Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
026) "RDSessMgr" - Remote Desktop Help Session Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
027) "RemoteAccess" - Routing and Remote Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
028) "RpcLocator" - Remote Procedure Call (RPC) Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\locator.exe
029) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\rsvp.exe
030) "SCardSvr" - Smart Card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
031) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754}
032) "SysmonLog" - Performance Logs and Alerts
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
033) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\tlntsvr.exe
034) "upnphost" - Universal Plug and Play Device Host
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
035) "UPS" - Uninterruptible Power Supply
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
036) "VSS" - Volume Shadow Copy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
037) "WMConnectCDS" - Windows Media Connect Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Windows Media Connect 2\wmccds.exe
038) "WmdmPmSN" - Portable Media Serial Number Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
039) "Wmi" - Windows Management Instrumentation Driver Extensions
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
040) "WmiApSrv" - WMI Performance Adapter
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\wbem\wmiapsrv.exe
041) "xmlprov" - Network Provisioning Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
-------------List of running device driver services -------------
000) "ACPI" - Microsoft ACPI Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPI.sys
001) "ACPIEC" - Microsoft Embedded Controller Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPIEC.sys
002) "AFD" - AFD Networking Support Environment
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
003) "agp440" - Intel AGP Bus Filter
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\agp440.sys
004) "ANC" - ANC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\ANC.SYS
005) "atapi" - Standard IDE/ESDI Hard Disk Controller
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\atapi.sys
006) "audstub" - Audio Stub Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys
007) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
008) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys
009) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function
010) "BUFADPT" - BUFADPT
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\WINDOWS\system32\BUFADPT.SYS
011) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled
012) "Cdrom" - CD-ROM Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys
013) "CmBatt" - Microsoft AC Adapter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\CmBatt.sys
014) "Compbatt" - Microsoft Composite Battery Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\compbatt.sys
015) "cs429x" - Crystal WDM Audio Codec Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\cwawdm.sys
016) "Disk" - Disk Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\disk.sys
017) "E100B" - Intel(R) PRO Network Connection Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\e100b325.sys
018) "Fastfat" - Fastfat
---> STAT = (RUNNING) Disabled
019) "Fdc" - Floppy Disk Controller Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys
020) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function
021) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\drivers\fltmgr.sys
022) "Ftdisk" - Volume Manager Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ftdisk.sys
023) "Gpc" - Generic Packet Classifier
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys
024) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
025) "i8042prt" - i8042 Keyboard and PS/2 Mouse Port Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\i8042prt.sys
026) "IBMPMDRV" - IBMPMDRV
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ibmpmdrv.sys
027) "IBMTPCHK" - IBMTPCHK
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\IBMBLDID.SYS
028) "Imapi" - CD-Burning Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys
029) "IntelIde" - IntelIde
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\intelide.sys
030) "IpNat" - IP Network Address Translator
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys
031) "IPSec" - IPSEC driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys
032) "irda" - IrDA Protocol
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys
033) "IRENUM" - IR Enumerator Service
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys
034) "isapnp" - PnP ISA/EISA Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\isapnp.sys
035) "Kbdclass" - Keyboard Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys
036) "kmixer" - Microsoft Kernel Wave Audio Mixer
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
037) "KSecDD" - KSecDD
---> STAT = (RUNNING) Started by operating system loader
038) "ltmodem5" - Lucent Modem Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ltmdmxp.sys
039) "mnmdd" - mnmdd
---> STAT = (RUNNING) Started by "IoInitSystem" function
040) "Modem" - Modem
---> STAT = (RUNNING) Started manually
041) "Mouclass" - Mouse Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys
042) "MountMgr" - Mount Point Manager
---> STAT = (RUNNING) Started by operating system loader
043) "MRxDAV" - WebDav Client Redirector
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys
044) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys
045) "Msfs" - Msfs
---> STAT = (RUNNING) Started by "IoInitSystem" function
046) "mssmbios" - Microsoft System Management BIOS Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys
047) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
048) "NAVAP" - NAVAP
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\NavNT\NAVAP.sys
049) "NAVAPEL" - NAVAPEL
---> STAT = (RUNNING) Started automatically
---> FILE = \??\C:\Program Files\NavNT\NAVAPEL.SYS
050) "NAVENG" - NAVENG
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.sys
051) "NAVEX15" - NAVEX15
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.sys
052) "NDIS" - NDIS System Driver
---> STAT = (RUNNING) Started by operating system loader
053) "NdisTapi" - Remote Access NDIS TAPI Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys
054) "Ndisuio" - NDIS Usermode I/O Protocol
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys
055) "NdisWan" - Remote Access NDIS WAN Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys
056) "NDProxy" - NDIS Proxy
---> STAT = (RUNNING) Started manually
057) "NetBIOS" - NetBIOS Interface
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys
058) "NetBT" - NetBios over Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
059) "Npfs" - Npfs
---> STAT = (RUNNING) Started by "IoInitSystem" function
060) "NSCIRDA" - NSC Infrared Device Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nscirda.sys
061) "Ntfs" - Ntfs
---> STAT = (RUNNING) Disabled
062) "Null" - Null
---> STAT = (RUNNING) Started by "IoInitSystem" function
063) "P3" - Intel PentiumIII Processor Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\p3.sys
064) "Parport" - Parallel port driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys
065) "PartMgr" - Partition Manager
---> STAT = (RUNNING) Started by operating system loader
066) "ParVdm" - ParVdm
---> STAT = (RUNNING) Started automatically
067) "PCI" - PCI Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pci.sys
068) "Pcmcia" - Pcmcia
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pcmcia.sys
069) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspptp.sys
070) "PSched" - QoS Packet Scheduler
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\psched.sys
071) "Ptilink" - Direct Parallel Link Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ptilink.sys
072) "PxHelp20" - PxHelp20
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\Drivers\PxHelp20.sys
073) "RasAcd" - Remote Access Auto Connection Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rasacd.sys
074) "Rasirda" - WAN Miniport (IrDA)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasirda.sys
075) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasl2tp.sys
076) "RasPppoe" - Remote Access PPPOE Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspppoe.sys
077) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspti.sys
078) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rdbss.sys
079) "RDPCDD" - RDPCDD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
080) "rdpdr" - Terminal Server Device Redirector Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rdpdr.sys
081) "redbook" - Digital CD Audio Playback Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\redbook.sys
082) "S3SSavage" - S3SSavage
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\s3ssavm.sys
083) "serenum" - Serenum Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\serenum.sys
084) "Serial" - Serial port driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\serial.sys
085) "Smapint" - Smapint
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Smapint.sys
086) "sr" - System Restore Filter Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\sr.sys
087) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv.sys
088) "swenum" - Software Bus Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\swenum.sys
089) "SymEvent" - SymEvent
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\Symantec\SYMEVENT.SYS
090) "sysaudio" - Microsoft Kernel System Audio Device
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
091) "Tcpip" - TCP/IP Protocol Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\tcpip.sys
092) "TDSMAPI" - TDSMAPI
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TDSMAPI.SYS
093) "TermDD" - Terminal Device Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\termdd.sys
094) "Tp4Track" - PS/2 TrackPoint Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\tp4track.sys
095) "TPHKDRV" - TPHKDRV
---> STAT = (RUNNING) Started by "IoInitSystem" function
096) "TPPWR" - TPPWR
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Tppwr.sys
097) "TSMAPIP" - TSMAPIP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TSMAPIP.SYS
098) "Update" - Microcode Update Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\update.sys
099) "usbhub" - USB2 Enabled Hub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbhub.sys
100) "USBSTOR" - USB Mass Storage Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
101) "usbuhci" - Microsoft USB Universal Host Controller Miniport Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbuhci.sys
102) "VgaSave" - VGA Display Controller.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
103) "VolSnap" - VolSnap
---> STAT = (RUNNING) Started by operating system loader
104) "Wanarp" - Remote Access IP ARP Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\wanarp.sys
105) "wdmaud" - Microsoft WINMM WDM Audio Compatibility Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
-------------List of NOT running device driver services -------------
000) "abp480n5" - abp480n5
---> STAT = (NOT RUNNING) Disabled
001) "ac97intc" - Intel(r) 82801 Audio Driver Install Service (WDM)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ac97intc.sys
002) "adpu160m" - adpu160m
---> STAT = (NOT RUNNING) Disabled
003) "aec" - Microsoft Kernel Acoustic Echo Canceller
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
004) "Aha154x" - Aha154x
---> STAT = (NOT RUNNING) Disabled
005) "aic78u2" - aic78u2
---> STAT = (NOT RUNNING) Disabled
006) "aic78xx" - aic78xx
---> STAT = (NOT RUNNING) Disabled
007) "AliIde" - AliIde
---> STAT = (NOT RUNNING) Disabled
008) "amsint" - amsint
---> STAT = (NOT RUNNING) Disabled
009) "asc" - asc
---> STAT = (NOT RUNNING) Disabled
010) "asc3350p" - asc3350p
---> STAT = (NOT RUNNING) Disabled
011) "asc3550" - asc3550
---> STAT = (NOT RUNNING) Disabled
012) "AsyncMac" - RAS Asynchronous Media Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys
013) "Atdisk" - Atdisk
---> STAT = (NOT RUNNING) Disabled
014) "Atmarpc" - ATM ARP Client Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys
015) "BFAIFILT" - BFAIFILT
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\bfaifilt.sys
016) "cbidf2k" - cbidf2k
---> STAT = (NOT RUNNING) Disabled
017) "cd20xrnt" - cd20xrnt
---> STAT = (NOT RUNNING) Disabled
018) "Cdaudio" - Cdaudio
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
019) "Changer" - Changer
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
020) "CmdIde" - CmdIde
---> STAT = (NOT RUNNING) Disabled
021) "Cpqarray" - Cpqarray
---> STAT = (NOT RUNNING) Disabled
022) "dac960nt" - dac960nt
---> STAT = (NOT RUNNING) Disabled
023) "dmboot" - dmboot
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
024) "dmio" - dmio
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmio.sys
025) "dmload" - dmload
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmload.sys
026) "DMusic" - Microsoft Kernel DLS Syntheiszer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
027) "dpti2o" - dpti2o
---> STAT = (NOT RUNNING) Disabled
028) "drmkaud" - Microsoft Kernel DRM Audio Descrambler
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
029) "Flpydisk" - Floppy Disk Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys
030) "HidUsb" - Microsoft HID Class Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys
031) "hpn" - hpn
---> STAT = (NOT RUNNING) Disabled
032) "hpt3xx" - hpt3xx
---> STAT = (NOT RUNNING) Disabled
033) "i2omgmt" - i2omgmt
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
034) "i2omp" - i2omp
---> STAT = (NOT RUNNING) Disabled
035) "ini910u" - ini910u
---> STAT = (NOT RUNNING) Disabled
036) "ip6fw" - IPv6 Windows Firewall Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
037) "IpFilterDriver" - IP Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys
038) "IpInIp" - IP in IP Tunnel Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys
039) "kbdhid" - Keyboard HID Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdhid.sys
040) "lbrtfdc" - lbrtfdc
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
041) "mouhid" - Mouse HID Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys
042) "mraid35x" - mraid35x
---> STAT = (NOT RUNNING) Disabled
043) "MSKSSRV" - Microsoft Streaming Service Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
044) "MSPCLOCK" - Microsoft Streaming Clock Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
045) "MSPQM" - Microsoft Streaming Quality Manager Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
046) "NAL" - Nal Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \??\C:\WINDOWS\system32\Drivers\iqvw32.sys
047) "NwlnkFlt" - IPX Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys
048) "NwlnkFwd" - IPX Traffic Forwarder Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys
049) "PCIDump" - PCIDump
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
050) "PCIIde" - PCIIde
---> STAT = (NOT RUNNING) Disabled
051) "PDCOMP" - PDCOMP
---> STAT = (NOT RUNNING) Started manually
052) "PDFRAME" - PDFRAME
---> STAT = (NOT RUNNING) Started manually
053) "PDRELI" - PDRELI
---> STAT = (NOT RUNNING) Started manually
054) "PDRFRAME" - PDRFRAME
---> STAT = (NOT RUNNING) Started manually
055) "perc2" - perc2
---> STAT = (NOT RUNNING) Disabled
056) "perc2hib" - perc2hib
---> STAT = (NOT RUNNING) Disabled
057) "Processor" - Processor Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\processr.sys
058) "QCNDISIF" - QCNDISIF
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\drivers\qcndisif.SYS
059) "ql1080" - ql1080
---> STAT = (NOT RUNNING) Disabled
060) "Ql10wnt" - Ql10wnt
---> STAT = (NOT RUNNING) Disabled
061) "ql12160" - ql12160
---> STAT = (NOT RUNNING) Disabled
062) "ql1240" - ql1240
---> STAT = (NOT RUNNING) Disabled
063) "ql1280" - ql1280
---> STAT = (NOT RUNNING) Disabled
064) "RDPWD" - RDPWD
---> STAT = (NOT RUNNING) Started manually
065) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\secdrv.sys
066) "Sfloppy" - Sfloppy
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
067) "Simbad" - Simbad
---> STAT = (NOT RUNNING) Disabled
068) "Sparrow" - Sparrow
---> STAT = (NOT RUNNING) Disabled
069) "splitter" - Microsoft Kernel Audio Splitter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
070) "swmidi" - Microsoft Kernel GS Wavetable Synthesizer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
071) "symc810" - symc810
---> STAT = (NOT RUNNING) Disabled
072) "symc8xx" - symc8xx
---> STAT = (NOT RUNNING) Disabled
073) "sym_hi" - sym_hi
---> STAT = (NOT RUNNING) Disabled
074) "sym_u3" - sym_u3
---> STAT = (NOT RUNNING) Disabled
075) "TDPIPE" - TDPIPE
---> STAT = (NOT RUNNING) Started manually
076) "TDTCP" - TDTCP
---> STAT = (NOT RUNNING) Started manually
077) "TosIde" - TosIde
---> STAT = (NOT RUNNING) Disabled
078) "TwoTrack" - IBM PS/2 TrackPoint Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\TwoTrack.sys
079) "u2kg54" - BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\rt2500usb.sys
080) "Udfs" - Udfs
---> STAT = (NOT RUNNING) Disabled
081) "ultra" - ultra
---> STAT = (NOT RUNNING) Disabled
082) "usbscan" - USB Scanner Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
083) "ViaIde" - ViaIde
---> STAT = (NOT RUNNING) Disabled
084) "WDICA" - WDICA
---> STAT = (NOT RUNNING) Started manually
085) "WS2IFSL" - Windows Socket 2.0 Non-IFS Service Provider Support Environment
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys
-------------Svchost Instances-------------
### LocalService:
Alerter
C:\WINDOWS\system32\alrsvc.dll
WebClient
C:\WINDOWS\System32\webclnt.dll
LmHosts
C:\WINDOWS\System32\lmhsvc.dll
RemoteRegistry
C:\WINDOWS\system32\regsvc.dll
upnphost
C:\WINDOWS\System32\upnphost.dll
SSDPSRV
C:\WINDOWS\System32\ssdpsrv.dll
### NetworkService:
DnsCache
C:\WINDOWS\System32\dnsrslvr.dll
### netsvcs:
6to4
No File Listed
AppMgmt
C:\WINDOWS\System32\appmgmts.dll
AudioSrv
C:\WINDOWS\System32\audiosrv.dll
Browser
C:\WINDOWS\System32\browser.dll
CryptSvc
C:\WINDOWS\System32\cryptsvc.dll
DMServer
C:\WINDOWS\System32\dmserver.dll
DHCP
C:\WINDOWS\System32\dhcpcsvc.dll
ERSvc
C:\WINDOWS\System32\ersvc.dll
EventSystem
C:\WINDOWS\System32\es.dll
FastUserSwitchingCompatibility
HidServ
C:\WINDOWS\System32\hidserv.dll
No File Listed
Iprip
No File Listed
Irmon
C:\WINDOWS\System32\irmon.dll
LanmanServer
C:\WINDOWS\System32\srvsvc.dll
LanmanWorkstation
C:\WINDOWS\System32\wkssvc.dll
Messenger
C:\WINDOWS\System32\msgsvc.dll
Netman
C:\WINDOWS\System32\netman.dll
C:\WINDOWS\System32\mswsock.dll
Ntmssvc
C:\WINDOWS\system32\ntmssvc.dll
NWCWorkstation
No File Listed
Nwsapagent
No File Listed
Rasauto
C:\WINDOWS\System32\rasauto.dll
Rasman
C:\WINDOWS\System32\rasmans.dll
Remoteaccess
C:\WINDOWS\System32\mprdim.dll
Schedule
C:\WINDOWS\system32\schedsvc.dll
Seclogon
C:\WINDOWS\System32\seclogon.dll
C:\WINDOWS\system32\sens.dll
Sharedaccess
C:\WINDOWS\System32\ipnathlp.dll
SRService
C:\WINDOWS\System32\srsvc.dll
Tapisrv
C:\WINDOWS\System32\tapisrv.dll
Themes
TrkWks
C:\WINDOWS\system32\trkwks.dll
W32Time
C:\WINDOWS\System32\w32time.dll
WZCSVC
C:\WINDOWS\System32\wzcsvc.dll
WmdmPmSp
No File Listed
winmgmt
C:\WINDOWS\system32\wbem\WMIsvc.dll
TermService
C:\WINDOWS\System32\termsrv.dll
wuauserv
C:\WINDOWS\system32\wuauserv.dll
BITS
C:\WINDOWS\System32\qmgr.dll
ShellHWDetection
helpsvc
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
xmlprov
C:\WINDOWS\System32\xmlprov.dll
wscsvc
C:\WINDOWS\system32\wscsvc.dll
WmdmPmSN
C:\WINDOWS\system32\MsPMSNSv.dll
### rpcss:
RpcSs
C:\WINDOWS\system32\rpcss.dll
### imgsvc:
StiSvc
C:\WINDOWS\system32\wiaservc.dll
### termsvcs:
TermService
C:\WINDOWS\System32\termsrv.dll
### HTTPFilter:
HTTPFilter
C:\WINDOWS\System32\w3ssl.dll
### DcomLaunch:
DcomLaunch
C:\WINDOWS\system32\rpcss.dll
TermService
C:\WINDOWS\System32\termsrv.dll
-------------loaded Dlls -------------
NOTE: already known legit dlls are not shown
------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
smss.exe pid: 600
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
------------------------------------------------------------------------------
csrss.exe pid: 664
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75b40000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75b50000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75b60000 0x4a000 5.01.2600.2751 C:\WINDOWS\system32\winsrv.dll
------------------------------------------------------------------------------
winlogon.exe pid: 688
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x6000 C:\WINDOWS\system32\tphklock.dll
0x00fa0000 0xc000 C:\WINDOWS\system32\NavLogon.dll
------------------------------------------------------------------------------
services.exe pid: 736
Command line: C:\WINDOWS\system32\services.exe
Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x758e0000 0x50000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dba0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b70000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll
------------------------------------------------------------------------------
lsass.exe pid: 748
Command line: C:\WINDOWS\system32\lsass.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x75730000 0xb4000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x74440000 0x6a000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x744b0000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x767c0000 0x2c000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x74380000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll
0x74410000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x743e0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x75d90000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x743a0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x743c0000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
------------------------------------------------------------------------------
ibmpmsvc.exe pid: 912
Command line: C:\WINDOWS\system32\ibmpmsvc.exe
Base Size Version Path
0x00400000 0x13000 1.33.0000.0000 C:\WINDOWS\system32\ibmpmsvc.exe
------------------------------------------------------------------------------
svchost.exe pid: 936
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x760f0000 0x53000 5.01.2600.2180 c:\windows\system32\termsrv.dll
0x74f70000 0x6000 5.01.2600.2180 c:\windows\system32\ICAAPI.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x75110000 0x1f000 5.01.2600.2180 c:\windows\system32\mstlsapi.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
------------------------------------------------------------------------------
svchost.exe pid: 1044
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
------------------------------------------------------------------------------
MsMpEng.exe pid: 1144
Command line: "C:\Program Files\Windows Defender\MsMpEng.exe"
Base Size Version Path
0x01000000 0x4000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpEng.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x5c800000 0x44000 1.01.1593.0000 C:\Program Files\Windows Defender\MpSvc.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5e800000 0xf000 1.01.1593.0000 C:\Program Files\Windows Defender\mprtplug.dll
0x01820000 0x2b5000 1.01.1904.0000 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E7367181-3162-4AAE-B5CE-F24FF61F0F9A}\mpengine.dll
------------------------------------------------------------------------------
svchost.exe pid: 1188
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76d80000 0x1e000 5.01.2600.2912 c:\windows\system32\dhcpcsvc.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x77620000 0x6e000 5.01.2600.2180 c:\windows\system32\wzcsvc.dll
0x76d30000 0x4000 5.01.2600.2180 c:\windows\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 c:\windows\system32\ESENT.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x65f40000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll
0x76b70000 0x1f000 5.01.2600.2180 C:\WINDOWS\System32\rastls.dll
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00fc0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\System32\TAPI32.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\System32\SCHANNEL.dll
0x58d30000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll
0x76bd0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\raschap.dll
0x77300000 0x32000 5.01.2600.2180 c:\windows\system32\schedsvc.dll
0x767a0000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x74f50000 0x5000 6.00.2900.2180 C:\WINDOWS\System32\MSIDLE.DLL
0x708b0000 0xd000 5.01.2600.2180 c:\windows\system32\audiosrv.dll
0x76e40000 0x23000 5.01.2600.2976 c:\windows\system32\wkssvc.dll
0x5b9f0000 0x64000 6.06.2600.2180 c:\windows\system32\qmgr.dll
0x76780000 0x9000 6.00.2900.2180 c:\windows\system32\SHFOLDER.dll
0x4d4f0000 0x58000 5.01.2600.2180 c:\windows\system32\WINHTTP.dll
0x76ce0000 0x12000 5.01.2600.2180 c:\windows\system32\cryptsvc.dll
0x77b90000 0x32000 5.01.2600.2180 c:\windows\system32\certcli.dll
0x74f80000 0x9000 5.01.2600.2180 c:\windows\system32\ersvc.dll
0x77710000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x74f40000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x75090000 0x1a000 5.01.2600.2577 c:\windows\system32\srvsvc.dll
0x77d00000 0x33000 5.01.2600.2743 c:\windows\system32\netman.dll
0x76400000 0x1a6000 5.01.2600.2180 c:\windows\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 c:\windows\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 c:\windows\system32\WZCSAPI.DLL
0x73d20000 0x8000 5.01.2600.2180 c:\windows\system32\seclogon.dll
0x722d0000 0xd000 5.01.2600.2180 c:\windows\system32\sens.dll
0x751a0000 0x2e000 5.01.2600.2180 c:\windows\system32\srsvc.dll
0x74ad0000 0x8000 6.00.2900.2180 c:\windows\system32\POWRPROF.dll
0x75070000 0x19000 5.01.2600.2180 c:\windows\system32\trkwks.dll
0x767c0000 0x2c000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x59490000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x753e0000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x65000000 0x2e000 7.00.5730.0011 C:\WINDOWS\System32\ADVPACK.dll
0x75150000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x600a0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x76da0000 0x15000 5.01.2600.2180 c:\windows\system32\browser.dll
0x66460000 0x55000 5.01.2600.2180 c:\windows\system32\ipnathlp.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x4c0a0000 0x17000 5.01.2600.2180 c:\windows\system32\wscsvc.dll
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76620000 0x13c000 2001.12.4414.0308 C:\WINDOWS\system32\comsvcs.dll
0x75130000 0x14000 2001.12.4414.0308 C:\WINDOWS\system32\colbact.DLL
0x750f0000 0x13000 2001.12.4414.0311 C:\WINDOWS\system32\MTXCLU.DLL
0x76d10000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\CLUSAPI.DLL
0x750b0000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\RESUTILS.DLL
0x762c0000 0x85000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\esscli.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\FastProx.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75200000 0x2e000 5.01.2600.2180 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x597f0000 0x6d000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x75390000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemess.dll
0x5f740000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\ncprov.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
0x755f0000 0x9a000 5.01.2600.2180 C:\WINDOWS\System32\netcfgx.dll
0x76de0000 0x23000 5.01.2600.2180 C:\WINDOWS\System32\upnp.dll
0x74f00000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\SSDPAPI.dll
0x7df30000 0x31000 5.01.2600.2936 C:\WINDOWS\System32\rasmans.dll
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x733e0000 0x40000 5.01.2600.2716 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\rastapi.dll
0x57cc0000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x72000000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\uniplat.dll
0x5b070000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x57d40000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x57d20000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x57d50000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x57d70000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x57d60000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x688f0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\HID.DLL
0x72240000 0x35000 5.01.2600.2180 C:\WINDOWS\System32\rasppp.dll
0x724b0000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\ntlsapi.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\System32\RASDLG.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\System32\dssenh.dll
0x6fb10000 0x9e000 2001.12.4414.0308 C:\WINDOWS\System32\catsrvut.dll
0x6fbd0000 0x3d000 2001.12.4414.0308 C:\WINDOWS\System32\catsrv.dll
0x61990000 0x9000 2001.12.4414.0258 C:\WINDOWS\System32\MfcSubs.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\sensapi.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1284
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76770000 0xd000 5.01.2600.2180 c:\windows\system32\dnsrslvr.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
svchost.exe pid: 1476
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74c40000 0x6000 5.01.2600.2180 c:\windows\system32\lmhsvc.dll
0x5a6e0000 0x15000 5.01.2600.2821 c:\windows\system32\webclnt.dll
0x00750000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76af0000 0x12000 5.01.2600.2180 c:\windows\system32\regsvc.dll
0x765e0000 0x14000 5.01.2600.2180 c:\windows\system32\ssdpsrv.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\System32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
------------------------------------------------------------------------------
spoolsv.exe pid: 1664
Command line: C:\WINDOWS\system32\spoolsv.exe
Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x75bb0000 0x56000 5.01.2600.2180 C:\WINDOWS\system32\localspl.dll
0x742a0000 0xe000 0.03.0000.0000 C:\WINDOWS\system32\cnbjmon.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x009e0000 0x8000 0.03.1897.0000 C:\WINDOWS\system32\mdimon.dll
0x00ec0000 0x8000 0.03.1897.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x75c10000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\win32spl.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\NETRAP.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x74300000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\inetpp.dll
------------------------------------------------------------------------------
guard.exe pid: 1944
Command line: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
Base Size Version Path
0x00400000 0x34000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
0x10000000 0xdd000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
0x76780000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
defwatch.exe pid: 1968
Command line: "C:\Program Files\NavNT\defwatch.exe"
Base Size Version Path
0x00400000 0x8000 7.60.0000.0926 C:\Program Files\NavNT\defwatch.exe
------------------------------------------------------------------------------
rtvscan.exe pid: 2024
Command line: "C:\Program Files\NavNT\rtvscan.exe"
Base Size Version Path
0x00400000 0x7a000 7.60.0000.0926 C:\Program Files\NavNT\rtvscan.exe
0x10000000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2.dll
0x00330000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ARJ.dll
0x00340000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ID.dll
0x00350000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LHA.dll
0x00360000 0x10000 2.50.0031.0052 C:\Program Files\NavNT\SymLHA.dll
0x00370000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LZ.dll
0x00380000 0x11000 2.50.0031.0052 C:\Program Files\NavNT\Dec2MIME.dll
0x003a0000 0x29000 2.50.0031.0052 C:\Program Files\NavNT\Dec2Zip.dll
0x003d0000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2AMG.dll
0x003e0000 0x1b000 2.50.0031.0052 C:\Program Files\NavNT\SYMAMG32.DLL
0x00480000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2UUE.dll
0x00490000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2SS.dll
0x004a0000 0xd000 2.50.0031.0052 C:\Program Files\NavNT\Dec2RTF.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x004b0000 0x10000 7.60.0000.0926 C:\Program Files\NavNT\NAVLU.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x01570000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x019a0000 0x42000 7.60.0000.0926 C:\Program Files\NavNT\i2ldvp3.dll
0x01a00000 0x31000 4.01.0000.0015 C:\Program Files\NavNT\NAVAPI32.DLL
0x69100000 0xd6000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX32a.DLL
0x692c0000 0x1e000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG32.DLL
0x01a70000 0xe000 5.03.0001.0039 C:\Program Files\NavNT\NAVAP32.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x50070000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\amslib.dll
0x01ac0000 0x18000 3.00.0000.0002 C:\WINDOWS\system32\loc32vc0.dll
0x03770000 0x2c000 7.60.0000.0926 C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\scandlgs.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
------------------------------------------------------------------------------
QCONSVC.EXE pid: 268
Command line: System32\QCONSVC.EXE
Base Size Version Path
0x00400000 0x15000 3.08.0001.0000 C:\WINDOWS\System32\QCONSVC.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
svchost.exe pid: 508
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75aa0000 0x55000 5.01.2600.2180 c:\windows\system32\wiaservc.dll
0x74ae0000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll
0x73b30000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
TpKmpSvc.exe pid: 636
Command line: C:\WINDOWS\system32\TpKmpSVC.exe
Base Size Version Path
0x00400000 0xa000 C:\WINDOWS\system32\TpKmpSVC.exe
------------------------------------------------------------------------------
wdfmgr.exe pid: 1136
Command line: C:\WINDOWS\system32\wdfmgr.exe
Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe
------------------------------------------------------------------------------
explorer.exe pid: 1784
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ba60000 0x71000 6.00.2900.2180 C:\WINDOWS\System32\themeui.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\MSIMG32.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\System32\msutb.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\System32\MSCTF.dll
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x74af0000 0xa000 6.00.2900.2180 C:\WINDOWS\System32\BatMeter.dll
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\System32\POWRPROF.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\NETSHELL.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x021c0000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x10000000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x021f0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x5af60000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\usbui.dll
0x01b10000 0x12000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x01af0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x6c1b0000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x00d00000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00d30000 0xa000 7.60.0000.0926 C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
0x00d90000 0x20000 7.05.0000.0049 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x73380000 0x57000 6.00.2900.2180 C:\WINDOWS\System32\zipfldr.dll
------------------------------------------------------------------------------
alg.exe pid: 2072
Command line: C:\WINDOWS\System32\alg.exe
Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
MSGSYS.EXE pid: 2148
Command line: MsgSys.EXE
Base Size Version Path
0x00400000 0x6000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.EXE
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
------------------------------------------------------------------------------
tp4serv.exe pid: 2520
Command line: "C:\WINDOWS\system32\tp4serv.exe"
Base Size Version Path
0x00400000 0x1b000 3.55.0000.0000 C:\WINDOWS\system32\tp4serv.exe
0x008b0000 0x1e000 C:\WINDOWS\system32\tp4uires.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
jusched.exe pid: 2532
Command line: "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
Base Size Version Path
0x00400000 0x9000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
ltmsg.exe pid: 2592
Command line: "C:\WINDOWS\system32\ltmsg.exe" 9
Base Size Version Path
0x00400000 0xf000 3.00.0000.0002 C:\WINDOWS\system32\ltmsg.exe
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
PRONoMgr.exe pid: 2652
Command line: "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
Base Size Version Path
0x00400000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\ENUPGUIR.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00d50000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\PNC802_3.dll
0x00d80000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\ENUPCMRs.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TPHKMGR.exe pid: 2664
Command line: "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
Base Size Version Path
0x00400000 0x19000 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0xd000 1.00.0000.0004 C:\WINDOWS\system32\Oemdspif.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
EZEJMNAP.EXE pid: 2784
Command line: "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
Base Size Version Path
0x00400000 0x3e000 1.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x10000000 0xe000 C:\PROGRA~1\ThinkPad\UTILIT~1\US\EzMApRes.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TPONSCR.exe pid: 2804
Command line: "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe"
Base Size Version Path
0x00400000 0x15000 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
QCTRAY.EXE pid: 2888
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"
Base Size Version Path
0x00400000 0xcf000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00240000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00250000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x05050000 0x11000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\TrayRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x081a0000 0x18000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANCA.dll
0x081c0000 0xf000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANC.dll
------------------------------------------------------------------------------
QCWLICON.EXE pid: 2916
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"
Base Size Version Path
0x00400000 0x17000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00340000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x00a00000 0x7000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\IconRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
rundll32.exe pid: 2924
Command line: "C:\WINDOWS\system32\RunDll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
Base Size Version Path
0x01000000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\RunDll32.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\powrprof.dll
0x00a00000 0x26000 4.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
PDVDServ.exe pid: 2996
Command line: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Base Size Version Path
0x00400000 0x8000 6.00.0000.1027 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0xa000 3.02.0000.2021 C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
qttask.exe pid: 3036
Command line: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Base Size Version Path
0x00400000 0x47000 7.01.0000.0210 C:\Program Files\QuickTime\qttask.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
GoogleDesktop.exe pid: 3048
Command line: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Base Size Version Path
0x00400000 0x33000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
MSASCui.exe pid: 3112
Command line: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Base Size Version Path
0x01000000 0xd7000 1.01.1593.0000 C:\Program Files\Windows Defender\MSASCui.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x61800000 0x9a000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpRes.dll
0x5d800000 0xac000 1.01.1593.0000 C:\Program Files\Windows Defender\MpRtMon.DLL
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x4b400000 0x86000 5.41.0015.1509 C:\WINDOWS\system32\MSFTEDIT.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
vptray.exe pid: 3140
Command line: "C:\Program Files\NavNT\vptray.exe"
Base Size Version Path
0x00400000 0x12000 7.60.0000.0926 C:\Program Files\NavNT\vptray.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x28000 7.60.0000.0926 C:\Program Files\NavNT\Cliproxy.dll
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x00950000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x00ba0000 0x40000 7.60.0000.0926 C:\Program Files\NavNT\Cliscan.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x009c0000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x00a20000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
ctfmon.exe pid: 3152
Command line: "C:\WINDOWS\system32\ctfmon.exe"
Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
GoogleToolbarNotifier.exe pid: 3184
Command line: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
Base Size Version Path
0x00400000 0x2b000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0xe000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00ef0000 0x41000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76d80000 0x1e000 5.01.2600.2912 C:\WINDOWS\system32\DHCPCSVC.DLL
0x77d00000 0x33000 5.01.2600.2743 C:\WINDOWS\system32\netman.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WZCSAPI.DLL
0x77620000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\WZCSvc.DLL
0x76d30000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 C:\WINDOWS\system32\ESENT.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
GoogleDesktopIndex.exe pid: 3228
Command line: "GoogleDesktopIndex.exe"
Base Size Version Path
0x00400000 0xc1000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
0x60000000 0x80000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x4d000000 0x34000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
iexplore.exe pid: 3540
Command line: "C:\Program Files\Internet Explorer\iexplore.exe"
Base Size Version Path
0x00400000 0x9a000 7.00.5730.0011 C:\Program Files\Internet Explorer\iexplore.exe
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\IEFRAME.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dff0000 0x2f000 7.00.5730.0011 C:\WINDOWS\system32\IEUI.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x47060000 0x21000 1.00.1018.0000 C:\WINDOWS\system32\xmllite.dll
0x746f0000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x61930000 0x4a000 7.00.5730.0011 C:\Program Files\Internet Explorer\ieproxy.dll
0x01270000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x10000000 0x337000 4.00.1020.2544 c:\program files\google\googletoolbar1.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x59a60000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x019a0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x7e830000 0x36f000 7.00.5730.0011 C:\WINDOWS\system32\mshtml.dll
0x746c0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x72ea0000 0x60000 7.00.5824.16386 C:\WINDOWS\system32\ieapfltr.dll
0x63380000 0x78000 5.07.0000.5730 C:\WINDOWS\system32\jscript.dll
0x1b000000 0xc000 7.00.5730.0011 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 7.00.5730.0011 C:\WINDOWS\system32\pngfilt.dll
0x30000000 0x222000 8.00.0022.0000 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
0x73300000 0x65000 5.07.0000.5730 C:\WINDOWS\system32\vbscript.dll
0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll
0x6d430000 0xa000 5.03.2600.2180 C:\WINDOWS\System32\ddrawex.dll
0x73760000 0x49000 5.03.2600.2180 C:\WINDOWS\System32\DDRAW.dll
0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll
0x63f00000 0xc000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x76200000 0x77000 7.00.5730.0011 C:\WINDOWS\system32\mshtmled.dll
0x58760000 0x32000 7.00.5730.0011 C:\WINDOWS\system32\iepeers.dll
0x07330000 0x8000 7.00.5730.0011 C:\WINDOWS\system32\corpol.dll
0x75e60000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5f800000 0x15000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpOAv.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x07ac0000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
------------------------------------------------------------------------------
jucheck.exe pid: 1368
Command line: -auto
Base Size Version Path
0x00400000 0x3c000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
0x00320000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
systemscan.exe pid: 1860
Command line: "C:\Documents and Settings\Administrator\Desktop\systemscan.exe"
Base Size Version Path
0x00400000 0x24000 C:\Documents and Settings\Administrator\Desktop\systemscan.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL
0x74e30000 0x6c000 5.30.0023.1221 C:\WINDOWS\system32\RICHED20.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
------------------------------------------------------------------------------
runme.exe pid: 3796
Command line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe"
Base Size Version Path
0x00400000 0x46000 2.00.0000.0023 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe
0x73420000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x6b800000 0x25000 5.06.0000.6626 C:\WINDOWS\system32\scrrun.dll
------------------------------------------------------------------------------
wmiprvse.exe pid: 2272
Command line: C:\WINDOWS\System32\wbem\wmiprvse.exe
Base Size Version Path
0x01000000 0x38000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvse.exe
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\wbem\FastProx.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ef0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemprox.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x5bd90000 0x18000 5.01.2600.2180 C:\WINDOWS\System32\wbem\stdprov.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\wbem\esscli.dll
------------------------------------------------------------------------------
cmd.exe pid: 1568
Command line: cmd /c listdlls.exe >> %systemdrive%\suspectfile\report.row
Base Size Version Path
0x4ad00000 0x61000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
Command line: listdlls.exe
Base Size Version Path
0x00400000 0x11000 2.25.0000.0000 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\LISTDLLS.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
-------------NTFS ADS -------------
Error opening C:\pagefile.sys:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
C:\Documents and Settings\Administrator\Desktop\FixLinkopt.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Desktop\gmer.zip:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Desktop\PrevxFixGrom.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Favorites\HJT logi, kone on _todella_ hidas.url:
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{340A3AE8-04A8-4934-861A-56F5C49D99CB}:
The process cannot access the file because it is being used by another process.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3D55C4EL\aawsepersonal[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8S63CC65\avgas-setup-7.5.0.50[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\FixLinkopt[1].exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\PrevxFixGrom[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\All Users\Application Data\TEMP:
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:
:encryptable:$DATA 0
Error opening C:\Documents and Settings\LocalService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
..
C:\Documents and Settings\Tapio Uotila\Desktop\86743.asx:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\Desktop\sdsetup.exe:
:Zone.Identifier:$DATA 26
.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CA5YJZYT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021975241&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=47&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAE34TAZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022000438&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=50&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAEJWLUJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022019503&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAF7GQGK.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021958420&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=56&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CANBAK0R.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CARFYKFV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022031971&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=44&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAUIC2ZB.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA2JGNP5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=46&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA6B4XM7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021886706&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA83TL1V.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022038314&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=52&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA9KBTN4.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAC3UMJC.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021967592&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=57&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAIZU761.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022048136&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=53&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAOL2RA5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022024028&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=40&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAWG8C2H.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAYRS92J.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=60&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA0YJ51Q.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022018172&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA43GJWV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=43&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAKD0H2D.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021953954&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=55&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQNC9Q1.fcgi%3Fcategory%3D1500000000000005%26conference%3D4500000000000011%26subcat%3D485&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQXCDSR.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021977928&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=48&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWRWPOL.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26posting%3D22000000021982266&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWW16W5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021979211&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=58&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAZWH8TT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022026604&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=41&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA16EGJS.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA6NOL2F.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022033338&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=59&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA9IU61Y.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021987684&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=49&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAABKTMV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAGDC007.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAM2I2X4.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022029204&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=42&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAMR4TU7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=51&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAW2BYS0.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022037652&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=45&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYB81IJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYJGLMB.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=54&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYVWHEZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
..
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\51koodia - Nimetty\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Anna Eriksson - Sinusta sinuun 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Kiila - 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD1_192\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD2_192\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Christian_Forss_-_Christian_Forss-KMR\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Greenday.-.American.Idiot.(2004).-.by.LoCkY\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\gunther - pleasureman [2004]\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\H.I.M_-_Wings_of_A_Butterfly-Promo-CDS-2005-OASiS\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Hanna Pakarinen - When I Become Me 2004\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Him - And Love Said No (2004)\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Irina - Vahva\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Kotiteollisuus - Helvetistä Itään\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Angels Fall First\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Century Child\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Oceanborn\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Once\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Stratovarius - Infinite\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The best of hiphop_2005(Beyoncé, Snoop Dogg,alicia keys,,Destinys Child,missy elliot,Dodo Power,50 cent,kelis,eminem,black eyes peas,Xzibit...)\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Black Eyed Peas - (2005) Monkey Business .[WwW.LiMiTeDiVx.CoM].By KELOLO\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Rasmus - Dead Letters\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\20.8.2006 Vääräjoella\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ahvenanmaa 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Elinan vanhojentanssit\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoon asuntomessut\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoosta\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\2005_02_06\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jeren kanssa muumimaailmassa kesällä 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Joukon kaverin ristiäiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\jämi\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jämillä retkeilemässä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kesä 2005 kuvia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\kesä 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kulta zoomailee\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kuninkaan lähteellä uimassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lentokauden päättäjäiset 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lomailua Tevaniemessä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Laivalla\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Naantalin kylpylässä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja kultaseni\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muumi maailmassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muuta sekalaista\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Heinijärvellä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Vääksyssä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Naamiaiset 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\O41 ja Opistonkuvia\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ollin kissa ja Janilta kuvia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Pallas 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\pirkan pyöräily 2006\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ranska 2005\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Savusukellusharj. paperitehtaalla\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Turvallisuus messut\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Vanajan linnassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Jämillä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa 11.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_19\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_20\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Yyterissä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Received Files\testi.jpg:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\bsplayer137.826.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DivXPlay.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\ffdshow-20041012.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\PDVD_6_trial.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\RealPlayer10-5GOLD.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\wrar351.exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Ensihoito\Hengitysäänet\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Alkusammutus harjoitus 2.2.06\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Avajaiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Eläinten käsittely\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Ensihoito\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Harjoitusalue\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Kastajaiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Laskeutuminen\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Letkuhuoltoa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\liikenneonnettomuus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Metsäpalokontti 21.3.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 1 7.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 2 8.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 3 9.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pintapelastus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Savusukellus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Ensihoito\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Vaahtokalusto 28.3.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Pulloventtiili.wmv:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\tvlista062006.doc:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\Uotilanuusin.doc:
:Zone.Identifier:$DATA 26
...
...
...
...
C:\RECYCLER\S-1-5-21-1220945662-436374069-854245398-1003\Dc5.asx:
:Zone.Identifier:$DATA 26
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP2\A0001103.exe:
:Zone.Identifier:$DATA 26
..
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004507.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004512.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004528.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004538.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004556.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004605.exe:
:Zone.Identifier:$DATA 26
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP46\A0004807.exe:
:Zone.Identifier:$DATA 26
.
...
...
...
...
...
...
...
Error opening C:\WINDOWS\system32\lpt6.waq:
The system cannot find the file specified.
...
Error opening C:\WINDOWS\system32\CatRoot2\edb.log:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\CatRoot2\tmp.edb:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\default:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\default.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SAM:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SAM.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SECURITY:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SECURITY.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\software:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\software.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\system:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\system.LOG:
The process cannot access the file because it is being used by another process.
...
.
-------------Encrypting File System dumping-------------
-------------Hidden Files -------------
Scannig hidden processes ...
Scannig hidden services ...
Scannig hidden autostart entries ...
Scannig hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
-------------Checking Rustock rootkit-------------
-------------Checking Suspicious files -------------
(Unusually Runtime packers compressed exe and dll files in C:\, C:\WINDOWS\, C:\WINDOWS\system32\)
Note:Not all files found by this scanner are bad
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SRCHSTS.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWREG.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWSC.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\IFMON.DLL
-This file is compressed with Nspack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\DIVX.DLL
--------------------------
Scan completed in 29,1 minutes
End of report
StartupList report, 5.1.2007, 10:08:21
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TrackPointSrv = tp4serv.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
LTWinModem1 = ltmsg.exe 9
PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
TPHOTKEY = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
TP4EX = tp4ex.exe
EZEJMNAP = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
BLOG = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
TPKMAPHELPER = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
QCTRAY = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
QCWLICON = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
BMMGAG = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
BMMLREF = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
vptray = C:\Program Files\NavNT\vptray.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe
[>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
BMMTask.job
MP Scheduled Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shock...ash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: System32\DRIVERS\ACPIEC.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
ANC: System32\drivers\ANC.SYS (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
BFAIFILT: System32\Drivers\bfaifilt.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BUFADPT: \??\C:\WINDOWS\system32\BUFADPT.SYS (system)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft AC Adapter Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Crystal WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DefWatch: "C:\Program Files\NavNT\defwatch.exe" (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Network Connection Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IBMPMDRV: system32\DRIVERS\ibmpmdrv.sys (manual start)
ThinkPad PM Service: %SystemRoot%\system32\ibmpmsvc.exe (autostart)
IBMTPCHK: System32\drivers\IBMBLDID.SYS (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Lucent Modem Driver: system32\DRIVERS\ltmdmxp.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Nal Service : \??\C:\WINDOWS\system32\Drivers\iqvw32.sys (manual start)
NAVAP: \??\C:\Program Files\NavNT\NAVAP.sys (manual start)
NAVAPEL: \??\C:\Program Files\NavNT\NAVAPEL.SYS (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Client: "C:\Program Files\NavNT\rtvscan.exe" (autostart)
NSC Infrared Device Driver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QCNDISIF: System32\drivers\qcndisif.SYS (manual start)
QCONSVC: System32\QCONSVC.EXE (autostart)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
S3SSavage: system32\DRIVERS\s3ssavm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Smapint: System32\drivers\Smapint.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
TDSMAPI: System32\drivers\TDSMAPI.SYS (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
PS/2 TrackPoint Driver: system32\DRIVERS\tp4track.sys (manual start)
IBM KCU Service: C:\WINDOWS\system32\TpKmpSVC.exe (autostart)
TPPWR: System32\drivers\Tppwr.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TSMAPIP: System32\drivers\TSMAPIP.SYS (system)
IBM PS/2 TrackPoint Filter Driver: System32\DRIVERS\TwoTrack.sys (manual start)
BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service: system32\DRIVERS\rt2500usb.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 34 068 bytes
Report generated in 0,170 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
|
|
nurmijan
Newbie
|
5. tammikuuta 2007 @ 05:55 |
Linkki tähän viestiin
|
Ei suostuneet fixlinkoptimizer ja prevx enään käynistymään. Mutta kokeilin systemscan softaa, koka skannasi koneeni. Poisto työkaluna tuo tarjoaa AVRunner. Tässä logi systemscanilla. Myös alinmaisena HT:n startup logi safemodessa.
Olisiko noista logeista apua?
systemscan - www.suspectfile.com - ver. 2.0.23
Date: pe 05.01.2007
Time: 8:53:26,99
Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-------------Users folders -------------
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\documents and settings
03.01.2007 08:40 <DIR> Administrator
27.12.2005 20:13 <DIR> All Users
27.12.2005 18:23 <DIR> Default User
27.12.2005 19:06 <DIR> LocalService
27.12.2005 18:29 <DIR> NetworkService
29.11.2006 10:40 <DIR> Tapio Uotila
04.01.2007 15:41 <DIR> testi
-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Program Files\Common Files, C:\WINDOWS\temp
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\
04.01.2007 15:44 <DIR> Config.Msi
05.01.2007 08:53 <DIR> suspectfile
04.01.2007 13:05 <DIR> Documents and Settings
04.01.2007 15:44 <DIR> WINDOWS
04.01.2007 15:44 <DIR> Program Files
04.01.2007 12:02 0 gromozon_removal.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS
04.01.2007 15:44 <DIR> WBEM
05.01.2007 08:50 <DIR> temp
04.01.2007 15:44 <DIR> system32
05.01.2007 08:52 <DIR> Prefetch
03.01.2007 13:29 <DIR> Help
04.01.2007 15:41 <DIR> network diagnostic
21.11.2006 15:09 <DIR> msagent
03.01.2007 13:27 <DIR> Media
03.01.2007 13:23 11ÿ859 KB904942.log
03.01.2007 13:23 5ÿ640 KB914440.log
03.01.2007 13:24 6ÿ980 KB915865.log
20.11.2006 23:03 17ÿ414 KB920213.log
03.01.2007 13:27 1ÿ355 imsins.log
20.11.2006 23:03 31ÿ584 KB922760.log
03.01.2007 07:43 10ÿ795 KB923689.log
03.01.2007 07:43 11ÿ923 KB923694.log
20.11.2006 23:04 16ÿ159 KB923980.log
20.11.2006 23:04 15ÿ802 KB924270.log
03.01.2007 07:46 9ÿ141 KB925398.log
03.01.2007 07:46 33ÿ589 KB925454.log
03.01.2007 07:43 12ÿ115 KB926255.log
03.01.2007 13:27 44ÿ769 medctroc.Log
03.01.2007 13:25 1ÿ355 imsins.BAK
03.01.2007 13:27 774ÿ021 iis6.log
03.01.2007 13:28 25ÿ367 ie7_main.log
03.01.2007 13:27 47ÿ757 ie7.log
03.01.2007 13:27 32ÿ722 msgsocm.log
03.01.2007 13:27 214ÿ744 msmqinst.log
03.01.2007 13:25 7ÿ768 IDNMitigationAPIs.log
03.01.2007 13:27 110ÿ476 netfxocm.log
03.01.2007 13:24 7ÿ426 NLSDownlevelMapping.log
04.01.2007 15:51 1ÿ411ÿ686 ntbtlog.txt
03.01.2007 13:27 135ÿ039 ntdtcsetup.log
03.01.2007 13:27 324ÿ287 ocgen.log
03.01.2007 13:27 35ÿ869 ocmsn.log
04.01.2007 13:05 1ÿ859 OEWABLog.txt
03.01.2007 13:27 637ÿ985 FaxSetup.log
13.12.2006 18:02 1ÿ409 QTFont.for
04.01.2007 15:49 32ÿ634 SchedLgU.Txt
03.01.2007 13:27 222ÿ598 comsetup.log
03.01.2007 14:21 166ÿ052 setupact.log
03.01.2007 13:25 576ÿ401 setupapi.log
03.01.2007 07:53 741ÿ625 setuplog.txt
03.01.2007 13:30 38ÿ264 spupdsvc.log
08.11.2006 20:15 115 cdplayer.ini
03.01.2007 13:27 31ÿ539 tabletoc.log
03.01.2007 13:27 301ÿ558 tsoc.log
03.01.2007 13:27 55ÿ141 updspapi.log
05.01.2007 08:27 0 0.log
05.01.2007 08:27 159 wiadebug.log
05.01.2007 08:27 48 wiaservc.log
05.01.2007 08:48 1ÿ283ÿ208 WindowsUpdate.log
04.01.2007 13:05 72ÿ954 wmsetup.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS\system32
04.01.2007 15:40 <DIR> Restore
03.01.2007 13:27 <DIR> en-US
04.01.2007 15:41 <DIR> drivers
03.01.2007 13:27 <DIR> config
05.01.2007 08:30 <DIR> CatRoot2
03.01.2007 08:24 <DIR> appmgmt
07.11.2006 03:25 10ÿ240 advpack.dll.mui
07.11.2006 03:26 123ÿ904 advpack.dll
07.11.2006 21:03 131ÿ584 extmgr.dll
07.11.2006 03:26 54ÿ784 ie4uinit.exe
07.11.2006 03:26 152ÿ064 ieakeng.dll
07.11.2006 03:27 229ÿ376 ieaksie.dll
07.11.2006 03:25 161ÿ792 ieakui.dll
07.11.2006 03:27 382ÿ976 iedkcs32.dll
07.11.2006 21:03 6ÿ049ÿ280 ieframe.dll
07.11.2006 21:03 191ÿ488 iepeers.dll
07.11.2006 03:26 43ÿ008 iernonce.dll
07.11.2006 03:26 55ÿ296 iesetup.dll
07.11.2006 03:26 13ÿ312 ieudinit.exe
07.11.2006 21:03 180ÿ736 ieui.dll
07.11.2006 03:24 56ÿ483 ieuinit.inf
08.11.2006 07:06 679ÿ424 inetcomm.dll
07.11.2006 03:26 92ÿ672 inseng.dll
07.11.2006 21:03 27ÿ136 jsproxy.dll
12.12.2006 10:45 1ÿ474ÿ864 LegitCheckControl.DLL
08.12.2006 01:13 10ÿ716ÿ584 MRT.exe
07.11.2006 21:03 458ÿ752 msfeeds.dll
07.11.2006 21:03 50ÿ688 msfeedsbs.dll
07.11.2006 03:26 71ÿ680 admparse.dll
07.11.2006 21:03 3ÿ577ÿ856 mshtml.dll
07.11.2006 21:03 475ÿ648 mshtmled.dll
07.11.2006 21:03 156ÿ160 msls31.dll
07.11.2006 21:03 670ÿ720 mstime.dll
12.11.2006 19:16 1ÿ688 TRJ_NTAUTO.TMP
07.11.2006 21:03 1ÿ162ÿ240 urlmon.dll
07.11.2006 21:03 413ÿ696 vbscript.dll
07.11.2006 21:03 231ÿ424 webcheck.dll
07.11.2006 21:03 818ÿ688 wininet.dll
07.12.2006 07:29 2ÿ374ÿ472 wmvcore.dll
03.01.2007 13:25 2ÿ206 wpa.dbl
03.01.2007 08:32 0 ypsg.dll
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\Program Files\Common Files
03.01.2007 07:42 <DIR> System
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS\temp
05.01.2007 08:48 4ÿ790 MpSigStub.log
05.01.2007 08:48 3ÿ694 MpCmdRun.log
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
[Run]
-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------
[Windows]
"AppInit_DLLs"="\\?\C:\WINDOWS\system32\lpt6.waq"
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"DisplayName"=expand:"@iedkcs32.dll,-3051"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"DisplayName"=expand:"@iedkcs32.dll,-3014"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\NavLogon]
"DllName"="C:\WINDOWS\system32\NavLogon.dll"
"Logoff"="NavLogoffEvent"
"StartShell"="NavStartShellEvent"
[Winlogon\Notify\QConGina]
@Class="HKEY_LOCAL_MACHINE"
"DllName"="QConGina.dll"
"Logoff"="QConGinaWLEventLogoff"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\tphotkey]
@=""
"DllName"="tphklock.dll"
"Startup"="WLEventStartup"
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp"
"BuildNumber"=dword:00000a28
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
"TrackPointSrv"="tp4serv.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
"LTWinModem1"="ltmsg.exe 9"
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
"BLOG"="rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog"
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper"
"QCTRAY"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"
"QCWLICON"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"
"BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor"
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\""
"TkBellExe"="\"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe\" /startup"
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"vptray"="C:\Program Files\NavNT\vptray.exe"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------
[RunOnce]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------
[RunOnceEx]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------
[RunServices]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:000002ec
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="239650f4"
"Pattern"=hex:6c,b4,d2,8e,b9,10,7c,6f,92,40,70,a0,ee,d5,cd,50,32,33,39,36,35,\
30,66,34,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,18,e2,86,74
[Lsa\GBG]
@Class="18fb6b05"
"GrafBlumGroup"=hex:e2,cc,ea,56,3e,12,2a,07,57
[Lsa\JD]
@Class="0e4774b9"
"Lookup"=hex:c6,4f,67,d3,57,37
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="86e2d8c2"
"SkewMatrix"=hex:50,7f,78,97,13,a2,e3,3b,83,6a,7d,dc,8c,64,7b,f6
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:70,49,00,66,0c,0b,c6,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
[SharedAccess\Epoch]
"Epoch"=dword:000023dd
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe"="C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe:*:Disabled:DC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"
[SharedAccess\Security]
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-------------HKLM\Software\Microsoft\Ole-------------
[Ole]
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------
@="\"%1\" /S"
-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
@="Selaimen mukautukset"
"ComponentID"="BRANDING.CAB"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@="Windows Media Player"
"ComponentID"="WMPACCESS"
"StubPath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-21"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@C:\WINDOWS\system32\iedkcs32.dll,-3052"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\Microsoft Base Smart Card Crypto Provider Package]
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.5.0_06\bin\regutils.dll"
[Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
"ComponentID"="KB922770"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
@="Internet Explorerin Lueminut-tiedosto"
"ComponentID"="IEREADME"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
@="IEEX"
"ComponentID"="IEEX"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4CDAF616-D274-41F9-9478-64D5CCFADE80}]
@="Macromedia Shockwave Player"
"ComponentID"="CUSTOM1"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-20"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
"ComponentID"="M886903"
@="Microsoft .NET Framework 1.1 Hotfix (KB886903)"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"ComponentID"="KB917283"
[Installed Components\{C47D9DDA-83FF-4907-9056-DC7827271070}]
@="Macromedia FlashPlayer"
"ComponentID"="CUSTOM0"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
#### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx"
@="Macromedia Flash Player 8"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000FC0000000000000000000000000000004DF09D45010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 9181 (0x23DD)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 9178 (0x23DA)
Result compared: Different
-------------List of running services -------------
000) "ALG" - Application Layer Gateway Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
001) "AudioSrv" - Windows Audio
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
002) "AVG Anti-Spyware Guard" - AVG Anti-Spyware Guard
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
003) "BITS" - Background Intelligent Transfer Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
004) "CryptSvc" - Cryptographic Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
005) "DcomLaunch" - DCOM Server Process Launcher
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
006) "DefWatch" - DefWatch
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\defwatch.exe"
007) "Dhcp" - DHCP Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
008) "Dnscache" - DNS Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k NetworkService
009) "ERSvc" - Error Reporting Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
010) "Eventlog" - Event Log
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
011) "EventSystem" - COM+ Event System
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
012) "FastUserSwitchingCompatibility" - Fast User Switching Compatibility
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
013) "helpsvc" - Help and Support
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
014) "IBMPMSVC" - ThinkPad PM Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\ibmpmsvc.exe
015) "Irmon" - Infrared Monitor
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
016) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
017) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
018) "LmHosts" - TCP/IP NetBIOS Helper
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
019) "Netman" - Network Connections
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
020) "Nla" - Network Location Awareness (NLA)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
021) "Norton AntiVirus Server" - Norton AntiVirus Client
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\rtvscan.exe"
022) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
023) "PolicyAgent" - IPSEC Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\lsass.exe
024) "ProtectedStorage" - Protected Storage
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
025) "QCONSVC" - QCONSVC
---> STAT = (RUNNING) Started automatically
---> FILE = System32\QCONSVC.EXE
026) "RasMan" - Remote Access Connection Manager
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
027) "RemoteRegistry" - Remote Registry
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
028) "RpcSs" - Remote Procedure Call (RPC)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
029) "SamSs" - Security Accounts Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
030) "Schedule" - Task Scheduler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
031) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
032) "SENS" - System Event Notification
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
033) "SharedAccess" - Windows Firewall/Internet Connection Sharing (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
034) "ShellHWDetection" - Shell Hardware Detection
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
035) "Spooler" - Print Spooler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
036) "srservice" - System Restore Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
037) "SSDPSRV" - SSDP Discovery Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
038) "stisvc" - Windows Image Acquisition (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k imgsvc
039) "TapiSrv" - Telephony
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
040) "TermService" - Terminal Services
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
041) "Themes" - Themes
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
042) "TpKmpSVC" - IBM KCU Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\TpKmpSVC.exe
043) "TrkWks" - Distributed Link Tracking Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
044) "UMWdf" - Windows User Mode Driver Framework
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\wdfmgr.exe
045) "W32Time" - Windows Time
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
046) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
047) "WinDefend" - Windows Defender
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\Windows Defender\MsMpEng.exe"
048) "winmgmt" - Windows Management Instrumentation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
049) "wscsvc" - Security Center
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
050) "wuauserv" - Automatic Updates
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
051) "WZCSVC" - Wireless Zero Configuration
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
..:: BOOT REGISTRY ::..
0) "TrackPointSrv"
---> CMD = tp4serv.exe
---> FILE = C:\WINDOWS\System32\tp4serv.exe
1) "SunJavaUpdateSched"
---> CMD = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
2) "LTWinModem1"
---> CMD = ltmsg.exe 9
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\ltmsg.exe 9
3) "PRONoMgr.exe"
---> CMD = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
---> FILE = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
4) "TPHOTKEY"
---> CMD = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
5) "TP4EX"
---> CMD = tp4ex.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\tp4ex.exe
6) "EZEJMNAP"
---> CMD = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
---> FILE = C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
7) "BLOG"
---> CMD = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
---> FILE = (NOT EXISTS)
8) "TPKMAPHELPER"
---> CMD = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
---> FILE = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
9) "QCTRAY"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
10) "QCWLICON"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
11) "BMMGAG"
---> CMD = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
---> FILE = (NOT EXISTS)
12) "BMMLREF"
---> CMD = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
---> FILE = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
13) "NeroFilterCheck"
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe
14) "RemoteControl"
---> CMD = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
---> FILE = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
15) "TkBellExe"
---> CMD = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
---> FILE = (NOT EXISTS)
16) "QuickTime Task"
---> CMD = "C:\Program Files\QuickTime\qttask.exe" -atboottime
---> FILE = (NOT EXISTS)
17) "Google Desktop Search"
---> CMD = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
---> FILE = (NOT EXISTS)
18) "Windows Defender"
---> CMD = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
---> FILE = (NOT EXISTS)
19) "vptray"
---> CMD = C:\Program Files\NavNT\vptray.exe
---> FILE = C:\Program Files\NavNT\vptray.exe
-------------List of NOT running services -------------
000) "Alerter" - Alerter
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
001) "AppMgmt" - Application Management
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
002) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
003) "Browser" - Computer Browser
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
004) "cisvc" - Indexing Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\cisvc.exe
005) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe
006) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
007) "COMSysApp" - COM+ System Application
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
008) "dmadmin" - Logical Disk Manager Administrative Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
009) "dmserver" - Logical Disk Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
010) "HidServ" - Human Interface Device Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
011) "HTTPFilter" - HTTP SSL
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
012) "IDriverT" - InstallDriver Table Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
013) "ImapiService" - IMAPI CD-Burning COM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\imapi.exe
014) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
015) "mnmsrvc" - NetMeeting Remote Desktop Sharing
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\mnmsrvc.exe
016) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msdtc.exe
017) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V
018) "NetDDE" - Network DDE
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
019) "NetDDEdsdm" - Network DDE DSDM
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
020) "Netlogon" - Net Logon
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe
021) "NetSvc" - Intel NCS NetService
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Intel\NCS\Sync\NetSvc.exe
022) "NtLmSsp" - NT LM Security Support Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe
023) "NtmsSvc" - Removable Storage
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
024) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
025) "RasAuto" - Remote Access Auto Connection Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
026) "RDSessMgr" - Remote Desktop Help Session Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
027) "RemoteAccess" - Routing and Remote Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
028) "RpcLocator" - Remote Procedure Call (RPC) Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\locator.exe
029) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\rsvp.exe
030) "SCardSvr" - Smart Card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
031) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754}
032) "SysmonLog" - Performance Logs and Alerts
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
033) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\tlntsvr.exe
034) "upnphost" - Universal Plug and Play Device Host
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
035) "UPS" - Uninterruptible Power Supply
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
036) "VSS" - Volume Shadow Copy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
037) "WMConnectCDS" - Windows Media Connect Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Windows Media Connect 2\wmccds.exe
038) "WmdmPmSN" - Portable Media Serial Number Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
039) "Wmi" - Windows Management Instrumentation Driver Extensions
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
040) "WmiApSrv" - WMI Performance Adapter
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\wbem\wmiapsrv.exe
041) "xmlprov" - Network Provisioning Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
-------------List of running device driver services -------------
000) "ACPI" - Microsoft ACPI Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPI.sys
001) "ACPIEC" - Microsoft Embedded Controller Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPIEC.sys
002) "AFD" - AFD Networking Support Environment
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
003) "agp440" - Intel AGP Bus Filter
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\agp440.sys
004) "ANC" - ANC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\ANC.SYS
005) "atapi" - Standard IDE/ESDI Hard Disk Controller
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\atapi.sys
006) "audstub" - Audio Stub Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys
007) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
008) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys
009) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function
010) "BUFADPT" - BUFADPT
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\WINDOWS\system32\BUFADPT.SYS
011) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled
012) "Cdrom" - CD-ROM Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys
013) "CmBatt" - Microsoft AC Adapter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\CmBatt.sys
014) "Compbatt" - Microsoft Composite Battery Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\compbatt.sys
015) "cs429x" - Crystal WDM Audio Codec Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\cwawdm.sys
016) "Disk" - Disk Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\disk.sys
017) "E100B" - Intel(R) PRO Network Connection Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\e100b325.sys
018) "Fastfat" - Fastfat
---> STAT = (RUNNING) Disabled
019) "Fdc" - Floppy Disk Controller Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys
020) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function
021) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\drivers\fltmgr.sys
022) "Ftdisk" - Volume Manager Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ftdisk.sys
023) "Gpc" - Generic Packet Classifier
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys
024) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
025) "i8042prt" - i8042 Keyboard and PS/2 Mouse Port Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\i8042prt.sys
026) "IBMPMDRV" - IBMPMDRV
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ibmpmdrv.sys
027) "IBMTPCHK" - IBMTPCHK
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\IBMBLDID.SYS
028) "Imapi" - CD-Burning Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys
029) "IntelIde" - IntelIde
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\intelide.sys
030) "IpNat" - IP Network Address Translator
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys
031) "IPSec" - IPSEC driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys
032) "irda" - IrDA Protocol
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys
033) "IRENUM" - IR Enumerator Service
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys
034) "isapnp" - PnP ISA/EISA Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\isapnp.sys
035) "Kbdclass" - Keyboard Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys
036) "kmixer" - Microsoft Kernel Wave Audio Mixer
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
037) "KSecDD" - KSecDD
---> STAT = (RUNNING) Started by operating system loader
038) "ltmodem5" - Lucent Modem Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ltmdmxp.sys
039) "mnmdd" - mnmdd
---> STAT = (RUNNING) Started by "IoInitSystem" function
040) "Modem" - Modem
---> STAT = (RUNNING) Started manually
041) "Mouclass" - Mouse Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys
042) "MountMgr" - Mount Point Manager
---> STAT = (RUNNING) Started by operating system loader
043) "MRxDAV" - WebDav Client Redirector
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys
044) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys
045) "Msfs" - Msfs
---> STAT = (RUNNING) Started by "IoInitSystem" function
046) "mssmbios" - Microsoft System Management BIOS Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys
047) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
048) "NAVAP" - NAVAP
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\NavNT\NAVAP.sys
049) "NAVAPEL" - NAVAPEL
---> STAT = (RUNNING) Started automatically
---> FILE = \??\C:\Program Files\NavNT\NAVAPEL.SYS
050) "NAVENG" - NAVENG
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.sys
051) "NAVEX15" - NAVEX15
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.sys
052) "NDIS" - NDIS System Driver
---> STAT = (RUNNING) Started by operating system loader
053) "NdisTapi" - Remote Access NDIS TAPI Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys
054) "Ndisuio" - NDIS Usermode I/O Protocol
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys
055) "NdisWan" - Remote Access NDIS WAN Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys
056) "NDProxy" - NDIS Proxy
---> STAT = (RUNNING) Started manually
057) "NetBIOS" - NetBIOS Interface
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys
058) "NetBT" - NetBios over Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
059) "Npfs" - Npfs
---> STAT = (RUNNING) Started by "IoInitSystem" function
060) "NSCIRDA" - NSC Infrared Device Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nscirda.sys
061) "Ntfs" - Ntfs
---> STAT = (RUNNING) Disabled
062) "Null" - Null
---> STAT = (RUNNING) Started by "IoInitSystem" function
063) "P3" - Intel PentiumIII Processor Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\p3.sys
064) "Parport" - Parallel port driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys
065) "PartMgr" - Partition Manager
---> STAT = (RUNNING) Started by operating system loader
066) "ParVdm" - ParVdm
---> STAT = (RUNNING) Started automatically
067) "PCI" - PCI Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pci.sys
068) "Pcmcia" - Pcmcia
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pcmcia.sys
069) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspptp.sys
070) "PSched" - QoS Packet Scheduler
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\psched.sys
071) "Ptilink" - Direct Parallel Link Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ptilink.sys
072) "PxHelp20" - PxHelp20
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\Drivers\PxHelp20.sys
073) "RasAcd" - Remote Access Auto Connection Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rasacd.sys
074) "Rasirda" - WAN Miniport (IrDA)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasirda.sys
075) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasl2tp.sys
076) "RasPppoe" - Remote Access PPPOE Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspppoe.sys
077) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspti.sys
078) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rdbss.sys
079) "RDPCDD" - RDPCDD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
080) "rdpdr" - Terminal Server Device Redirector Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rdpdr.sys
081) "redbook" - Digital CD Audio Playback Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\redbook.sys
082) "S3SSavage" - S3SSavage
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\s3ssavm.sys
083) "serenum" - Serenum Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\serenum.sys
084) "Serial" - Serial port driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\serial.sys
085) "Smapint" - Smapint
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Smapint.sys
086) "sr" - System Restore Filter Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\sr.sys
087) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv.sys
088) "swenum" - Software Bus Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\swenum.sys
089) "SymEvent" - SymEvent
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\Symantec\SYMEVENT.SYS
090) "sysaudio" - Microsoft Kernel System Audio Device
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
091) "Tcpip" - TCP/IP Protocol Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\tcpip.sys
092) "TDSMAPI" - TDSMAPI
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TDSMAPI.SYS
093) "TermDD" - Terminal Device Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\termdd.sys
094) "Tp4Track" - PS/2 TrackPoint Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\tp4track.sys
095) "TPHKDRV" - TPHKDRV
---> STAT = (RUNNING) Started by "IoInitSystem" function
096) "TPPWR" - TPPWR
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Tppwr.sys
097) "TSMAPIP" - TSMAPIP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TSMAPIP.SYS
098) "Update" - Microcode Update Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\update.sys
099) "usbhub" - USB2 Enabled Hub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbhub.sys
100) "USBSTOR" - USB Mass Storage Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
101) "usbuhci" - Microsoft USB Universal Host Controller Miniport Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbuhci.sys
102) "VgaSave" - VGA Display Controller.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
103) "VolSnap" - VolSnap
---> STAT = (RUNNING) Started by operating system loader
104) "Wanarp" - Remote Access IP ARP Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\wanarp.sys
105) "wdmaud" - Microsoft WINMM WDM Audio Compatibility Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
-------------List of NOT running device driver services -------------
000) "abp480n5" - abp480n5
---> STAT = (NOT RUNNING) Disabled
001) "ac97intc" - Intel(r) 82801 Audio Driver Install Service (WDM)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ac97intc.sys
002) "adpu160m" - adpu160m
---> STAT = (NOT RUNNING) Disabled
003) "aec" - Microsoft Kernel Acoustic Echo Canceller
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
004) "Aha154x" - Aha154x
---> STAT = (NOT RUNNING) Disabled
005) "aic78u2" - aic78u2
---> STAT = (NOT RUNNING) Disabled
006) "aic78xx" - aic78xx
---> STAT = (NOT RUNNING) Disabled
007) "AliIde" - AliIde
---> STAT = (NOT RUNNING) Disabled
008) "amsint" - amsint
---> STAT = (NOT RUNNING) Disabled
009) "asc" - asc
---> STAT = (NOT RUNNING) Disabled
010) "asc3350p" - asc3350p
---> STAT = (NOT RUNNING) Disabled
011) "asc3550" - asc3550
---> STAT = (NOT RUNNING) Disabled
012) "AsyncMac" - RAS Asynchronous Media Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys
013) "Atdisk" - Atdisk
---> STAT = (NOT RUNNING) Disabled
014) "Atmarpc" - ATM ARP Client Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys
015) "BFAIFILT" - BFAIFILT
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\bfaifilt.sys
016) "cbidf2k" - cbidf2k
---> STAT = (NOT RUNNING) Disabled
017) "cd20xrnt" - cd20xrnt
---> STAT = (NOT RUNNING) Disabled
018) "Cdaudio" - Cdaudio
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
019) "Changer" - Changer
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
020) "CmdIde" - CmdIde
---> STAT = (NOT RUNNING) Disabled
021) "Cpqarray" - Cpqarray
---> STAT = (NOT RUNNING) Disabled
022) "dac960nt" - dac960nt
---> STAT = (NOT RUNNING) Disabled
023) "dmboot" - dmboot
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
024) "dmio" - dmio
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmio.sys
025) "dmload" - dmload
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmload.sys
026) "DMusic" - Microsoft Kernel DLS Syntheiszer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
027) "dpti2o" - dpti2o
---> STAT = (NOT RUNNING) Disabled
028) "drmkaud" - Microsoft Kernel DRM Audio Descrambler
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
029) "Flpydisk" - Floppy Disk Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys
030) "HidUsb" - Microsoft HID Class Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys
031) "hpn" - hpn
---> STAT = (NOT RUNNING) Disabled
032) "hpt3xx" - hpt3xx
---> STAT = (NOT RUNNING) Disabled
033) "i2omgmt" - i2omgmt
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
034) "i2omp" - i2omp
---> STAT = (NOT RUNNING) Disabled
035) "ini910u" - ini910u
---> STAT = (NOT RUNNING) Disabled
036) "ip6fw" - IPv6 Windows Firewall Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
037) "IpFilterDriver" - IP Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys
038) "IpInIp" - IP in IP Tunnel Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys
039) "kbdhid" - Keyboard HID Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdhid.sys
040) "lbrtfdc" - lbrtfdc
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
041) "mouhid" - Mouse HID Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys
042) "mraid35x" - mraid35x
---> STAT = (NOT RUNNING) Disabled
043) "MSKSSRV" - Microsoft Streaming Service Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
044) "MSPCLOCK" - Microsoft Streaming Clock Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
045) "MSPQM" - Microsoft Streaming Quality Manager Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
046) "NAL" - Nal Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \??\C:\WINDOWS\system32\Drivers\iqvw32.sys
047) "NwlnkFlt" - IPX Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys
048) "NwlnkFwd" - IPX Traffic Forwarder Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys
049) "PCIDump" - PCIDump
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
050) "PCIIde" - PCIIde
---> STAT = (NOT RUNNING) Disabled
051) "PDCOMP" - PDCOMP
---> STAT = (NOT RUNNING) Started manually
052) "PDFRAME" - PDFRAME
---> STAT = (NOT RUNNING) Started manually
053) "PDRELI" - PDRELI
---> STAT = (NOT RUNNING) Started manually
054) "PDRFRAME" - PDRFRAME
---> STAT = (NOT RUNNING) Started manually
055) "perc2" - perc2
---> STAT = (NOT RUNNING) Disabled
056) "perc2hib" - perc2hib
---> STAT = (NOT RUNNING) Disabled
057) "Processor" - Processor Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\processr.sys
058) "QCNDISIF" - QCNDISIF
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\drivers\qcndisif.SYS
059) "ql1080" - ql1080
---> STAT = (NOT RUNNING) Disabled
060) "Ql10wnt" - Ql10wnt
---> STAT = (NOT RUNNING) Disabled
061) "ql12160" - ql12160
---> STAT = (NOT RUNNING) Disabled
062) "ql1240" - ql1240
---> STAT = (NOT RUNNING) Disabled
063) "ql1280" - ql1280
---> STAT = (NOT RUNNING) Disabled
064) "RDPWD" - RDPWD
---> STAT = (NOT RUNNING) Started manually
065) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\secdrv.sys
066) "Sfloppy" - Sfloppy
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
067) "Simbad" - Simbad
---> STAT = (NOT RUNNING) Disabled
068) "Sparrow" - Sparrow
---> STAT = (NOT RUNNING) Disabled
069) "splitter" - Microsoft Kernel Audio Splitter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
070) "swmidi" - Microsoft Kernel GS Wavetable Synthesizer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
071) "symc810" - symc810
---> STAT = (NOT RUNNING) Disabled
072) "symc8xx" - symc8xx
---> STAT = (NOT RUNNING) Disabled
073) "sym_hi" - sym_hi
---> STAT = (NOT RUNNING) Disabled
074) "sym_u3" - sym_u3
---> STAT = (NOT RUNNING) Disabled
075) "TDPIPE" - TDPIPE
---> STAT = (NOT RUNNING) Started manually
076) "TDTCP" - TDTCP
---> STAT = (NOT RUNNING) Started manually
077) "TosIde" - TosIde
---> STAT = (NOT RUNNING) Disabled
078) "TwoTrack" - IBM PS/2 TrackPoint Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\TwoTrack.sys
079) "u2kg54" - BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\rt2500usb.sys
080) "Udfs" - Udfs
---> STAT = (NOT RUNNING) Disabled
081) "ultra" - ultra
---> STAT = (NOT RUNNING) Disabled
082) "usbscan" - USB Scanner Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
083) "ViaIde" - ViaIde
---> STAT = (NOT RUNNING) Disabled
084) "WDICA" - WDICA
---> STAT = (NOT RUNNING) Started manually
085) "WS2IFSL" - Windows Socket 2.0 Non-IFS Service Provider Support Environment
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys
-------------Svchost Instances-------------
### LocalService:
Alerter
C:\WINDOWS\system32\alrsvc.dll
WebClient
C:\WINDOWS\System32\webclnt.dll
LmHosts
C:\WINDOWS\System32\lmhsvc.dll
RemoteRegistry
C:\WINDOWS\system32\regsvc.dll
upnphost
C:\WINDOWS\System32\upnphost.dll
SSDPSRV
C:\WINDOWS\System32\ssdpsrv.dll
### NetworkService:
DnsCache
C:\WINDOWS\System32\dnsrslvr.dll
### netsvcs:
6to4
No File Listed
AppMgmt
C:\WINDOWS\System32\appmgmts.dll
AudioSrv
C:\WINDOWS\System32\audiosrv.dll
Browser
C:\WINDOWS\System32\browser.dll
CryptSvc
C:\WINDOWS\System32\cryptsvc.dll
DMServer
C:\WINDOWS\System32\dmserver.dll
DHCP
C:\WINDOWS\System32\dhcpcsvc.dll
ERSvc
C:\WINDOWS\System32\ersvc.dll
EventSystem
C:\WINDOWS\System32\es.dll
FastUserSwitchingCompatibility
HidServ
C:\WINDOWS\System32\hidserv.dll
No File Listed
Iprip
No File Listed
Irmon
C:\WINDOWS\System32\irmon.dll
LanmanServer
C:\WINDOWS\System32\srvsvc.dll
LanmanWorkstation
C:\WINDOWS\System32\wkssvc.dll
Messenger
C:\WINDOWS\System32\msgsvc.dll
Netman
C:\WINDOWS\System32\netman.dll
C:\WINDOWS\System32\mswsock.dll
Ntmssvc
C:\WINDOWS\system32\ntmssvc.dll
NWCWorkstation
No File Listed
Nwsapagent
No File Listed
Rasauto
C:\WINDOWS\System32\rasauto.dll
Rasman
C:\WINDOWS\System32\rasmans.dll
Remoteaccess
C:\WINDOWS\System32\mprdim.dll
Schedule
C:\WINDOWS\system32\schedsvc.dll
Seclogon
C:\WINDOWS\System32\seclogon.dll
C:\WINDOWS\system32\sens.dll
Sharedaccess
C:\WINDOWS\System32\ipnathlp.dll
SRService
C:\WINDOWS\System32\srsvc.dll
Tapisrv
C:\WINDOWS\System32\tapisrv.dll
Themes
TrkWks
C:\WINDOWS\system32\trkwks.dll
W32Time
C:\WINDOWS\System32\w32time.dll
WZCSVC
C:\WINDOWS\System32\wzcsvc.dll
WmdmPmSp
No File Listed
winmgmt
C:\WINDOWS\system32\wbem\WMIsvc.dll
TermService
C:\WINDOWS\System32\termsrv.dll
wuauserv
C:\WINDOWS\system32\wuauserv.dll
BITS
C:\WINDOWS\System32\qmgr.dll
ShellHWDetection
helpsvc
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
xmlprov
C:\WINDOWS\System32\xmlprov.dll
wscsvc
C:\WINDOWS\system32\wscsvc.dll
WmdmPmSN
C:\WINDOWS\system32\MsPMSNSv.dll
### rpcss:
RpcSs
C:\WINDOWS\system32\rpcss.dll
### imgsvc:
StiSvc
C:\WINDOWS\system32\wiaservc.dll
### termsvcs:
TermService
C:\WINDOWS\System32\termsrv.dll
### HTTPFilter:
HTTPFilter
C:\WINDOWS\System32\w3ssl.dll
### DcomLaunch:
DcomLaunch
C:\WINDOWS\system32\rpcss.dll
TermService
C:\WINDOWS\System32\termsrv.dll
-------------loaded Dlls -------------
NOTE: already known legit dlls are not shown
------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
smss.exe pid: 600
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
------------------------------------------------------------------------------
csrss.exe pid: 664
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75b40000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75b50000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75b60000 0x4a000 5.01.2600.2751 C:\WINDOWS\system32\winsrv.dll
------------------------------------------------------------------------------
winlogon.exe pid: 688
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x6000 C:\WINDOWS\system32\tphklock.dll
0x00fa0000 0xc000 C:\WINDOWS\system32\NavLogon.dll
------------------------------------------------------------------------------
services.exe pid: 736
Command line: C:\WINDOWS\system32\services.exe
Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x758e0000 0x50000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dba0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b70000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll
------------------------------------------------------------------------------
lsass.exe pid: 748
Command line: C:\WINDOWS\system32\lsass.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x75730000 0xb4000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x74440000 0x6a000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x744b0000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x767c0000 0x2c000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x74380000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll
0x74410000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x743e0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x75d90000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x743a0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x743c0000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
------------------------------------------------------------------------------
ibmpmsvc.exe pid: 912
Command line: C:\WINDOWS\system32\ibmpmsvc.exe
Base Size Version Path
0x00400000 0x13000 1.33.0000.0000 C:\WINDOWS\system32\ibmpmsvc.exe
------------------------------------------------------------------------------
svchost.exe pid: 936
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x760f0000 0x53000 5.01.2600.2180 c:\windows\system32\termsrv.dll
0x74f70000 0x6000 5.01.2600.2180 c:\windows\system32\ICAAPI.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x75110000 0x1f000 5.01.2600.2180 c:\windows\system32\mstlsapi.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
------------------------------------------------------------------------------
svchost.exe pid: 1044
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
------------------------------------------------------------------------------
MsMpEng.exe pid: 1144
Command line: "C:\Program Files\Windows Defender\MsMpEng.exe"
Base Size Version Path
0x01000000 0x4000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpEng.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x5c800000 0x44000 1.01.1593.0000 C:\Program Files\Windows Defender\MpSvc.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5e800000 0xf000 1.01.1593.0000 C:\Program Files\Windows Defender\mprtplug.dll
0x01820000 0x2b5000 1.01.1904.0000 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E7367181-3162-4AAE-B5CE-F24FF61F0F9A}\mpengine.dll
------------------------------------------------------------------------------
svchost.exe pid: 1188
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76d80000 0x1e000 5.01.2600.2912 c:\windows\system32\dhcpcsvc.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x77620000 0x6e000 5.01.2600.2180 c:\windows\system32\wzcsvc.dll
0x76d30000 0x4000 5.01.2600.2180 c:\windows\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 c:\windows\system32\ESENT.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x65f40000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll
0x76b70000 0x1f000 5.01.2600.2180 C:\WINDOWS\System32\rastls.dll
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00fc0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\System32\TAPI32.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\System32\SCHANNEL.dll
0x58d30000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll
0x76bd0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\raschap.dll
0x77300000 0x32000 5.01.2600.2180 c:\windows\system32\schedsvc.dll
0x767a0000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x74f50000 0x5000 6.00.2900.2180 C:\WINDOWS\System32\MSIDLE.DLL
0x708b0000 0xd000 5.01.2600.2180 c:\windows\system32\audiosrv.dll
0x76e40000 0x23000 5.01.2600.2976 c:\windows\system32\wkssvc.dll
0x5b9f0000 0x64000 6.06.2600.2180 c:\windows\system32\qmgr.dll
0x76780000 0x9000 6.00.2900.2180 c:\windows\system32\SHFOLDER.dll
0x4d4f0000 0x58000 5.01.2600.2180 c:\windows\system32\WINHTTP.dll
0x76ce0000 0x12000 5.01.2600.2180 c:\windows\system32\cryptsvc.dll
0x77b90000 0x32000 5.01.2600.2180 c:\windows\system32\certcli.dll
0x74f80000 0x9000 5.01.2600.2180 c:\windows\system32\ersvc.dll
0x77710000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x74f40000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x75090000 0x1a000 5.01.2600.2577 c:\windows\system32\srvsvc.dll
0x77d00000 0x33000 5.01.2600.2743 c:\windows\system32\netman.dll
0x76400000 0x1a6000 5.01.2600.2180 c:\windows\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 c:\windows\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 c:\windows\system32\WZCSAPI.DLL
0x73d20000 0x8000 5.01.2600.2180 c:\windows\system32\seclogon.dll
0x722d0000 0xd000 5.01.2600.2180 c:\windows\system32\sens.dll
0x751a0000 0x2e000 5.01.2600.2180 c:\windows\system32\srsvc.dll
0x74ad0000 0x8000 6.00.2900.2180 c:\windows\system32\POWRPROF.dll
0x75070000 0x19000 5.01.2600.2180 c:\windows\system32\trkwks.dll
0x767c0000 0x2c000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x59490000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x753e0000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x65000000 0x2e000 7.00.5730.0011 C:\WINDOWS\System32\ADVPACK.dll
0x75150000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x600a0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x76da0000 0x15000 5.01.2600.2180 c:\windows\system32\browser.dll
0x66460000 0x55000 5.01.2600.2180 c:\windows\system32\ipnathlp.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x4c0a0000 0x17000 5.01.2600.2180 c:\windows\system32\wscsvc.dll
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76620000 0x13c000 2001.12.4414.0308 C:\WINDOWS\system32\comsvcs.dll
0x75130000 0x14000 2001.12.4414.0308 C:\WINDOWS\system32\colbact.DLL
0x750f0000 0x13000 2001.12.4414.0311 C:\WINDOWS\system32\MTXCLU.DLL
0x76d10000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\CLUSAPI.DLL
0x750b0000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\RESUTILS.DLL
0x762c0000 0x85000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\esscli.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\FastProx.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75200000 0x2e000 5.01.2600.2180 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x597f0000 0x6d000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x75390000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemess.dll
0x5f740000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\ncprov.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
0x755f0000 0x9a000 5.01.2600.2180 C:\WINDOWS\System32\netcfgx.dll
0x76de0000 0x23000 5.01.2600.2180 C:\WINDOWS\System32\upnp.dll
0x74f00000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\SSDPAPI.dll
0x7df30000 0x31000 5.01.2600.2936 C:\WINDOWS\System32\rasmans.dll
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x733e0000 0x40000 5.01.2600.2716 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\rastapi.dll
0x57cc0000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x72000000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\uniplat.dll
0x5b070000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x57d40000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x57d20000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x57d50000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x57d70000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x57d60000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x688f0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\HID.DLL
0x72240000 0x35000 5.01.2600.2180 C:\WINDOWS\System32\rasppp.dll
0x724b0000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\ntlsapi.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\System32\RASDLG.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\System32\dssenh.dll
0x6fb10000 0x9e000 2001.12.4414.0308 C:\WINDOWS\System32\catsrvut.dll
0x6fbd0000 0x3d000 2001.12.4414.0308 C:\WINDOWS\System32\catsrv.dll
0x61990000 0x9000 2001.12.4414.0258 C:\WINDOWS\System32\MfcSubs.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\sensapi.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1284
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76770000 0xd000 5.01.2600.2180 c:\windows\system32\dnsrslvr.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
svchost.exe pid: 1476
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74c40000 0x6000 5.01.2600.2180 c:\windows\system32\lmhsvc.dll
0x5a6e0000 0x15000 5.01.2600.2821 c:\windows\system32\webclnt.dll
0x00750000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76af0000 0x12000 5.01.2600.2180 c:\windows\system32\regsvc.dll
0x765e0000 0x14000 5.01.2600.2180 c:\windows\system32\ssdpsrv.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\System32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
------------------------------------------------------------------------------
spoolsv.exe pid: 1664
Command line: C:\WINDOWS\system32\spoolsv.exe
Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x75bb0000 0x56000 5.01.2600.2180 C:\WINDOWS\system32\localspl.dll
0x742a0000 0xe000 0.03.0000.0000 C:\WINDOWS\system32\cnbjmon.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x009e0000 0x8000 0.03.1897.0000 C:\WINDOWS\system32\mdimon.dll
0x00ec0000 0x8000 0.03.1897.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x75c10000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\win32spl.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\NETRAP.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x74300000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\inetpp.dll
------------------------------------------------------------------------------
guard.exe pid: 1944
Command line: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
Base Size Version Path
0x00400000 0x34000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
0x10000000 0xdd000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
0x76780000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
defwatch.exe pid: 1968
Command line: "C:\Program Files\NavNT\defwatch.exe"
Base Size Version Path
0x00400000 0x8000 7.60.0000.0926 C:\Program Files\NavNT\defwatch.exe
------------------------------------------------------------------------------
rtvscan.exe pid: 2024
Command line: "C:\Program Files\NavNT\rtvscan.exe"
Base Size Version Path
0x00400000 0x7a000 7.60.0000.0926 C:\Program Files\NavNT\rtvscan.exe
0x10000000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2.dll
0x00330000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ARJ.dll
0x00340000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ID.dll
0x00350000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LHA.dll
0x00360000 0x10000 2.50.0031.0052 C:\Program Files\NavNT\SymLHA.dll
0x00370000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LZ.dll
0x00380000 0x11000 2.50.0031.0052 C:\Program Files\NavNT\Dec2MIME.dll
0x003a0000 0x29000 2.50.0031.0052 C:\Program Files\NavNT\Dec2Zip.dll
0x003d0000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2AMG.dll
0x003e0000 0x1b000 2.50.0031.0052 C:\Program Files\NavNT\SYMAMG32.DLL
0x00480000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2UUE.dll
0x00490000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2SS.dll
0x004a0000 0xd000 2.50.0031.0052 C:\Program Files\NavNT\Dec2RTF.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x004b0000 0x10000 7.60.0000.0926 C:\Program Files\NavNT\NAVLU.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x01570000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x019a0000 0x42000 7.60.0000.0926 C:\Program Files\NavNT\i2ldvp3.dll
0x01a00000 0x31000 4.01.0000.0015 C:\Program Files\NavNT\NAVAPI32.DLL
0x69100000 0xd6000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX32a.DLL
0x692c0000 0x1e000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG32.DLL
0x01a70000 0xe000 5.03.0001.0039 C:\Program Files\NavNT\NAVAP32.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x50070000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\amslib.dll
0x01ac0000 0x18000 3.00.0000.0002 C:\WINDOWS\system32\loc32vc0.dll
0x03770000 0x2c000 7.60.0000.0926 C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\scandlgs.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
------------------------------------------------------------------------------
QCONSVC.EXE pid: 268
Command line: System32\QCONSVC.EXE
Base Size Version Path
0x00400000 0x15000 3.08.0001.0000 C:\WINDOWS\System32\QCONSVC.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
svchost.exe pid: 508
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75aa0000 0x55000 5.01.2600.2180 c:\windows\system32\wiaservc.dll
0x74ae0000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll
0x73b30000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
TpKmpSvc.exe pid: 636
Command line: C:\WINDOWS\system32\TpKmpSVC.exe
Base Size Version Path
0x00400000 0xa000 C:\WINDOWS\system32\TpKmpSVC.exe
------------------------------------------------------------------------------
wdfmgr.exe pid: 1136
Command line: C:\WINDOWS\system32\wdfmgr.exe
Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe
------------------------------------------------------------------------------
explorer.exe pid: 1784
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ba60000 0x71000 6.00.2900.2180 C:\WINDOWS\System32\themeui.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\MSIMG32.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\System32\msutb.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\System32\MSCTF.dll
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x74af0000 0xa000 6.00.2900.2180 C:\WINDOWS\System32\BatMeter.dll
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\System32\POWRPROF.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\NETSHELL.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x021c0000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x10000000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x021f0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x5af60000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\usbui.dll
0x01b10000 0x12000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x01af0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x6c1b0000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x00d00000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00d30000 0xa000 7.60.0000.0926 C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
0x00d90000 0x20000 7.05.0000.0049 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x73380000 0x57000 6.00.2900.2180 C:\WINDOWS\System32\zipfldr.dll
------------------------------------------------------------------------------
alg.exe pid: 2072
Command line: C:\WINDOWS\System32\alg.exe
Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
MSGSYS.EXE pid: 2148
Command line: MsgSys.EXE
Base Size Version Path
0x00400000 0x6000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.EXE
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
------------------------------------------------------------------------------
tp4serv.exe pid: 2520
Command line: "C:\WINDOWS\system32\tp4serv.exe"
Base Size Version Path
0x00400000 0x1b000 3.55.0000.0000 C:\WINDOWS\system32\tp4serv.exe
0x008b0000 0x1e000 C:\WINDOWS\system32\tp4uires.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
jusched.exe pid: 2532
Command line: "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
Base Size Version Path
0x00400000 0x9000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
ltmsg.exe pid: 2592
Command line: "C:\WINDOWS\system32\ltmsg.exe" 9
Base Size Version Path
0x00400000 0xf000 3.00.0000.0002 C:\WINDOWS\system32\ltmsg.exe
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
PRONoMgr.exe pid: 2652
Command line: "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
Base Size Version Path
0x00400000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\ENUPGUIR.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00d50000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\PNC802_3.dll
0x00d80000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\ENUPCMRs.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TPHKMGR.exe pid: 2664
Command line: "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
Base Size Version Path
0x00400000 0x19000 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0xd000 1.00.0000.0004 C:\WINDOWS\system32\Oemdspif.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
EZEJMNAP.EXE pid: 2784
Command line: "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
Base Size Version Path
0x00400000 0x3e000 1.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x10000000 0xe000 C:\PROGRA~1\ThinkPad\UTILIT~1\US\EzMApRes.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TPONSCR.exe pid: 2804
Command line: "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe"
Base Size Version Path
0x00400000 0x15000 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
QCTRAY.EXE pid: 2888
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"
Base Size Version Path
0x00400000 0xcf000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00240000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00250000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x05050000 0x11000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\TrayRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x081a0000 0x18000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANCA.dll
0x081c0000 0xf000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANC.dll
------------------------------------------------------------------------------
QCWLICON.EXE pid: 2916
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"
Base Size Version Path
0x00400000 0x17000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00340000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x00a00000 0x7000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\IconRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
rundll32.exe pid: 2924
Command line: "C:\WINDOWS\system32\RunDll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
Base Size Version Path
0x01000000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\RunDll32.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\powrprof.dll
0x00a00000 0x26000 4.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
PDVDServ.exe pid: 2996
Command line: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Base Size Version Path
0x00400000 0x8000 6.00.0000.1027 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0xa000 3.02.0000.2021 C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
qttask.exe pid: 3036
Command line: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Base Size Version Path
0x00400000 0x47000 7.01.0000.0210 C:\Program Files\QuickTime\qttask.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
GoogleDesktop.exe pid: 3048
Command line: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Base Size Version Path
0x00400000 0x33000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
MSASCui.exe pid: 3112
Command line: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Base Size Version Path
0x01000000 0xd7000 1.01.1593.0000 C:\Program Files\Windows Defender\MSASCui.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x61800000 0x9a000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpRes.dll
0x5d800000 0xac000 1.01.1593.0000 C:\Program Files\Windows Defender\MpRtMon.DLL
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x4b400000 0x86000 5.41.0015.1509 C:\WINDOWS\system32\MSFTEDIT.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
vptray.exe pid: 3140
Command line: "C:\Program Files\NavNT\vptray.exe"
Base Size Version Path
0x00400000 0x12000 7.60.0000.0926 C:\Program Files\NavNT\vptray.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x28000 7.60.0000.0926 C:\Program Files\NavNT\Cliproxy.dll
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x00950000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x00ba0000 0x40000 7.60.0000.0926 C:\Program Files\NavNT\Cliscan.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x009c0000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x00a20000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
ctfmon.exe pid: 3152
Command line: "C:\WINDOWS\system32\ctfmon.exe"
Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
GoogleToolbarNotifier.exe pid: 3184
Command line: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
Base Size Version Path
0x00400000 0x2b000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0xe000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00ef0000 0x41000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76d80000 0x1e000 5.01.2600.2912 C:\WINDOWS\system32\DHCPCSVC.DLL
0x77d00000 0x33000 5.01.2600.2743 C:\WINDOWS\system32\netman.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WZCSAPI.DLL
0x77620000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\WZCSvc.DLL
0x76d30000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 C:\WINDOWS\system32\ESENT.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
GoogleDesktopIndex.exe pid: 3228
Command line: "GoogleDesktopIndex.exe"
Base Size Version Path
0x00400000 0xc1000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
0x60000000 0x80000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x4d000000 0x34000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
iexplore.exe pid: 3540
Command line: "C:\Program Files\Internet Explorer\iexplore.exe"
Base Size Version Path
0x00400000 0x9a000 7.00.5730.0011 C:\Program Files\Internet Explorer\iexplore.exe
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\IEFRAME.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dff0000 0x2f000 7.00.5730.0011 C:\WINDOWS\system32\IEUI.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x47060000 0x21000 1.00.1018.0000 C:\WINDOWS\system32\xmllite.dll
0x746f0000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x61930000 0x4a000 7.00.5730.0011 C:\Program Files\Internet Explorer\ieproxy.dll
0x01270000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x10000000 0x337000 4.00.1020.2544 c:\program files\google\googletoolbar1.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x59a60000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x019a0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x7e830000 0x36f000 7.00.5730.0011 C:\WINDOWS\system32\mshtml.dll
0x746c0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x72ea0000 0x60000 7.00.5824.16386 C:\WINDOWS\system32\ieapfltr.dll
0x63380000 0x78000 5.07.0000.5730 C:\WINDOWS\system32\jscript.dll
0x1b000000 0xc000 7.00.5730.0011 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 7.00.5730.0011 C:\WINDOWS\system32\pngfilt.dll
0x30000000 0x222000 8.00.0022.0000 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
0x73300000 0x65000 5.07.0000.5730 C:\WINDOWS\system32\vbscript.dll
0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll
0x6d430000 0xa000 5.03.2600.2180 C:\WINDOWS\System32\ddrawex.dll
0x73760000 0x49000 5.03.2600.2180 C:\WINDOWS\System32\DDRAW.dll
0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll
0x63f00000 0xc000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x76200000 0x77000 7.00.5730.0011 C:\WINDOWS\system32\mshtmled.dll
0x58760000 0x32000 7.00.5730.0011 C:\WINDOWS\system32\iepeers.dll
0x07330000 0x8000 7.00.5730.0011 C:\WINDOWS\system32\corpol.dll
0x75e60000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5f800000 0x15000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpOAv.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x07ac0000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
------------------------------------------------------------------------------
jucheck.exe pid: 1368
Command line: -auto
Base Size Version Path
0x00400000 0x3c000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
0x00320000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
systemscan.exe pid: 1860
Command line: "C:\Documents and Settings\Administrator\Desktop\systemscan.exe"
Base Size Version Path
0x00400000 0x24000 C:\Documents and Settings\Administrator\Desktop\systemscan.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL
0x74e30000 0x6c000 5.30.0023.1221 C:\WINDOWS\system32\RICHED20.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
------------------------------------------------------------------------------
runme.exe pid: 3796
Command line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe"
Base Size Version Path
0x00400000 0x46000 2.00.0000.0023 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe
0x73420000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x6b800000 0x25000 5.06.0000.6626 C:\WINDOWS\system32\scrrun.dll
------------------------------------------------------------------------------
wmiprvse.exe pid: 2272
Command line: C:\WINDOWS\System32\wbem\wmiprvse.exe
Base Size Version Path
0x01000000 0x38000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvse.exe
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\wbem\FastProx.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ef0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemprox.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x5bd90000 0x18000 5.01.2600.2180 C:\WINDOWS\System32\wbem\stdprov.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\wbem\esscli.dll
------------------------------------------------------------------------------
cmd.exe pid: 1568
Command line: cmd /c listdlls.exe >> %systemdrive%\suspectfile\report.row
Base Size Version Path
0x4ad00000 0x61000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
Command line: listdlls.exe
Base Size Version Path
0x00400000 0x11000 2.25.0000.0000 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\LISTDLLS.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
-------------NTFS ADS -------------
Error opening C:\pagefile.sys:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
C:\Documents and Settings\Administrator\Desktop\FixLinkopt.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Desktop\gmer.zip:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Desktop\PrevxFixGrom.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Favorites\HJT logi, kone on _todella_ hidas.url:
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{340A3AE8-04A8-4934-861A-56F5C49D99CB}:
The process cannot access the file because it is being used by another process.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3D55C4EL\aawsepersonal[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8S63CC65\avgas-setup-7.5.0.50[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\FixLinkopt[1].exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\PrevxFixGrom[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\All Users\Application Data\TEMP:
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:
:encryptable:$DATA 0
Error opening C:\Documents and Settings\LocalService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
..
C:\Documents and Settings\Tapio Uotila\Desktop\86743.asx:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\Desktop\sdsetup.exe:
:Zone.Identifier:$DATA 26
.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CA5YJZYT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021975241&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=47&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAE34TAZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022000438&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=50&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAEJWLUJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022019503&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAF7GQGK.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021958420&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=56&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CANBAK0R.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CARFYKFV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022031971&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=44&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAUIC2ZB.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA2JGNP5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=46&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA6B4XM7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021886706&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA83TL1V.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022038314&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=52&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA9KBTN4.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAC3UMJC.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021967592&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=57&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAIZU761.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022048136&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=53&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAOL2RA5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022024028&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=40&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAWG8C2H.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAYRS92J.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=60&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA0YJ51Q.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022018172&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA43GJWV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=43&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAKD0H2D.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021953954&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=55&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQNC9Q1.fcgi%3Fcategory%3D1500000000000005%26conference%3D4500000000000011%26subcat%3D485&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQXCDSR.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021977928&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=48&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWRWPOL.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26posting%3D22000000021982266&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWW16W5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021979211&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=58&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAZWH8TT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022026604&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=41&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA16EGJS.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA6NOL2F.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022033338&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=59&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA9IU61Y.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021987684&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=49&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAABKTMV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAGDC007.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAM2I2X4.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022029204&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=42&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAMR4TU7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=51&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAW2BYS0.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022037652&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=45&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYB81IJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYJGLMB.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=54&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYVWHEZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
..
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\51koodia - Nimetty\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Anna Eriksson - Sinusta sinuun 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Kiila - 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD1_192\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD2_192\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Christian_Forss_-_Christian_Forss-KMR\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Greenday.-.American.Idiot.(2004).-.by.LoCkY\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\gunther - pleasureman [2004]\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\H.I.M_-_Wings_of_A_Butterfly-Promo-CDS-2005-OASiS\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Hanna Pakarinen - When I Become Me 2004\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Him - And Love Said No (2004)\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Irina - Vahva\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Kotiteollisuus - Helvetistä Itään\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Angels Fall First\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Century Child\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Oceanborn\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Once\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Stratovarius - Infinite\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The best of hiphop_2005(Beyoncé, Snoop Dogg,alicia keys,,Destinys Child,missy elliot,Dodo Power,50 cent,kelis,eminem,black eyes peas,Xzibit...)\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Black Eyed Peas - (2005) Monkey Business .[WwW.LiMiTeDiVx.CoM].By KELOLO\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Rasmus - Dead Letters\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\20.8.2006 Vääräjoella\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ahvenanmaa 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Elinan vanhojentanssit\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoon asuntomessut\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoosta\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\2005_02_06\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jeren kanssa muumimaailmassa kesällä 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Joukon kaverin ristiäiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\jämi\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jämillä retkeilemässä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kesä 2005 kuvia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\kesä 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kulta zoomailee\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kuninkaan lähteellä uimassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lentokauden päättäjäiset 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lomailua Tevaniemessä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Laivalla\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Naantalin kylpylässä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja kultaseni\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muumi maailmassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muuta sekalaista\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Heinijärvellä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Vääksyssä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Naamiaiset 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\O41 ja Opistonkuvia\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ollin kissa ja Janilta kuvia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Pallas 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\pirkan pyöräily 2006\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ranska 2005\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Savusukellusharj. paperitehtaalla\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Turvallisuus messut\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Vanajan linnassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Jämillä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa 11.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_19\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_20\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Yyterissä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Received Files\testi.jpg:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\bsplayer137.826.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DivXPlay.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\ffdshow-20041012.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\PDVD_6_trial.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\RealPlayer10-5GOLD.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\wrar351.exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Ensihoito\Hengitysäänet\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Alkusammutus harjoitus 2.2.06\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Avajaiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Eläinten käsittely\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Ensihoito\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Harjoitusalue\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Kastajaiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Laskeutuminen\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Letkuhuoltoa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\liikenneonnettomuus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Metsäpalokontti 21.3.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 1 7.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 2 8.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 3 9.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pintapelastus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Savusukellus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Ensihoito\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Vaahtokalusto 28.3.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Pulloventtiili.wmv:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\tvlista062006.doc:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\Uotilanuusin.doc:
:Zone.Identifier:$DATA 26
...
...
...
...
C:\RECYCLER\S-1-5-21-1220945662-436374069-854245398-1003\Dc5.asx:
:Zone.Identifier:$DATA 26
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP2\A0001103.exe:
:Zone.Identifier:$DATA 26
..
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004507.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004512.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004528.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004538.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004556.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004605.exe:
:Zone.Identifier:$DATA 26
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP46\A0004807.exe:
:Zone.Identifier:$DATA 26
.
...
...
...
...
...
...
...
Error opening C:\WINDOWS\system32\lpt6.waq:
The system cannot find the file specified.
...
Error opening C:\WINDOWS\system32\CatRoot2\edb.log:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\CatRoot2\tmp.edb:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\default:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\default.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SAM:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SAM.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SECURITY:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SECURITY.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\software:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\software.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\system:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\system.LOG:
The process cannot access the file because it is being used by another process.
...
.
-------------Encrypting File System dumping-------------
-------------Hidden Files -------------
Scannig hidden processes ...
Scannig hidden services ...
Scannig hidden autostart entries ...
Scannig hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
-------------Checking Rustock rootkit-------------
-------------Checking Suspicious files -------------
(Unusually Runtime packers compressed exe and dll files in C:\, C:\WINDOWS\, C:\WINDOWS\system32\)
Note:Not all files found by this scanner are bad
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SRCHSTS.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWREG.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWSC.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\IFMON.DLL
-This file is compressed with Nspack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\DIVX.DLL
--------------------------
Scan completed in 29,1 minutes
End of report
|
|
nurmijan
Newbie
|
5. tammikuuta 2007 @ 06:02 |
Linkki tähän viestiin
|
Ei suostuneet fixlinkoptimizer ja prevx enään käynistymään. Mutta kokeilin systemscan softaa, koka skannasi koneeni. Poisto työkaluna tuo tarjoaa AVRunner. Tässä logi systemscanilla. Myös alinmaisena HT:n startup logi safemodessa.
Olisiko noista logeista apua?
systemscan - www.suspectfile.com - ver. 2.0.23
Date: pe 05.01.2007
Time: 8:53:26,99
Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-------------Users folders -------------
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\documents and settings
03.01.2007 08:40 <DIR> Administrator
27.12.2005 20:13 <DIR> All Users
27.12.2005 18:23 <DIR> Default User
27.12.2005 19:06 <DIR> LocalService
27.12.2005 18:29 <DIR> NetworkService
29.11.2006 10:40 <DIR> Tapio Uotila
04.01.2007 15:41 <DIR> testi
-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Program Files\Common Files, C:\WINDOWS\temp
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\
04.01.2007 15:44 <DIR> Config.Msi
05.01.2007 08:53 <DIR> suspectfile
04.01.2007 13:05 <DIR> Documents and Settings
04.01.2007 15:44 <DIR> WINDOWS
04.01.2007 15:44 <DIR> Program Files
04.01.2007 12:02 0 gromozon_removal.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS
04.01.2007 15:44 <DIR> WBEM
05.01.2007 08:50 <DIR> temp
04.01.2007 15:44 <DIR> system32
05.01.2007 08:52 <DIR> Prefetch
03.01.2007 13:29 <DIR> Help
04.01.2007 15:41 <DIR> network diagnostic
21.11.2006 15:09 <DIR> msagent
03.01.2007 13:27 <DIR> Media
03.01.2007 13:23 11ÿ859 KB904942.log
03.01.2007 13:23 5ÿ640 KB914440.log
03.01.2007 13:24 6ÿ980 KB915865.log
20.11.2006 23:03 17ÿ414 KB920213.log
03.01.2007 13:27 1ÿ355 imsins.log
20.11.2006 23:03 31ÿ584 KB922760.log
03.01.2007 07:43 10ÿ795 KB923689.log
03.01.2007 07:43 11ÿ923 KB923694.log
20.11.2006 23:04 16ÿ159 KB923980.log
20.11.2006 23:04 15ÿ802 KB924270.log
03.01.2007 07:46 9ÿ141 KB925398.log
03.01.2007 07:46 33ÿ589 KB925454.log
03.01.2007 07:43 12ÿ115 KB926255.log
03.01.2007 13:27 44ÿ769 medctroc.Log
03.01.2007 13:25 1ÿ355 imsins.BAK
03.01.2007 13:27 774ÿ021 iis6.log
03.01.2007 13:28 25ÿ367 ie7_main.log
03.01.2007 13:27 47ÿ757 ie7.log
03.01.2007 13:27 32ÿ722 msgsocm.log
03.01.2007 13:27 214ÿ744 msmqinst.log
03.01.2007 13:25 7ÿ768 IDNMitigationAPIs.log
03.01.2007 13:27 110ÿ476 netfxocm.log
03.01.2007 13:24 7ÿ426 NLSDownlevelMapping.log
04.01.2007 15:51 1ÿ411ÿ686 ntbtlog.txt
03.01.2007 13:27 135ÿ039 ntdtcsetup.log
03.01.2007 13:27 324ÿ287 ocgen.log
03.01.2007 13:27 35ÿ869 ocmsn.log
04.01.2007 13:05 1ÿ859 OEWABLog.txt
03.01.2007 13:27 637ÿ985 FaxSetup.log
13.12.2006 18:02 1ÿ409 QTFont.for
04.01.2007 15:49 32ÿ634 SchedLgU.Txt
03.01.2007 13:27 222ÿ598 comsetup.log
03.01.2007 14:21 166ÿ052 setupact.log
03.01.2007 13:25 576ÿ401 setupapi.log
03.01.2007 07:53 741ÿ625 setuplog.txt
03.01.2007 13:30 38ÿ264 spupdsvc.log
08.11.2006 20:15 115 cdplayer.ini
03.01.2007 13:27 31ÿ539 tabletoc.log
03.01.2007 13:27 301ÿ558 tsoc.log
03.01.2007 13:27 55ÿ141 updspapi.log
05.01.2007 08:27 0 0.log
05.01.2007 08:27 159 wiadebug.log
05.01.2007 08:27 48 wiaservc.log
05.01.2007 08:48 1ÿ283ÿ208 WindowsUpdate.log
04.01.2007 13:05 72ÿ954 wmsetup.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS\system32
04.01.2007 15:40 <DIR> Restore
03.01.2007 13:27 <DIR> en-US
04.01.2007 15:41 <DIR> drivers
03.01.2007 13:27 <DIR> config
05.01.2007 08:30 <DIR> CatRoot2
03.01.2007 08:24 <DIR> appmgmt
07.11.2006 03:25 10ÿ240 advpack.dll.mui
07.11.2006 03:26 123ÿ904 advpack.dll
07.11.2006 21:03 131ÿ584 extmgr.dll
07.11.2006 03:26 54ÿ784 ie4uinit.exe
07.11.2006 03:26 152ÿ064 ieakeng.dll
07.11.2006 03:27 229ÿ376 ieaksie.dll
07.11.2006 03:25 161ÿ792 ieakui.dll
07.11.2006 03:27 382ÿ976 iedkcs32.dll
07.11.2006 21:03 6ÿ049ÿ280 ieframe.dll
07.11.2006 21:03 191ÿ488 iepeers.dll
07.11.2006 03:26 43ÿ008 iernonce.dll
07.11.2006 03:26 55ÿ296 iesetup.dll
07.11.2006 03:26 13ÿ312 ieudinit.exe
07.11.2006 21:03 180ÿ736 ieui.dll
07.11.2006 03:24 56ÿ483 ieuinit.inf
08.11.2006 07:06 679ÿ424 inetcomm.dll
07.11.2006 03:26 92ÿ672 inseng.dll
07.11.2006 21:03 27ÿ136 jsproxy.dll
12.12.2006 10:45 1ÿ474ÿ864 LegitCheckControl.DLL
08.12.2006 01:13 10ÿ716ÿ584 MRT.exe
07.11.2006 21:03 458ÿ752 msfeeds.dll
07.11.2006 21:03 50ÿ688 msfeedsbs.dll
07.11.2006 03:26 71ÿ680 admparse.dll
07.11.2006 21:03 3ÿ577ÿ856 mshtml.dll
07.11.2006 21:03 475ÿ648 mshtmled.dll
07.11.2006 21:03 156ÿ160 msls31.dll
07.11.2006 21:03 670ÿ720 mstime.dll
12.11.2006 19:16 1ÿ688 TRJ_NTAUTO.TMP
07.11.2006 21:03 1ÿ162ÿ240 urlmon.dll
07.11.2006 21:03 413ÿ696 vbscript.dll
07.11.2006 21:03 231ÿ424 webcheck.dll
07.11.2006 21:03 818ÿ688 wininet.dll
07.12.2006 07:29 2ÿ374ÿ472 wmvcore.dll
03.01.2007 13:25 2ÿ206 wpa.dbl
03.01.2007 08:32 0 ypsg.dll
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\Program Files\Common Files
03.01.2007 07:42 <DIR> System
Volume in drive C has no label.
Volume Serial Number is F8CC-368F
Directory of C:\WINDOWS\temp
05.01.2007 08:48 4ÿ790 MpSigStub.log
05.01.2007 08:48 3ÿ694 MpCmdRun.log
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
[Run]
-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------
[Windows]
"AppInit_DLLs"="\\?\C:\WINDOWS\system32\lpt6.waq"
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"DisplayName"=expand:"@iedkcs32.dll,-3051"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"DisplayName"=expand:"@iedkcs32.dll,-3014"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\NavLogon]
"DllName"="C:\WINDOWS\system32\NavLogon.dll"
"Logoff"="NavLogoffEvent"
"StartShell"="NavStartShellEvent"
[Winlogon\Notify\QConGina]
@Class="HKEY_LOCAL_MACHINE"
"DllName"="QConGina.dll"
"Logoff"="QConGinaWLEventLogoff"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\tphotkey]
@=""
"DllName"="tphklock.dll"
"Startup"="WLEventStartup"
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp"
"BuildNumber"=dword:00000a28
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
"TrackPointSrv"="tp4serv.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
"LTWinModem1"="ltmsg.exe 9"
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
"BLOG"="rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog"
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper"
"QCTRAY"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"
"QCWLICON"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"
"BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor"
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\""
"TkBellExe"="\"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe\" /startup"
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"vptray"="C:\Program Files\NavNT\vptray.exe"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------
[RunOnce]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------
[RunOnceEx]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------
[RunServices]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:000002ec
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="239650f4"
"Pattern"=hex:6c,b4,d2,8e,b9,10,7c,6f,92,40,70,a0,ee,d5,cd,50,32,33,39,36,35,\
30,66,34,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,18,e2,86,74
[Lsa\GBG]
@Class="18fb6b05"
"GrafBlumGroup"=hex:e2,cc,ea,56,3e,12,2a,07,57
[Lsa\JD]
@Class="0e4774b9"
"Lookup"=hex:c6,4f,67,d3,57,37
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="86e2d8c2"
"SkewMatrix"=hex:50,7f,78,97,13,a2,e3,3b,83,6a,7d,dc,8c,64,7b,f6
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:70,49,00,66,0c,0b,c6,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031
-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
[SharedAccess\Epoch]
"Epoch"=dword:000023dd
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe"="C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe:*:Disabled:DC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"
[SharedAccess\Security]
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-------------HKLM\Software\Microsoft\Ole-------------
[Ole]
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------
@="\"%1\" /S"
-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
@="Selaimen mukautukset"
"ComponentID"="BRANDING.CAB"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@="Windows Media Player"
"ComponentID"="WMPACCESS"
"StubPath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-21"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@C:\WINDOWS\system32\iedkcs32.dll,-3052"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\Microsoft Base Smart Card Crypto Provider Package]
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.5.0_06\bin\regutils.dll"
[Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
"ComponentID"="KB922770"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
@="Internet Explorerin Lueminut-tiedosto"
"ComponentID"="IEREADME"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
@="IEEX"
"ComponentID"="IEEX"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4CDAF616-D274-41F9-9478-64D5CCFADE80}]
@="Macromedia Shockwave Player"
"ComponentID"="CUSTOM1"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-20"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
"ComponentID"="M886903"
@="Microsoft .NET Framework 1.1 Hotfix (KB886903)"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"ComponentID"="KB917283"
[Installed Components\{C47D9DDA-83FF-4907-9056-DC7827271070}]
@="Macromedia FlashPlayer"
"ComponentID"="CUSTOM0"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
#### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx"
@="Macromedia Flash Player 8"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000FC0000000000000000000000000000004DF09D45010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 9181 (0x23DD)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 9178 (0x23DA)
Result compared: Different
-------------List of running services -------------
000) "ALG" - Application Layer Gateway Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
001) "AudioSrv" - Windows Audio
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
002) "AVG Anti-Spyware Guard" - AVG Anti-Spyware Guard
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
003) "BITS" - Background Intelligent Transfer Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
004) "CryptSvc" - Cryptographic Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
005) "DcomLaunch" - DCOM Server Process Launcher
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
006) "DefWatch" - DefWatch
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\defwatch.exe"
007) "Dhcp" - DHCP Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
008) "Dnscache" - DNS Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k NetworkService
009) "ERSvc" - Error Reporting Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
010) "Eventlog" - Event Log
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
011) "EventSystem" - COM+ Event System
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
012) "FastUserSwitchingCompatibility" - Fast User Switching Compatibility
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
013) "helpsvc" - Help and Support
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
014) "IBMPMSVC" - ThinkPad PM Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\ibmpmsvc.exe
015) "Irmon" - Infrared Monitor
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
016) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
017) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
018) "LmHosts" - TCP/IP NetBIOS Helper
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
019) "Netman" - Network Connections
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
020) "Nla" - Network Location Awareness (NLA)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
021) "Norton AntiVirus Server" - Norton AntiVirus Client
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\rtvscan.exe"
022) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
023) "PolicyAgent" - IPSEC Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\lsass.exe
024) "ProtectedStorage" - Protected Storage
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
025) "QCONSVC" - QCONSVC
---> STAT = (RUNNING) Started automatically
---> FILE = System32\QCONSVC.EXE
026) "RasMan" - Remote Access Connection Manager
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
027) "RemoteRegistry" - Remote Registry
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
028) "RpcSs" - Remote Procedure Call (RPC)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
029) "SamSs" - Security Accounts Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
030) "Schedule" - Task Scheduler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
031) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
032) "SENS" - System Event Notification
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
033) "SharedAccess" - Windows Firewall/Internet Connection Sharing (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
034) "ShellHWDetection" - Shell Hardware Detection
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
035) "Spooler" - Print Spooler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
036) "srservice" - System Restore Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
037) "SSDPSRV" - SSDP Discovery Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
038) "stisvc" - Windows Image Acquisition (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k imgsvc
039) "TapiSrv" - Telephony
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
040) "TermService" - Terminal Services
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
041) "Themes" - Themes
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
042) "TpKmpSVC" - IBM KCU Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\TpKmpSVC.exe
043) "TrkWks" - Distributed Link Tracking Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
044) "UMWdf" - Windows User Mode Driver Framework
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\wdfmgr.exe
045) "W32Time" - Windows Time
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
046) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
047) "WinDefend" - Windows Defender
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\Windows Defender\MsMpEng.exe"
048) "winmgmt" - Windows Management Instrumentation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
049) "wscsvc" - Security Center
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
050) "wuauserv" - Automatic Updates
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
051) "WZCSVC" - Wireless Zero Configuration
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
..:: BOOT REGISTRY ::..
0) "TrackPointSrv"
---> CMD = tp4serv.exe
---> FILE = C:\WINDOWS\System32\tp4serv.exe
1) "SunJavaUpdateSched"
---> CMD = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
2) "LTWinModem1"
---> CMD = ltmsg.exe 9
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\ltmsg.exe 9
3) "PRONoMgr.exe"
---> CMD = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
---> FILE = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
4) "TPHOTKEY"
---> CMD = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
5) "TP4EX"
---> CMD = tp4ex.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\tp4ex.exe
6) "EZEJMNAP"
---> CMD = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
---> FILE = C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
7) "BLOG"
---> CMD = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
---> FILE = (NOT EXISTS)
8) "TPKMAPHELPER"
---> CMD = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
---> FILE = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
9) "QCTRAY"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
10) "QCWLICON"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
11) "BMMGAG"
---> CMD = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
---> FILE = (NOT EXISTS)
12) "BMMLREF"
---> CMD = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
---> FILE = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
13) "NeroFilterCheck"
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe
14) "RemoteControl"
---> CMD = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
---> FILE = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
15) "TkBellExe"
---> CMD = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
---> FILE = (NOT EXISTS)
16) "QuickTime Task"
---> CMD = "C:\Program Files\QuickTime\qttask.exe" -atboottime
---> FILE = (NOT EXISTS)
17) "Google Desktop Search"
---> CMD = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
---> FILE = (NOT EXISTS)
18) "Windows Defender"
---> CMD = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
---> FILE = (NOT EXISTS)
19) "vptray"
---> CMD = C:\Program Files\NavNT\vptray.exe
---> FILE = C:\Program Files\NavNT\vptray.exe
-------------List of NOT running services -------------
000) "Alerter" - Alerter
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
001) "AppMgmt" - Application Management
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
002) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
003) "Browser" - Computer Browser
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
004) "cisvc" - Indexing Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\cisvc.exe
005) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe
006) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
007) "COMSysApp" - COM+ System Application
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
008) "dmadmin" - Logical Disk Manager Administrative Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
009) "dmserver" - Logical Disk Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
010) "HidServ" - Human Interface Device Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
011) "HTTPFilter" - HTTP SSL
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
012) "IDriverT" - InstallDriver Table Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
013) "ImapiService" - IMAPI CD-Burning COM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\imapi.exe
014) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
015) "mnmsrvc" - NetMeeting Remote Desktop Sharing
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\mnmsrvc.exe
016) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msdtc.exe
017) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V
018) "NetDDE" - Network DDE
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
019) "NetDDEdsdm" - Network DDE DSDM
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
020) "Netlogon" - Net Logon
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe
021) "NetSvc" - Intel NCS NetService
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Intel\NCS\Sync\NetSvc.exe
022) "NtLmSsp" - NT LM Security Support Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe
023) "NtmsSvc" - Removable Storage
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
024) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
025) "RasAuto" - Remote Access Auto Connection Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
026) "RDSessMgr" - Remote Desktop Help Session Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
027) "RemoteAccess" - Routing and Remote Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
028) "RpcLocator" - Remote Procedure Call (RPC) Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\locator.exe
029) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\rsvp.exe
030) "SCardSvr" - Smart Card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
031) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754}
032) "SysmonLog" - Performance Logs and Alerts
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
033) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\tlntsvr.exe
034) "upnphost" - Universal Plug and Play Device Host
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
035) "UPS" - Uninterruptible Power Supply
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
036) "VSS" - Volume Shadow Copy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
037) "WMConnectCDS" - Windows Media Connect Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Windows Media Connect 2\wmccds.exe
038) "WmdmPmSN" - Portable Media Serial Number Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
039) "Wmi" - Windows Management Instrumentation Driver Extensions
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
040) "WmiApSrv" - WMI Performance Adapter
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\wbem\wmiapsrv.exe
041) "xmlprov" - Network Provisioning Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
-------------List of running device driver services -------------
000) "ACPI" - Microsoft ACPI Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPI.sys
001) "ACPIEC" - Microsoft Embedded Controller Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPIEC.sys
002) "AFD" - AFD Networking Support Environment
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
003) "agp440" - Intel AGP Bus Filter
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\agp440.sys
004) "ANC" - ANC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\ANC.SYS
005) "atapi" - Standard IDE/ESDI Hard Disk Controller
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\atapi.sys
006) "audstub" - Audio Stub Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys
007) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
008) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys
009) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function
010) "BUFADPT" - BUFADPT
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\WINDOWS\system32\BUFADPT.SYS
011) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled
012) "Cdrom" - CD-ROM Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys
013) "CmBatt" - Microsoft AC Adapter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\CmBatt.sys
014) "Compbatt" - Microsoft Composite Battery Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\compbatt.sys
015) "cs429x" - Crystal WDM Audio Codec Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\cwawdm.sys
016) "Disk" - Disk Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\disk.sys
017) "E100B" - Intel(R) PRO Network Connection Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\e100b325.sys
018) "Fastfat" - Fastfat
---> STAT = (RUNNING) Disabled
019) "Fdc" - Floppy Disk Controller Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys
020) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function
021) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\drivers\fltmgr.sys
022) "Ftdisk" - Volume Manager Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ftdisk.sys
023) "Gpc" - Generic Packet Classifier
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys
024) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
025) "i8042prt" - i8042 Keyboard and PS/2 Mouse Port Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\i8042prt.sys
026) "IBMPMDRV" - IBMPMDRV
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ibmpmdrv.sys
027) "IBMTPCHK" - IBMTPCHK
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\IBMBLDID.SYS
028) "Imapi" - CD-Burning Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys
029) "IntelIde" - IntelIde
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\intelide.sys
030) "IpNat" - IP Network Address Translator
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys
031) "IPSec" - IPSEC driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys
032) "irda" - IrDA Protocol
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys
033) "IRENUM" - IR Enumerator Service
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys
034) "isapnp" - PnP ISA/EISA Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\isapnp.sys
035) "Kbdclass" - Keyboard Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys
036) "kmixer" - Microsoft Kernel Wave Audio Mixer
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
037) "KSecDD" - KSecDD
---> STAT = (RUNNING) Started by operating system loader
038) "ltmodem5" - Lucent Modem Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ltmdmxp.sys
039) "mnmdd" - mnmdd
---> STAT = (RUNNING) Started by "IoInitSystem" function
040) "Modem" - Modem
---> STAT = (RUNNING) Started manually
041) "Mouclass" - Mouse Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys
042) "MountMgr" - Mount Point Manager
---> STAT = (RUNNING) Started by operating system loader
043) "MRxDAV" - WebDav Client Redirector
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys
044) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys
045) "Msfs" - Msfs
---> STAT = (RUNNING) Started by "IoInitSystem" function
046) "mssmbios" - Microsoft System Management BIOS Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys
047) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
048) "NAVAP" - NAVAP
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\NavNT\NAVAP.sys
049) "NAVAPEL" - NAVAPEL
---> STAT = (RUNNING) Started automatically
---> FILE = \??\C:\Program Files\NavNT\NAVAPEL.SYS
050) "NAVENG" - NAVENG
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.sys
051) "NAVEX15" - NAVEX15
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.sys
052) "NDIS" - NDIS System Driver
---> STAT = (RUNNING) Started by operating system loader
053) "NdisTapi" - Remote Access NDIS TAPI Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys
054) "Ndisuio" - NDIS Usermode I/O Protocol
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys
055) "NdisWan" - Remote Access NDIS WAN Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys
056) "NDProxy" - NDIS Proxy
---> STAT = (RUNNING) Started manually
057) "NetBIOS" - NetBIOS Interface
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys
058) "NetBT" - NetBios over Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
059) "Npfs" - Npfs
---> STAT = (RUNNING) Started by "IoInitSystem" function
060) "NSCIRDA" - NSC Infrared Device Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nscirda.sys
061) "Ntfs" - Ntfs
---> STAT = (RUNNING) Disabled
062) "Null" - Null
---> STAT = (RUNNING) Started by "IoInitSystem" function
063) "P3" - Intel PentiumIII Processor Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\p3.sys
064) "Parport" - Parallel port driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys
065) "PartMgr" - Partition Manager
---> STAT = (RUNNING) Started by operating system loader
066) "ParVdm" - ParVdm
---> STAT = (RUNNING) Started automatically
067) "PCI" - PCI Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pci.sys
068) "Pcmcia" - Pcmcia
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pcmcia.sys
069) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspptp.sys
070) "PSched" - QoS Packet Scheduler
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\psched.sys
071) "Ptilink" - Direct Parallel Link Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ptilink.sys
072) "PxHelp20" - PxHelp20
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\Drivers\PxHelp20.sys
073) "RasAcd" - Remote Access Auto Connection Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rasacd.sys
074) "Rasirda" - WAN Miniport (IrDA)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasirda.sys
075) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasl2tp.sys
076) "RasPppoe" - Remote Access PPPOE Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspppoe.sys
077) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspti.sys
078) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rdbss.sys
079) "RDPCDD" - RDPCDD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
080) "rdpdr" - Terminal Server Device Redirector Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rdpdr.sys
081) "redbook" - Digital CD Audio Playback Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\redbook.sys
082) "S3SSavage" - S3SSavage
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\s3ssavm.sys
083) "serenum" - Serenum Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\serenum.sys
084) "Serial" - Serial port driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\serial.sys
085) "Smapint" - Smapint
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Smapint.sys
086) "sr" - System Restore Filter Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\sr.sys
087) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv.sys
088) "swenum" - Software Bus Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\swenum.sys
089) "SymEvent" - SymEvent
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\Symantec\SYMEVENT.SYS
090) "sysaudio" - Microsoft Kernel System Audio Device
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
091) "Tcpip" - TCP/IP Protocol Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\tcpip.sys
092) "TDSMAPI" - TDSMAPI
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TDSMAPI.SYS
093) "TermDD" - Terminal Device Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\termdd.sys
094) "Tp4Track" - PS/2 TrackPoint Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\tp4track.sys
095) "TPHKDRV" - TPHKDRV
---> STAT = (RUNNING) Started by "IoInitSystem" function
096) "TPPWR" - TPPWR
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Tppwr.sys
097) "TSMAPIP" - TSMAPIP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TSMAPIP.SYS
098) "Update" - Microcode Update Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\update.sys
099) "usbhub" - USB2 Enabled Hub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbhub.sys
100) "USBSTOR" - USB Mass Storage Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
101) "usbuhci" - Microsoft USB Universal Host Controller Miniport Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbuhci.sys
102) "VgaSave" - VGA Display Controller.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
103) "VolSnap" - VolSnap
---> STAT = (RUNNING) Started by operating system loader
104) "Wanarp" - Remote Access IP ARP Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\wanarp.sys
105) "wdmaud" - Microsoft WINMM WDM Audio Compatibility Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
-------------List of NOT running device driver services -------------
000) "abp480n5" - abp480n5
---> STAT = (NOT RUNNING) Disabled
001) "ac97intc" - Intel(r) 82801 Audio Driver Install Service (WDM)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ac97intc.sys
002) "adpu160m" - adpu160m
---> STAT = (NOT RUNNING) Disabled
003) "aec" - Microsoft Kernel Acoustic Echo Canceller
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
004) "Aha154x" - Aha154x
---> STAT = (NOT RUNNING) Disabled
005) "aic78u2" - aic78u2
---> STAT = (NOT RUNNING) Disabled
006) "aic78xx" - aic78xx
---> STAT = (NOT RUNNING) Disabled
007) "AliIde" - AliIde
---> STAT = (NOT RUNNING) Disabled
008) "amsint" - amsint
---> STAT = (NOT RUNNING) Disabled
009) "asc" - asc
---> STAT = (NOT RUNNING) Disabled
010) "asc3350p" - asc3350p
---> STAT = (NOT RUNNING) Disabled
011) "asc3550" - asc3550
---> STAT = (NOT RUNNING) Disabled
012) "AsyncMac" - RAS Asynchronous Media Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys
013) "Atdisk" - Atdisk
---> STAT = (NOT RUNNING) Disabled
014) "Atmarpc" - ATM ARP Client Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys
015) "BFAIFILT" - BFAIFILT
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\bfaifilt.sys
016) "cbidf2k" - cbidf2k
---> STAT = (NOT RUNNING) Disabled
017) "cd20xrnt" - cd20xrnt
---> STAT = (NOT RUNNING) Disabled
018) "Cdaudio" - Cdaudio
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
019) "Changer" - Changer
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
020) "CmdIde" - CmdIde
---> STAT = (NOT RUNNING) Disabled
021) "Cpqarray" - Cpqarray
---> STAT = (NOT RUNNING) Disabled
022) "dac960nt" - dac960nt
---> STAT = (NOT RUNNING) Disabled
023) "dmboot" - dmboot
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
024) "dmio" - dmio
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmio.sys
025) "dmload" - dmload
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmload.sys
026) "DMusic" - Microsoft Kernel DLS Syntheiszer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
027) "dpti2o" - dpti2o
---> STAT = (NOT RUNNING) Disabled
028) "drmkaud" - Microsoft Kernel DRM Audio Descrambler
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
029) "Flpydisk" - Floppy Disk Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys
030) "HidUsb" - Microsoft HID Class Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys
031) "hpn" - hpn
---> STAT = (NOT RUNNING) Disabled
032) "hpt3xx" - hpt3xx
---> STAT = (NOT RUNNING) Disabled
033) "i2omgmt" - i2omgmt
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
034) "i2omp" - i2omp
---> STAT = (NOT RUNNING) Disabled
035) "ini910u" - ini910u
---> STAT = (NOT RUNNING) Disabled
036) "ip6fw" - IPv6 Windows Firewall Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
037) "IpFilterDriver" - IP Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys
038) "IpInIp" - IP in IP Tunnel Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys
039) "kbdhid" - Keyboard HID Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdhid.sys
040) "lbrtfdc" - lbrtfdc
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
041) "mouhid" - Mouse HID Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys
042) "mraid35x" - mraid35x
---> STAT = (NOT RUNNING) Disabled
043) "MSKSSRV" - Microsoft Streaming Service Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
044) "MSPCLOCK" - Microsoft Streaming Clock Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
045) "MSPQM" - Microsoft Streaming Quality Manager Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
046) "NAL" - Nal Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \??\C:\WINDOWS\system32\Drivers\iqvw32.sys
047) "NwlnkFlt" - IPX Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys
048) "NwlnkFwd" - IPX Traffic Forwarder Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys
049) "PCIDump" - PCIDump
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
050) "PCIIde" - PCIIde
---> STAT = (NOT RUNNING) Disabled
051) "PDCOMP" - PDCOMP
---> STAT = (NOT RUNNING) Started manually
052) "PDFRAME" - PDFRAME
---> STAT = (NOT RUNNING) Started manually
053) "PDRELI" - PDRELI
---> STAT = (NOT RUNNING) Started manually
054) "PDRFRAME" - PDRFRAME
---> STAT = (NOT RUNNING) Started manually
055) "perc2" - perc2
---> STAT = (NOT RUNNING) Disabled
056) "perc2hib" - perc2hib
---> STAT = (NOT RUNNING) Disabled
057) "Processor" - Processor Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\processr.sys
058) "QCNDISIF" - QCNDISIF
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\drivers\qcndisif.SYS
059) "ql1080" - ql1080
---> STAT = (NOT RUNNING) Disabled
060) "Ql10wnt" - Ql10wnt
---> STAT = (NOT RUNNING) Disabled
061) "ql12160" - ql12160
---> STAT = (NOT RUNNING) Disabled
062) "ql1240" - ql1240
---> STAT = (NOT RUNNING) Disabled
063) "ql1280" - ql1280
---> STAT = (NOT RUNNING) Disabled
064) "RDPWD" - RDPWD
---> STAT = (NOT RUNNING) Started manually
065) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\secdrv.sys
066) "Sfloppy" - Sfloppy
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
067) "Simbad" - Simbad
---> STAT = (NOT RUNNING) Disabled
068) "Sparrow" - Sparrow
---> STAT = (NOT RUNNING) Disabled
069) "splitter" - Microsoft Kernel Audio Splitter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
070) "swmidi" - Microsoft Kernel GS Wavetable Synthesizer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
071) "symc810" - symc810
---> STAT = (NOT RUNNING) Disabled
072) "symc8xx" - symc8xx
---> STAT = (NOT RUNNING) Disabled
073) "sym_hi" - sym_hi
---> STAT = (NOT RUNNING) Disabled
074) "sym_u3" - sym_u3
---> STAT = (NOT RUNNING) Disabled
075) "TDPIPE" - TDPIPE
---> STAT = (NOT RUNNING) Started manually
076) "TDTCP" - TDTCP
---> STAT = (NOT RUNNING) Started manually
077) "TosIde" - TosIde
---> STAT = (NOT RUNNING) Disabled
078) "TwoTrack" - IBM PS/2 TrackPoint Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\TwoTrack.sys
079) "u2kg54" - BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\rt2500usb.sys
080) "Udfs" - Udfs
---> STAT = (NOT RUNNING) Disabled
081) "ultra" - ultra
---> STAT = (NOT RUNNING) Disabled
082) "usbscan" - USB Scanner Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
083) "ViaIde" - ViaIde
---> STAT = (NOT RUNNING) Disabled
084) "WDICA" - WDICA
---> STAT = (NOT RUNNING) Started manually
085) "WS2IFSL" - Windows Socket 2.0 Non-IFS Service Provider Support Environment
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys
-------------Svchost Instances-------------
### LocalService:
Alerter
C:\WINDOWS\system32\alrsvc.dll
WebClient
C:\WINDOWS\System32\webclnt.dll
LmHosts
C:\WINDOWS\System32\lmhsvc.dll
RemoteRegistry
C:\WINDOWS\system32\regsvc.dll
upnphost
C:\WINDOWS\System32\upnphost.dll
SSDPSRV
C:\WINDOWS\System32\ssdpsrv.dll
### NetworkService:
DnsCache
C:\WINDOWS\System32\dnsrslvr.dll
### netsvcs:
6to4
No File Listed
AppMgmt
C:\WINDOWS\System32\appmgmts.dll
AudioSrv
C:\WINDOWS\System32\audiosrv.dll
Browser
C:\WINDOWS\System32\browser.dll
CryptSvc
C:\WINDOWS\System32\cryptsvc.dll
DMServer
C:\WINDOWS\System32\dmserver.dll
DHCP
C:\WINDOWS\System32\dhcpcsvc.dll
ERSvc
C:\WINDOWS\System32\ersvc.dll
EventSystem
C:\WINDOWS\System32\es.dll
FastUserSwitchingCompatibility
HidServ
C:\WINDOWS\System32\hidserv.dll
No File Listed
Iprip
No File Listed
Irmon
C:\WINDOWS\System32\irmon.dll
LanmanServer
C:\WINDOWS\System32\srvsvc.dll
LanmanWorkstation
C:\WINDOWS\System32\wkssvc.dll
Messenger
C:\WINDOWS\System32\msgsvc.dll
Netman
C:\WINDOWS\System32\netman.dll
C:\WINDOWS\System32\mswsock.dll
Ntmssvc
C:\WINDOWS\system32\ntmssvc.dll
NWCWorkstation
No File Listed
Nwsapagent
No File Listed
Rasauto
C:\WINDOWS\System32\rasauto.dll
Rasman
C:\WINDOWS\System32\rasmans.dll
Remoteaccess
C:\WINDOWS\System32\mprdim.dll
Schedule
C:\WINDOWS\system32\schedsvc.dll
Seclogon
C:\WINDOWS\System32\seclogon.dll
C:\WINDOWS\system32\sens.dll
Sharedaccess
C:\WINDOWS\System32\ipnathlp.dll
SRService
C:\WINDOWS\System32\srsvc.dll
Tapisrv
C:\WINDOWS\System32\tapisrv.dll
Themes
TrkWks
C:\WINDOWS\system32\trkwks.dll
W32Time
C:\WINDOWS\System32\w32time.dll
WZCSVC
C:\WINDOWS\System32\wzcsvc.dll
WmdmPmSp
No File Listed
winmgmt
C:\WINDOWS\system32\wbem\WMIsvc.dll
TermService
C:\WINDOWS\System32\termsrv.dll
wuauserv
C:\WINDOWS\system32\wuauserv.dll
BITS
C:\WINDOWS\System32\qmgr.dll
ShellHWDetection
helpsvc
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
xmlprov
C:\WINDOWS\System32\xmlprov.dll
wscsvc
C:\WINDOWS\system32\wscsvc.dll
WmdmPmSN
C:\WINDOWS\system32\MsPMSNSv.dll
### rpcss:
RpcSs
C:\WINDOWS\system32\rpcss.dll
### imgsvc:
StiSvc
C:\WINDOWS\system32\wiaservc.dll
### termsvcs:
TermService
C:\WINDOWS\System32\termsrv.dll
### HTTPFilter:
HTTPFilter
C:\WINDOWS\System32\w3ssl.dll
### DcomLaunch:
DcomLaunch
C:\WINDOWS\system32\rpcss.dll
TermService
C:\WINDOWS\System32\termsrv.dll
-------------loaded Dlls -------------
NOTE: already known legit dlls are not shown
------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
smss.exe pid: 600
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
------------------------------------------------------------------------------
csrss.exe pid: 664
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75b40000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75b50000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75b60000 0x4a000 5.01.2600.2751 C:\WINDOWS\system32\winsrv.dll
------------------------------------------------------------------------------
winlogon.exe pid: 688
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x6000 C:\WINDOWS\system32\tphklock.dll
0x00fa0000 0xc000 C:\WINDOWS\system32\NavLogon.dll
------------------------------------------------------------------------------
services.exe pid: 736
Command line: C:\WINDOWS\system32\services.exe
Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x758e0000 0x50000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dba0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b70000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll
------------------------------------------------------------------------------
lsass.exe pid: 748
Command line: C:\WINDOWS\system32\lsass.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x75730000 0xb4000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x74440000 0x6a000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x744b0000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x767c0000 0x2c000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x74380000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll
0x74410000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x743e0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x75d90000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x743a0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x743c0000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
------------------------------------------------------------------------------
ibmpmsvc.exe pid: 912
Command line: C:\WINDOWS\system32\ibmpmsvc.exe
Base Size Version Path
0x00400000 0x13000 1.33.0000.0000 C:\WINDOWS\system32\ibmpmsvc.exe
------------------------------------------------------------------------------
svchost.exe pid: 936
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x760f0000 0x53000 5.01.2600.2180 c:\windows\system32\termsrv.dll
0x74f70000 0x6000 5.01.2600.2180 c:\windows\system32\ICAAPI.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x75110000 0x1f000 5.01.2600.2180 c:\windows\system32\mstlsapi.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
------------------------------------------------------------------------------
svchost.exe pid: 1044
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
------------------------------------------------------------------------------
MsMpEng.exe pid: 1144
Command line: "C:\Program Files\Windows Defender\MsMpEng.exe"
Base Size Version Path
0x01000000 0x4000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpEng.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x5c800000 0x44000 1.01.1593.0000 C:\Program Files\Windows Defender\MpSvc.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5e800000 0xf000 1.01.1593.0000 C:\Program Files\Windows Defender\mprtplug.dll
0x01820000 0x2b5000 1.01.1904.0000 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E7367181-3162-4AAE-B5CE-F24FF61F0F9A}\mpengine.dll
------------------------------------------------------------------------------
svchost.exe pid: 1188
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76d80000 0x1e000 5.01.2600.2912 c:\windows\system32\dhcpcsvc.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x77620000 0x6e000 5.01.2600.2180 c:\windows\system32\wzcsvc.dll
0x76d30000 0x4000 5.01.2600.2180 c:\windows\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 c:\windows\system32\ESENT.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x65f40000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll
0x76b70000 0x1f000 5.01.2600.2180 C:\WINDOWS\System32\rastls.dll
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00fc0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\System32\TAPI32.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\System32\SCHANNEL.dll
0x58d30000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll
0x76bd0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\raschap.dll
0x77300000 0x32000 5.01.2600.2180 c:\windows\system32\schedsvc.dll
0x767a0000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x74f50000 0x5000 6.00.2900.2180 C:\WINDOWS\System32\MSIDLE.DLL
0x708b0000 0xd000 5.01.2600.2180 c:\windows\system32\audiosrv.dll
0x76e40000 0x23000 5.01.2600.2976 c:\windows\system32\wkssvc.dll
0x5b9f0000 0x64000 6.06.2600.2180 c:\windows\system32\qmgr.dll
0x76780000 0x9000 6.00.2900.2180 c:\windows\system32\SHFOLDER.dll
0x4d4f0000 0x58000 5.01.2600.2180 c:\windows\system32\WINHTTP.dll
0x76ce0000 0x12000 5.01.2600.2180 c:\windows\system32\cryptsvc.dll
0x77b90000 0x32000 5.01.2600.2180 c:\windows\system32\certcli.dll
0x74f80000 0x9000 5.01.2600.2180 c:\windows\system32\ersvc.dll
0x77710000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x74f40000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x75090000 0x1a000 5.01.2600.2577 c:\windows\system32\srvsvc.dll
0x77d00000 0x33000 5.01.2600.2743 c:\windows\system32\netman.dll
0x76400000 0x1a6000 5.01.2600.2180 c:\windows\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 c:\windows\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 c:\windows\system32\WZCSAPI.DLL
0x73d20000 0x8000 5.01.2600.2180 c:\windows\system32\seclogon.dll
0x722d0000 0xd000 5.01.2600.2180 c:\windows\system32\sens.dll
0x751a0000 0x2e000 5.01.2600.2180 c:\windows\system32\srsvc.dll
0x74ad0000 0x8000 6.00.2900.2180 c:\windows\system32\POWRPROF.dll
0x75070000 0x19000 5.01.2600.2180 c:\windows\system32\trkwks.dll
0x767c0000 0x2c000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x59490000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x753e0000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x65000000 0x2e000 7.00.5730.0011 C:\WINDOWS\System32\ADVPACK.dll
0x75150000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x600a0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x76da0000 0x15000 5.01.2600.2180 c:\windows\system32\browser.dll
0x66460000 0x55000 5.01.2600.2180 c:\windows\system32\ipnathlp.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x4c0a0000 0x17000 5.01.2600.2180 c:\windows\system32\wscsvc.dll
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76620000 0x13c000 2001.12.4414.0308 C:\WINDOWS\system32\comsvcs.dll
0x75130000 0x14000 2001.12.4414.0308 C:\WINDOWS\system32\colbact.DLL
0x750f0000 0x13000 2001.12.4414.0311 C:\WINDOWS\system32\MTXCLU.DLL
0x76d10000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\CLUSAPI.DLL
0x750b0000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\RESUTILS.DLL
0x762c0000 0x85000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\esscli.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\FastProx.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75200000 0x2e000 5.01.2600.2180 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x597f0000 0x6d000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x75390000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemess.dll
0x5f740000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\ncprov.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
0x755f0000 0x9a000 5.01.2600.2180 C:\WINDOWS\System32\netcfgx.dll
0x76de0000 0x23000 5.01.2600.2180 C:\WINDOWS\System32\upnp.dll
0x74f00000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\SSDPAPI.dll
0x7df30000 0x31000 5.01.2600.2936 C:\WINDOWS\System32\rasmans.dll
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x733e0000 0x40000 5.01.2600.2716 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\rastapi.dll
0x57cc0000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x72000000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\uniplat.dll
0x5b070000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x57d40000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x57d20000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x57d50000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x57d70000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x57d60000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x688f0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\HID.DLL
0x72240000 0x35000 5.01.2600.2180 C:\WINDOWS\System32\rasppp.dll
0x724b0000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\ntlsapi.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\System32\RASDLG.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\System32\dssenh.dll
0x6fb10000 0x9e000 2001.12.4414.0308 C:\WINDOWS\System32\catsrvut.dll
0x6fbd0000 0x3d000 2001.12.4414.0308 C:\WINDOWS\System32\catsrv.dll
0x61990000 0x9000 2001.12.4414.0258 C:\WINDOWS\System32\MfcSubs.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\sensapi.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1284
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76770000 0xd000 5.01.2600.2180 c:\windows\system32\dnsrslvr.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
svchost.exe pid: 1476
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74c40000 0x6000 5.01.2600.2180 c:\windows\system32\lmhsvc.dll
0x5a6e0000 0x15000 5.01.2600.2821 c:\windows\system32\webclnt.dll
0x00750000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76af0000 0x12000 5.01.2600.2180 c:\windows\system32\regsvc.dll
0x765e0000 0x14000 5.01.2600.2180 c:\windows\system32\ssdpsrv.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\System32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
------------------------------------------------------------------------------
spoolsv.exe pid: 1664
Command line: C:\WINDOWS\system32\spoolsv.exe
Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x75bb0000 0x56000 5.01.2600.2180 C:\WINDOWS\system32\localspl.dll
0x742a0000 0xe000 0.03.0000.0000 C:\WINDOWS\system32\cnbjmon.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x009e0000 0x8000 0.03.1897.0000 C:\WINDOWS\system32\mdimon.dll
0x00ec0000 0x8000 0.03.1897.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x75c10000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\win32spl.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\NETRAP.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x74300000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\inetpp.dll
------------------------------------------------------------------------------
guard.exe pid: 1944
Command line: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
Base Size Version Path
0x00400000 0x34000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
0x10000000 0xdd000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
0x76780000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
defwatch.exe pid: 1968
Command line: "C:\Program Files\NavNT\defwatch.exe"
Base Size Version Path
0x00400000 0x8000 7.60.0000.0926 C:\Program Files\NavNT\defwatch.exe
------------------------------------------------------------------------------
rtvscan.exe pid: 2024
Command line: "C:\Program Files\NavNT\rtvscan.exe"
Base Size Version Path
0x00400000 0x7a000 7.60.0000.0926 C:\Program Files\NavNT\rtvscan.exe
0x10000000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2.dll
0x00330000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ARJ.dll
0x00340000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ID.dll
0x00350000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LHA.dll
0x00360000 0x10000 2.50.0031.0052 C:\Program Files\NavNT\SymLHA.dll
0x00370000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LZ.dll
0x00380000 0x11000 2.50.0031.0052 C:\Program Files\NavNT\Dec2MIME.dll
0x003a0000 0x29000 2.50.0031.0052 C:\Program Files\NavNT\Dec2Zip.dll
0x003d0000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2AMG.dll
0x003e0000 0x1b000 2.50.0031.0052 C:\Program Files\NavNT\SYMAMG32.DLL
0x00480000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2UUE.dll
0x00490000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2SS.dll
0x004a0000 0xd000 2.50.0031.0052 C:\Program Files\NavNT\Dec2RTF.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x004b0000 0x10000 7.60.0000.0926 C:\Program Files\NavNT\NAVLU.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x01570000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x019a0000 0x42000 7.60.0000.0926 C:\Program Files\NavNT\i2ldvp3.dll
0x01a00000 0x31000 4.01.0000.0015 C:\Program Files\NavNT\NAVAPI32.DLL
0x69100000 0xd6000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX32a.DLL
0x692c0000 0x1e000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG32.DLL
0x01a70000 0xe000 5.03.0001.0039 C:\Program Files\NavNT\NAVAP32.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x50070000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\amslib.dll
0x01ac0000 0x18000 3.00.0000.0002 C:\WINDOWS\system32\loc32vc0.dll
0x03770000 0x2c000 7.60.0000.0926 C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\scandlgs.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
------------------------------------------------------------------------------
QCONSVC.EXE pid: 268
Command line: System32\QCONSVC.EXE
Base Size Version Path
0x00400000 0x15000 3.08.0001.0000 C:\WINDOWS\System32\QCONSVC.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
svchost.exe pid: 508
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc
Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75aa0000 0x55000 5.01.2600.2180 c:\windows\system32\wiaservc.dll
0x74ae0000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll
0x73b30000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
TpKmpSvc.exe pid: 636
Command line: C:\WINDOWS\system32\TpKmpSVC.exe
Base Size Version Path
0x00400000 0xa000 C:\WINDOWS\system32\TpKmpSVC.exe
------------------------------------------------------------------------------
wdfmgr.exe pid: 1136
Command line: C:\WINDOWS\system32\wdfmgr.exe
Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe
------------------------------------------------------------------------------
explorer.exe pid: 1784
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ba60000 0x71000 6.00.2900.2180 C:\WINDOWS\System32\themeui.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\MSIMG32.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\System32\msutb.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\System32\MSCTF.dll
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x74af0000 0xa000 6.00.2900.2180 C:\WINDOWS\System32\BatMeter.dll
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\System32\POWRPROF.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\NETSHELL.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x021c0000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x10000000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x021f0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x5af60000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\usbui.dll
0x01b10000 0x12000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x01af0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x6c1b0000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x00d00000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00d30000 0xa000 7.60.0000.0926 C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
0x00d90000 0x20000 7.05.0000.0049 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x73380000 0x57000 6.00.2900.2180 C:\WINDOWS\System32\zipfldr.dll
------------------------------------------------------------------------------
alg.exe pid: 2072
Command line: C:\WINDOWS\System32\alg.exe
Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
MSGSYS.EXE pid: 2148
Command line: MsgSys.EXE
Base Size Version Path
0x00400000 0x6000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.EXE
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
------------------------------------------------------------------------------
tp4serv.exe pid: 2520
Command line: "C:\WINDOWS\system32\tp4serv.exe"
Base Size Version Path
0x00400000 0x1b000 3.55.0000.0000 C:\WINDOWS\system32\tp4serv.exe
0x008b0000 0x1e000 C:\WINDOWS\system32\tp4uires.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
jusched.exe pid: 2532
Command line: "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
Base Size Version Path
0x00400000 0x9000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
ltmsg.exe pid: 2592
Command line: "C:\WINDOWS\system32\ltmsg.exe" 9
Base Size Version Path
0x00400000 0xf000 3.00.0000.0002 C:\WINDOWS\system32\ltmsg.exe
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
PRONoMgr.exe pid: 2652
Command line: "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
Base Size Version Path
0x00400000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\ENUPGUIR.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00d50000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\PNC802_3.dll
0x00d80000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\ENUPCMRs.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TPHKMGR.exe pid: 2664
Command line: "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
Base Size Version Path
0x00400000 0x19000 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0xd000 1.00.0000.0004 C:\WINDOWS\system32\Oemdspif.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
EZEJMNAP.EXE pid: 2784
Command line: "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
Base Size Version Path
0x00400000 0x3e000 1.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x10000000 0xe000 C:\PROGRA~1\ThinkPad\UTILIT~1\US\EzMApRes.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TPONSCR.exe pid: 2804
Command line: "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe"
Base Size Version Path
0x00400000 0x15000 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
QCTRAY.EXE pid: 2888
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"
Base Size Version Path
0x00400000 0xcf000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00240000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00250000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x05050000 0x11000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\TrayRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x081a0000 0x18000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANCA.dll
0x081c0000 0xf000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANC.dll
------------------------------------------------------------------------------
QCWLICON.EXE pid: 2916
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"
Base Size Version Path
0x00400000 0x17000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00340000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x00a00000 0x7000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\IconRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
rundll32.exe pid: 2924
Command line: "C:\WINDOWS\system32\RunDll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
Base Size Version Path
0x01000000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\RunDll32.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\powrprof.dll
0x00a00000 0x26000 4.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
PDVDServ.exe pid: 2996
Command line: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Base Size Version Path
0x00400000 0x8000 6.00.0000.1027 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0xa000 3.02.0000.2021 C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
qttask.exe pid: 3036
Command line: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Base Size Version Path
0x00400000 0x47000 7.01.0000.0210 C:\Program Files\QuickTime\qttask.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
GoogleDesktop.exe pid: 3048
Command line: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Base Size Version Path
0x00400000 0x33000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
MSASCui.exe pid: 3112
Command line: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Base Size Version Path
0x01000000 0xd7000 1.01.1593.0000 C:\Program Files\Windows Defender\MSASCui.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x61800000 0x9a000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpRes.dll
0x5d800000 0xac000 1.01.1593.0000 C:\Program Files\Windows Defender\MpRtMon.DLL
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x4b400000 0x86000 5.41.0015.1509 C:\WINDOWS\system32\MSFTEDIT.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
vptray.exe pid: 3140
Command line: "C:\Program Files\NavNT\vptray.exe"
Base Size Version Path
0x00400000 0x12000 7.60.0000.0926 C:\Program Files\NavNT\vptray.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x28000 7.60.0000.0926 C:\Program Files\NavNT\Cliproxy.dll
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x00950000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x00ba0000 0x40000 7.60.0000.0926 C:\Program Files\NavNT\Cliscan.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x009c0000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x00a20000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
ctfmon.exe pid: 3152
Command line: "C:\WINDOWS\system32\ctfmon.exe"
Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
GoogleToolbarNotifier.exe pid: 3184
Command line: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
Base Size Version Path
0x00400000 0x2b000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0xe000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00ef0000 0x41000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76d80000 0x1e000 5.01.2600.2912 C:\WINDOWS\system32\DHCPCSVC.DLL
0x77d00000 0x33000 5.01.2600.2743 C:\WINDOWS\system32\netman.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WZCSAPI.DLL
0x77620000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\WZCSvc.DLL
0x76d30000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 C:\WINDOWS\system32\ESENT.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
GoogleDesktopIndex.exe pid: 3228
Command line: "GoogleDesktopIndex.exe"
Base Size Version Path
0x00400000 0xc1000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
0x60000000 0x80000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x4d000000 0x34000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
iexplore.exe pid: 3540
Command line: "C:\Program Files\Internet Explorer\iexplore.exe"
Base Size Version Path
0x00400000 0x9a000 7.00.5730.0011 C:\Program Files\Internet Explorer\iexplore.exe
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\IEFRAME.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dff0000 0x2f000 7.00.5730.0011 C:\WINDOWS\system32\IEUI.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x47060000 0x21000 1.00.1018.0000 C:\WINDOWS\system32\xmllite.dll
0x746f0000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x61930000 0x4a000 7.00.5730.0011 C:\Program Files\Internet Explorer\ieproxy.dll
0x01270000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x10000000 0x337000 4.00.1020.2544 c:\program files\google\googletoolbar1.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x59a60000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x019a0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x7e830000 0x36f000 7.00.5730.0011 C:\WINDOWS\system32\mshtml.dll
0x746c0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x72ea0000 0x60000 7.00.5824.16386 C:\WINDOWS\system32\ieapfltr.dll
0x63380000 0x78000 5.07.0000.5730 C:\WINDOWS\system32\jscript.dll
0x1b000000 0xc000 7.00.5730.0011 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 7.00.5730.0011 C:\WINDOWS\system32\pngfilt.dll
0x30000000 0x222000 8.00.0022.0000 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
0x73300000 0x65000 5.07.0000.5730 C:\WINDOWS\system32\vbscript.dll
0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll
0x6d430000 0xa000 5.03.2600.2180 C:\WINDOWS\System32\ddrawex.dll
0x73760000 0x49000 5.03.2600.2180 C:\WINDOWS\System32\DDRAW.dll
0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll
0x63f00000 0xc000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x76200000 0x77000 7.00.5730.0011 C:\WINDOWS\system32\mshtmled.dll
0x58760000 0x32000 7.00.5730.0011 C:\WINDOWS\system32\iepeers.dll
0x07330000 0x8000 7.00.5730.0011 C:\WINDOWS\system32\corpol.dll
0x75e60000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5f800000 0x15000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpOAv.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x07ac0000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
------------------------------------------------------------------------------
jucheck.exe pid: 1368
Command line: -auto
Base Size Version Path
0x00400000 0x3c000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
0x00320000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
systemscan.exe pid: 1860
Command line: "C:\Documents and Settings\Administrator\Desktop\systemscan.exe"
Base Size Version Path
0x00400000 0x24000 C:\Documents and Settings\Administrator\Desktop\systemscan.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL
0x74e30000 0x6c000 5.30.0023.1221 C:\WINDOWS\system32\RICHED20.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
------------------------------------------------------------------------------
runme.exe pid: 3796
Command line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe"
Base Size Version Path
0x00400000 0x46000 2.00.0000.0023 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe
0x73420000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x6b800000 0x25000 5.06.0000.6626 C:\WINDOWS\system32\scrrun.dll
------------------------------------------------------------------------------
wmiprvse.exe pid: 2272
Command line: C:\WINDOWS\System32\wbem\wmiprvse.exe
Base Size Version Path
0x01000000 0x38000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvse.exe
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\wbem\FastProx.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ef0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemprox.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x5bd90000 0x18000 5.01.2600.2180 C:\WINDOWS\System32\wbem\stdprov.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\wbem\esscli.dll
------------------------------------------------------------------------------
cmd.exe pid: 1568
Command line: cmd /c listdlls.exe >> %systemdrive%\suspectfile\report.row
Base Size Version Path
0x4ad00000 0x61000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
Command line: listdlls.exe
Base Size Version Path
0x00400000 0x11000 2.25.0000.0000 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\LISTDLLS.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
-------------NTFS ADS -------------
Error opening C:\pagefile.sys:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
C:\Documents and Settings\Administrator\Desktop\FixLinkopt.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Desktop\gmer.zip:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Desktop\PrevxFixGrom.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Favorites\HJT logi, kone on _todella_ hidas.url:
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{340A3AE8-04A8-4934-861A-56F5C49D99CB}:
The process cannot access the file because it is being used by another process.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3D55C4EL\aawsepersonal[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8S63CC65\avgas-setup-7.5.0.50[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\FixLinkopt[1].exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\PrevxFixGrom[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\All Users\Application Data\TEMP:
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:
:encryptable:$DATA 0
Error opening C:\Documents and Settings\LocalService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.
Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.
..
C:\Documents and Settings\Tapio Uotila\Desktop\86743.asx:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\Desktop\sdsetup.exe:
:Zone.Identifier:$DATA 26
.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CA5YJZYT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021975241&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=47&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAE34TAZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022000438&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=50&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAEJWLUJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022019503&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAF7GQGK.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021958420&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=56&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CANBAK0R.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CARFYKFV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022031971&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=44&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAUIC2ZB.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA2JGNP5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=46&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA6B4XM7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021886706&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA83TL1V.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022038314&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=52&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA9KBTN4.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAC3UMJC.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021967592&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=57&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAIZU761.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022048136&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=53&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAOL2RA5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022024028&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=40&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAWG8C2H.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAYRS92J.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=60&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA0YJ51Q.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022018172&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA43GJWV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=43&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAKD0H2D.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021953954&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=55&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQNC9Q1.fcgi%3Fcategory%3D1500000000000005%26conference%3D4500000000000011%26subcat%3D485&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQXCDSR.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021977928&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=48&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWRWPOL.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26posting%3D22000000021982266&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWW16W5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021979211&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=58&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAZWH8TT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022026604&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=41&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA16EGJS.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA6NOL2F.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022033338&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=59&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA9IU61Y.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021987684&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=49&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAABKTMV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAGDC007.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.
.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAM2I2X4.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022029204&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=42&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAMR4TU7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=51&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAW2BYS0.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022037652&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=45&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYB81IJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYJGLMB.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=54&u_java=true:
The system cannot find the path specified.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYVWHEZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.
..
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\51koodia - Nimetty\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Anna Eriksson - Sinusta sinuun 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Kiila - 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD1_192\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD2_192\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Christian_Forss_-_Christian_Forss-KMR\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Greenday.-.American.Idiot.(2004).-.by.LoCkY\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\gunther - pleasureman [2004]\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\H.I.M_-_Wings_of_A_Butterfly-Promo-CDS-2005-OASiS\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Hanna Pakarinen - When I Become Me 2004\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Him - And Love Said No (2004)\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Irina - Vahva\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Kotiteollisuus - Helvetistä Itään\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Angels Fall First\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Century Child\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Oceanborn\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Once\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Stratovarius - Infinite\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The best of hiphop_2005(Beyoncé, Snoop Dogg,alicia keys,,Destinys Child,missy elliot,Dodo Power,50 cent,kelis,eminem,black eyes peas,Xzibit...)\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Black Eyed Peas - (2005) Monkey Business .[WwW.LiMiTeDiVx.CoM].By KELOLO\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Rasmus - Dead Letters\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\20.8.2006 Vääräjoella\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ahvenanmaa 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Elinan vanhojentanssit\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoon asuntomessut\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoosta\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\2005_02_06\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jeren kanssa muumimaailmassa kesällä 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Joukon kaverin ristiäiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\jämi\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jämillä retkeilemässä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kesä 2005 kuvia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\kesä 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kulta zoomailee\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kuninkaan lähteellä uimassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lentokauden päättäjäiset 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lomailua Tevaniemessä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Laivalla\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Naantalin kylpylässä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja kultaseni\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muumi maailmassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muuta sekalaista\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Heinijärvellä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Vääksyssä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Naamiaiset 2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\O41 ja Opistonkuvia\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ollin kissa ja Janilta kuvia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Pallas 2005\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\pirkan pyöräily 2006\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ranska 2005\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Savusukellusharj. paperitehtaalla\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Turvallisuus messut\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Vanajan linnassa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Jämillä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa 11.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_19\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_20\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Yyterissä\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\My Received Files\testi.jpg:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\bsplayer137.826.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DivXPlay.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\ffdshow-20041012.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\PDVD_6_trial.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\RealPlayer10-5GOLD.exe:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\wrar351.exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Ensihoito\Hengitysäänet\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Alkusammutus harjoitus 2.2.06\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Avajaiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Eläinten käsittely\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Ensihoito\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Harjoitusalue\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Kastajaiset\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Laskeutuminen\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Letkuhuoltoa\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\liikenneonnettomuus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Metsäpalokontti 21.3.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 1 7.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 2 8.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 3 9.2.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pintapelastus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Savusukellus\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Ensihoito\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Vaahtokalusto 28.3.2006\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Pulloventtiili.wmv:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Thumbs.db:
:encryptable:$DATA 0
C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\tvlista062006.doc:
:Zone.Identifier:$DATA 26
C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\Uotilanuusin.doc:
:Zone.Identifier:$DATA 26
...
...
...
...
C:\RECYCLER\S-1-5-21-1220945662-436374069-854245398-1003\Dc5.asx:
:Zone.Identifier:$DATA 26
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP2\A0001103.exe:
:Zone.Identifier:$DATA 26
..
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004507.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004512.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004528.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004538.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004556.exe:
:Zone.Identifier:$DATA 26
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004605.exe:
:Zone.Identifier:$DATA 26
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP46\A0004807.exe:
:Zone.Identifier:$DATA 26
.
...
...
...
...
...
...
...
Error opening C:\WINDOWS\system32\lpt6.waq:
The system cannot find the file specified.
...
Error opening C:\WINDOWS\system32\CatRoot2\edb.log:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\CatRoot2\tmp.edb:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\default:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\default.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SAM:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SAM.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SECURITY:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\SECURITY.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\software:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\software.LOG:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\system:
The process cannot access the file because it is being used by another process.
Error opening C:\WINDOWS\system32\config\system.LOG:
The process cannot access the file because it is being used by another process.
...
.
-------------Encrypting File System dumping-------------
-------------Hidden Files -------------
Scannig hidden processes ...
Scannig hidden services ...
Scannig hidden autostart entries ...
Scannig hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
-------------Checking Rustock rootkit-------------
-------------Checking Suspicious files -------------
(Unusually Runtime packers compressed exe and dll files in C:\, C:\WINDOWS\, C:\WINDOWS\system32\)
Note:Not all files found by this scanner are bad
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SRCHSTS.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWREG.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWSC.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\IFMON.DLL
-This file is compressed with Nspack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\DIVX.DLL
--------------------------
Scan completed in 29,1 minutes
End of report
|
|
nurmijan
Newbie
|
5. tammikuuta 2007 @ 06:09 |
Linkki tähän viestiin
|
StartupList report, 5.1.2007, 10:08:21
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TrackPointSrv = tp4serv.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
LTWinModem1 = ltmsg.exe 9
PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
TPHOTKEY = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
TP4EX = tp4ex.exe
EZEJMNAP = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
BLOG = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
TPKMAPHELPER = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
QCTRAY = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
QCWLICON = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
BMMGAG = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
BMMLREF = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
vptray = C:\Program Files\NavNT\vptray.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe
[>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
BMMTask.job
MP Scheduled Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shock...ash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: System32\DRIVERS\ACPIEC.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
ANC: System32\drivers\ANC.SYS (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
BFAIFILT: System32\Drivers\bfaifilt.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BUFADPT: \??\C:\WINDOWS\system32\BUFADPT.SYS (system)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft AC Adapter Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Crystal WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DefWatch: "C:\Program Files\NavNT\defwatch.exe" (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Network Connection Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IBMPMDRV: system32\DRIVERS\ibmpmdrv.sys (manual start)
ThinkPad PM Service: %SystemRoot%\system32\ibmpmsvc.exe (autostart)
IBMTPCHK: System32\drivers\IBMBLDID.SYS (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Lucent Modem Driver: system32\DRIVERS\ltmdmxp.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Nal Service : \??\C:\WINDOWS\system32\Drivers\iqvw32.sys (manual start)
NAVAP: \??\C:\Program Files\NavNT\NAVAP.sys (manual start)
NAVAPEL: \??\C:\Program Files\NavNT\NAVAPEL.SYS (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Client: "C:\Program Files\NavNT\rtvscan.exe" (autostart)
NSC Infrared Device Driver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QCNDISIF: System32\drivers\qcndisif.SYS (manual start)
QCONSVC: System32\QCONSVC.EXE (autostart)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
S3SSavage: system32\DRIVERS\s3ssavm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Smapint: System32\drivers\Smapint.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
TDSMAPI: System32\drivers\TDSMAPI.SYS (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
PS/2 TrackPoint Driver: system32\DRIVERS\tp4track.sys (manual start)
IBM KCU Service: C:\WINDOWS\system32\TpKmpSVC.exe (autostart)
TPPWR: System32\drivers\Tppwr.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TSMAPIP: System32\drivers\TSMAPIP.SYS (system)
IBM PS/2 TrackPoint Filter Driver: System32\DRIVERS\TwoTrack.sys (manual start)
BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service: system32\DRIVERS\rt2500usb.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 34 068 bytes
Report generated in 0,170 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Jostain syystä edellinen postaus tuli kolmeen kertaa, ei ollut tarkoitus...
|
AfterDawn Addict
|
5. tammikuuta 2007 @ 06:55 |
Linkki tähän viestiin
|
|
Valitettavasti noissa ei näy mitään :/
Jos kerran gmer, avenger ja poistotyökalut eivät käynnisty ja lokeissa ei näy mitään niin on käytännössä kaksi vaihtoehtoa:
1) format c:
2) Avun kysyminen ulkomailta experteiltä (niitä ei muuten ole montaa jotka ovat tuohon erikoistuneet)
Valitse vapaasti :)
Ei HjT-lokeja tms. yksityisviestillä!
|
|
nurmijan
Newbie
|
5. tammikuuta 2007 @ 07:30 |
Linkki tähän viestiin
|
|
On jo pitkään pyörinyt mielessä vaihtoehto 1. :)
Kiitoksia avusta.
|
|
Mainos
|
|
|
AfterDawn Addict
|
5. tammikuuta 2007 @ 07:36 |
Linkki tähän viestiin
|
|
Ole hyvä, vaikka ei musta paljon apua ollut, kun taidot loppus kesken :)
Ei HjT-lokeja tms. yksityisviestillä!
|
|
