O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt6.waq

Logfile of HijackThis v1.99.1
Scan saved at 12:23:47, on 4.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt6.waq
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Hyvät alan ammattilaiset, koneen HT logissa on (O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt6.waq) mitä en saa poistettua. Joka kerta koneen käynnistyksessä myös Norton herjaa tuosta. Norton kertoo että se olisi trojan.linkoptimizer virus.

En saa poistettua tuota, mikä avuksi? Olen puhdistanut konetta safemodessa ad-awarella, AVG-antispywarella, Gromozon rootkit:lla, Symantecin linkoptimizer työkalulla ja muutamalla muulla poistosoftalla. Mutta siellä on ja pysyy.

 

Lataa gmer -> http://www.majorgeeks.com/GMER_d5198.html

Pura ja tuplaklikkaa gmer.exe
Klikkaa rootkit-välilehteä ja klikkaa scan.

Kun valmis, klikkaa Copy .
Lähetä gmerin tulokset.

[*] Avaa HiJackThis
[*] Klikkaa "Config..."
[*] Klikkaa "Misc Tools"
[*] Merkkaa kaksi boxia "Generate StartupList log"in vieressä
[*] Klikkaa "Generate StartupList log"
[*] Lähetä startuplista

Eli lähetä gmerin loki ja staruplista.

 

Jostain syystä tuo gmer ei suostu käynnistymään koneella, testasin tuon saman tiedoston toisella koneella ja siinä se käynnistyi moitteetomasti. Yritän vielä...

Tässä kumminkin HT:n startuplist:
StartupList report, 4.1.2007, 13:19:01
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

TrackPointSrv = tp4serv.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
LTWinModem1 = ltmsg.exe 9
PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
TPHOTKEY = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
TP4EX = tp4ex.exe
EZEJMNAP = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
BLOG = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
TPKMAPHELPER = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
QCTRAY = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
QCWLICON = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
BMMGAG = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
BMMLREF = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

BMMTask.job
MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: System32\DRIVERS\ACPIEC.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
ANC: System32\drivers\ANC.SYS (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
BFAIFILT: System32\Drivers\bfaifilt.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BUFADPT: \??\C:\WINDOWS\system32\BUFADPT.SYS (system)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft AC Adapter Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Crystal WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DefWatch: "C:\Program Files\NavNT\defwatch.exe" (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Network Connection Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IBMPMDRV: system32\DRIVERS\ibmpmdrv.sys (manual start)
ThinkPad PM Service: %SystemRoot%\system32\ibmpmsvc.exe (autostart)
IBMTPCHK: System32\drivers\IBMBLDID.SYS (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Lucent Modem Driver: system32\DRIVERS\ltmdmxp.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Nal Service : \??\C:\WINDOWS\system32\Drivers\iqvw32.sys (manual start)
NAVAPEL: \??\C:\Program Files\NavNT\NAVAPEL.SYS (autostart)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Client: "C:\Program Files\NavNT\rtvscan.exe" (manual start)
NSC Infrared Device Driver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QCNDISIF: System32\drivers\qcndisif.SYS (manual start)
QCONSVC: System32\QCONSVC.EXE (autostart)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
S3SSavage: system32\DRIVERS\s3ssavm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Smapint: System32\drivers\Smapint.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
TDSMAPI: System32\drivers\TDSMAPI.SYS (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
PS/2 TrackPoint Driver: system32\DRIVERS\tp4track.sys (manual start)
IBM KCU Service: C:\WINDOWS\system32\TpKmpSVC.exe (autostart)
TPPWR: System32\drivers\Tppwr.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TSMAPIP: System32\drivers\TSMAPIP.SYS (system)
IBM PS/2 TrackPoint Filter Driver: System32\DRIVERS\TwoTrack.sys (manual start)
BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service: system32\DRIVERS\rt2500usb.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop Search|||a

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 35 136 bytes
Report generated in 0,260 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Gmerin käynnistymättömyys johtuu juurikin sitten gromozon-rootkitistä.
Se osaa blokata tiettyjä ohjelmia ja juurikin gromon tekijöiden takia gmerin virallinen sivu on down (ddos-hyökkäys).

Kokeillaan josko avenger toimii, epäilen:

1. Lataa The Avenger (c) työpöydällesi.
[*]Klikkaa Avenger.zip filua avataksesi sen.
[*]Pura Avenger.exe työpöydällesi.

2. Kopioi kaikki teksti mustalla lainausboksissa alapuolella tyhjälle muistiolle:

Huomaa: yläpuolella oleva skripti on luotu erityisesti tälle käyttäjälle. Jos et ole tämä henkilö, ÄLÄ seuraa näitä ohjeita koska ne voisivat pilata koneesi toimintoja.

3. Nyt, aukaise The Avenger tupla-klikkaamalla sen kuvaketta pöydälläsi.
[*]"Script file to execute" alapuolelta valitse "Input Script Manually".
[*]Nyt klikkaa suurennuslasin kuvaa joka avaa uuden ikkunan nimeltä "View/edit script".
[*] Liitä se teksti jonka kopioit muistioon, tähän ikkunaan.
[*] Klikkaa Done.
[*] Nyt klikkaa vihreää valoa aloittaaksesi skriptin.
[*] Klikkaa "Yes" kun tulee kaksi varoitusboksia.

Avenger tekee automaattisesti seuraavat:

• Käynnistää koneesi. (Tapauksissa joissa skripti sisältää "Drivers to Unload" -komennon, Avenger käynnistää koneesi kaksi kertaa.)
• Käynnistyksen yhteydessä, se lyhyesti avaa mustan komentoikkunan työpöydällesi, tämä on normaalia.
• Käynnistyksen jälkeen, se luo lokitiedoston jonka pitäisi aueta Avengerin tekojen tuloksena. Tämän lokin tiedostopolku on C:\avenger.txt
• Avenger on myös tehnyt varmuuskopion kaikista tiedostoista jne.. jotka pyysit sen poistaa, ja on pakannut ja siirtänyt ne zip filuihin polussa C:\avenger\backup.zip.
  
  5. Kopioi ja liitä kaikki sisältö tiedostosta avenger.txt vastaukseesi tuoreen HJT lokin mukana.
  
  EDIT: tuli vähän mokailtua :/ Jos ei avenger toimi, niin aja symantecin työkalu ja prevx:n työkalu vikasiedossa ja lähetä niiden lokit.

 

Ei lähde myöskään käymään tuo avenger, yritin myös safemodessa. En ymmärrä miten tuo Gromozon rootkit voi blokata nuo ohjelmat? Kun eihän siittä ole mikään servicekään käynnissä??

 

Siitä on service käynnissä, mutta ei se näy kun se on rootkit kerran (eli piilottaa itsensä järjestelmältä). Aja seuraavaksi se symantecin fixlinkoptimizer ja prevx:n työkalu safemodessa ja lähetä niiden lokit.

EDIT: Aja myös startuplist safe modessa; se service saattaa näkyä siinä.

 

Ei suostuneet fixlinkoptimizer ja prevx enään käynistymään. Mutta kokeilin systemscan softaa, koka skannasi koneeni. Poisto työkaluna tuo tarjoaa AVRunner. Tässä logi systemscanilla. Myös alinmaisena HT:n startup logi safemodessa.

Olisiko noista logeista apua?

systemscan - www.suspectfile.com - ver. 2.0.23

Date: pe 05.01.2007
Time: 8:53:26,99

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files

-------------Users folders -------------
Volume in drive C has no label.
Volume Serial Number is F8CC-368F

Directory of C:\documents and settings

03.01.2007 08:40 <DIR> Administrator
27.12.2005 20:13 <DIR> All Users
27.12.2005 18:23 <DIR> Default User
27.12.2005 19:06 <DIR> LocalService
27.12.2005 18:29 <DIR> NetworkService
29.11.2006 10:40 <DIR> Tapio Uotila
04.01.2007 15:41 <DIR> testi

-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Program Files\Common Files, C:\WINDOWS\temp

Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\


04.01.2007 15:44 <DIR> Config.Msi
05.01.2007 08:53 <DIR> suspectfile
04.01.2007 13:05 <DIR> Documents and Settings
04.01.2007 15:44 <DIR> WINDOWS
04.01.2007 15:44 <DIR> Program Files
04.01.2007 12:02 0 gromozon_removal.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\WINDOWS


04.01.2007 15:44 <DIR> WBEM
05.01.2007 08:50 <DIR> temp
04.01.2007 15:44 <DIR> system32
05.01.2007 08:52 <DIR> Prefetch
03.01.2007 13:29 <DIR> Help
04.01.2007 15:41 <DIR> network diagnostic
21.11.2006 15:09 <DIR> msagent
03.01.2007 13:27 <DIR> Media
03.01.2007 13:23 11ÿ859 KB904942.log
03.01.2007 13:23 5ÿ640 KB914440.log
03.01.2007 13:24 6ÿ980 KB915865.log
20.11.2006 23:03 17ÿ414 KB920213.log
03.01.2007 13:27 1ÿ355 imsins.log
20.11.2006 23:03 31ÿ584 KB922760.log
03.01.2007 07:43 10ÿ795 KB923689.log
03.01.2007 07:43 11ÿ923 KB923694.log
20.11.2006 23:04 16ÿ159 KB923980.log
20.11.2006 23:04 15ÿ802 KB924270.log
03.01.2007 07:46 9ÿ141 KB925398.log
03.01.2007 07:46 33ÿ589 KB925454.log
03.01.2007 07:43 12ÿ115 KB926255.log
03.01.2007 13:27 44ÿ769 medctroc.Log
03.01.2007 13:25 1ÿ355 imsins.BAK
03.01.2007 13:27 774ÿ021 iis6.log
03.01.2007 13:28 25ÿ367 ie7_main.log
03.01.2007 13:27 47ÿ757 ie7.log
03.01.2007 13:27 32ÿ722 msgsocm.log
03.01.2007 13:27 214ÿ744 msmqinst.log
03.01.2007 13:25 7ÿ768 IDNMitigationAPIs.log
03.01.2007 13:27 110ÿ476 netfxocm.log
03.01.2007 13:24 7ÿ426 NLSDownlevelMapping.log
04.01.2007 15:51 1ÿ411ÿ686 ntbtlog.txt
03.01.2007 13:27 135ÿ039 ntdtcsetup.log
03.01.2007 13:27 324ÿ287 ocgen.log
03.01.2007 13:27 35ÿ869 ocmsn.log
04.01.2007 13:05 1ÿ859 OEWABLog.txt
03.01.2007 13:27 637ÿ985 FaxSetup.log
13.12.2006 18:02 1ÿ409 QTFont.for
04.01.2007 15:49 32ÿ634 SchedLgU.Txt
03.01.2007 13:27 222ÿ598 comsetup.log
03.01.2007 14:21 166ÿ052 setupact.log
03.01.2007 13:25 576ÿ401 setupapi.log
03.01.2007 07:53 741ÿ625 setuplog.txt
03.01.2007 13:30 38ÿ264 spupdsvc.log
08.11.2006 20:15 115 cdplayer.ini
03.01.2007 13:27 31ÿ539 tabletoc.log
03.01.2007 13:27 301ÿ558 tsoc.log
03.01.2007 13:27 55ÿ141 updspapi.log
05.01.2007 08:27 0 0.log
05.01.2007 08:27 159 wiadebug.log
05.01.2007 08:27 48 wiaservc.log
05.01.2007 08:48 1ÿ283ÿ208 WindowsUpdate.log
04.01.2007 13:05 72ÿ954 wmsetup.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\WINDOWS\system32


04.01.2007 15:40 <DIR> Restore
03.01.2007 13:27 <DIR> en-US
04.01.2007 15:41 <DIR> drivers
03.01.2007 13:27 <DIR> config
05.01.2007 08:30 <DIR> CatRoot2
03.01.2007 08:24 <DIR> appmgmt
07.11.2006 03:25 10ÿ240 advpack.dll.mui
07.11.2006 03:26 123ÿ904 advpack.dll
07.11.2006 21:03 131ÿ584 extmgr.dll
07.11.2006 03:26 54ÿ784 ie4uinit.exe
07.11.2006 03:26 152ÿ064 ieakeng.dll
07.11.2006 03:27 229ÿ376 ieaksie.dll
07.11.2006 03:25 161ÿ792 ieakui.dll
07.11.2006 03:27 382ÿ976 iedkcs32.dll
07.11.2006 21:03 6ÿ049ÿ280 ieframe.dll
07.11.2006 21:03 191ÿ488 iepeers.dll
07.11.2006 03:26 43ÿ008 iernonce.dll
07.11.2006 03:26 55ÿ296 iesetup.dll
07.11.2006 03:26 13ÿ312 ieudinit.exe
07.11.2006 21:03 180ÿ736 ieui.dll
07.11.2006 03:24 56ÿ483 ieuinit.inf
08.11.2006 07:06 679ÿ424 inetcomm.dll
07.11.2006 03:26 92ÿ672 inseng.dll
07.11.2006 21:03 27ÿ136 jsproxy.dll
12.12.2006 10:45 1ÿ474ÿ864 LegitCheckControl.DLL
08.12.2006 01:13 10ÿ716ÿ584 MRT.exe
07.11.2006 21:03 458ÿ752 msfeeds.dll
07.11.2006 21:03 50ÿ688 msfeedsbs.dll
07.11.2006 03:26 71ÿ680 admparse.dll
07.11.2006 21:03 3ÿ577ÿ856 mshtml.dll
07.11.2006 21:03 475ÿ648 mshtmled.dll
07.11.2006 21:03 156ÿ160 msls31.dll
07.11.2006 21:03 670ÿ720 mstime.dll
12.11.2006 19:16 1ÿ688 TRJ_NTAUTO.TMP
07.11.2006 21:03 1ÿ162ÿ240 urlmon.dll
07.11.2006 21:03 413ÿ696 vbscript.dll
07.11.2006 21:03 231ÿ424 webcheck.dll
07.11.2006 21:03 818ÿ688 wininet.dll
07.12.2006 07:29 2ÿ374ÿ472 wmvcore.dll
03.01.2007 13:25 2ÿ206 wpa.dbl
03.01.2007 08:32 0 ypsg.dll
Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\Program Files\Common Files


03.01.2007 07:42 <DIR> System
Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\WINDOWS\temp


05.01.2007 08:48 4ÿ790 MpSigStub.log
05.01.2007 08:48 3ÿ694 MpCmdRun.log



-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[Run]

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"="\\?\C:\WINDOWS\system32\lpt6.waq"

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\NavLogon]
"DllName"="C:\WINDOWS\system32\NavLogon.dll"
"Logoff"="NavLogoffEvent"
"StartShell"="NavStartShellEvent"

[Winlogon\Notify\QConGina]
@Class="HKEY_LOCAL_MACHINE"
"DllName"="QConGina.dll"
"Logoff"="QConGinaWLEventLogoff"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\tphotkey]
@=""
"DllName"="tphklock.dll"
"Startup"="WLEventStartup"
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp"
"BuildNumber"=dword:00000a28

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"TrackPointSrv"="tp4serv.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
"LTWinModem1"="ltmsg.exe 9"
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
"BLOG"="rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog"
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper"
"QCTRAY"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"
"QCWLICON"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"
"BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor"
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\""
"TkBellExe"="\"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe\" /startup"
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"vptray"="C:\Program Files\NavNT\vptray.exe"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

[RunServices]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:000002ec
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="239650f4"
"Pattern"=hex:6c,b4,d2,8e,b9,10,7c,6f,92,40,70,a0,ee,d5,cd,50,32,33,39,36,35,\
30,66,34,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,18,e2,86,74

[Lsa\GBG]
@Class="18fb6b05"
"GrafBlumGroup"=hex:e2,cc,ea,56,3e,12,2a,07,57

[Lsa\JD]
@Class="0e4774b9"
"Lookup"=hex:c6,4f,67,d3,57,37

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="86e2d8c2"
"SkewMatrix"=hex:50,7f,78,97,13,a2,e3,3b,83,6a,7d,dc,8c,64,7b,f6

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:70,49,00,66,0c,0b,c6,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."

[SharedAccess\Epoch]
"Epoch"=dword:000023dd

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe"="C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe:*isabledC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"

[SharedAccess\Security]
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
@="Selaimen mukautukset"
"ComponentID"="BRANDING.CAB"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@="Windows Media Player"
"ComponentID"="WMPACCESS"
"StubPath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-21"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@C:\WINDOWS\system32\iedkcs32.dll,-3052"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\Microsoft Base Smart Card Crypto Provider Package]

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.5.0_06\bin\regutils.dll"

[Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
"ComponentID"="KB922770"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
@="Internet Explorerin Lueminut-tiedosto"
"ComponentID"="IEREADME"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
@="IEEX"
"ComponentID"="IEEX"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"

[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4CDAF616-D274-41F9-9478-64D5CCFADE80}]
@="Macromedia Shockwave Player"
"ComponentID"="CUSTOM1"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-20"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[Installed Components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
"ComponentID"="M886903"
@="Microsoft .NET Framework 1.1 Hotfix (KB886903)"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"ComponentID"="KB917283"

[Installed Components\{C47D9DDA-83FF-4907-9056-DC7827271070}]
@="Macromedia FlashPlayer"
"ComponentID"="CUSTOM0"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
#### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx"
@="Macromedia Flash Player 8"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"

-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000FC0000000000000000000000000000004DF09D45010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 9181 (0x23DD)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 9178 (0x23DA)

Result compared: Different


-------------List of running services -------------



000) "ALG" - Application Layer Gateway Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe

001) "AudioSrv" - Windows Audio
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

002) "AVG Anti-Spyware Guard" - AVG Anti-Spyware Guard
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

003) "BITS" - Background Intelligent Transfer Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

004) "CryptSvc" - Cryptographic Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

005) "DcomLaunch" - DCOM Server Process Launcher
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

006) "DefWatch" - DefWatch
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\defwatch.exe"

007) "Dhcp" - DHCP Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

008) "Dnscache" - DNS Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k NetworkService

009) "ERSvc" - Error Reporting Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

010) "Eventlog" - Event Log
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

011) "EventSystem" - COM+ Event System
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

012) "FastUserSwitchingCompatibility" - Fast User Switching Compatibility
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

013) "helpsvc" - Help and Support
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

014) "IBMPMSVC" - ThinkPad PM Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\ibmpmsvc.exe

015) "Irmon" - Infrared Monitor
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

016) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

017) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

018) "LmHosts" - TCP/IP NetBIOS Helper
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

019) "Netman" - Network Connections
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

020) "Nla" - Network Location Awareness (NLA)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

021) "Norton AntiVirus Server" - Norton AntiVirus Client
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\rtvscan.exe"

022) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

023) "PolicyAgent" - IPSEC Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\lsass.exe

024) "ProtectedStorage" - Protected Storage
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

025) "QCONSVC" - QCONSVC
---> STAT = (RUNNING) Started automatically
---> FILE = System32\QCONSVC.EXE

026) "RasMan" - Remote Access Connection Manager
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

027) "RemoteRegistry" - Remote Registry
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

028) "RpcSs" - Remote Procedure Call (RPC)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss

029) "SamSs" - Security Accounts Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

030) "Schedule" - Task Scheduler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

031) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

032) "SENS" - System Event Notification
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

033) "SharedAccess" - Windows Firewall/Internet Connection Sharing (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

034) "ShellHWDetection" - Shell Hardware Detection
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

035) "Spooler" - Print Spooler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe

036) "srservice" - System Restore Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

037) "SSDPSRV" - SSDP Discovery Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

038) "stisvc" - Windows Image Acquisition (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k imgsvc

039) "TapiSrv" - Telephony
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

040) "TermService" - Terminal Services
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

041) "Themes" - Themes
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

042) "TpKmpSVC" - IBM KCU Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\TpKmpSVC.exe

043) "TrkWks" - Distributed Link Tracking Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

044) "UMWdf" - Windows User Mode Driver Framework
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\wdfmgr.exe

045) "W32Time" - Windows Time
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

046) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

047) "WinDefend" - Windows Defender
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\Windows Defender\MsMpEng.exe"

048) "winmgmt" - Windows Management Instrumentation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

049) "wscsvc" - Security Center
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

050) "wuauserv" - Automatic Updates
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

051) "WZCSVC" - Wireless Zero Configuration
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



..:: BOOT REGISTRY ::..

0) "TrackPointSrv"
---> CMD = tp4serv.exe
---> FILE = C:\WINDOWS\System32\tp4serv.exe

1) "SunJavaUpdateSched"
---> CMD = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

2) "LTWinModem1"
---> CMD = ltmsg.exe 9
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\ltmsg.exe 9

3) "PRONoMgr.exe"
---> CMD = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
---> FILE = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

4) "TPHOTKEY"
---> CMD = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

5) "TP4EX"
---> CMD = tp4ex.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\tp4ex.exe

6) "EZEJMNAP"
---> CMD = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
---> FILE = C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

7) "BLOG"
---> CMD = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
---> FILE = (NOT EXISTS)

8) "TPKMAPHELPER"
---> CMD = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
---> FILE = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe

9) "QCTRAY"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE

10) "QCWLICON"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE

11) "BMMGAG"
---> CMD = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
---> FILE = (NOT EXISTS)

12) "BMMLREF"
---> CMD = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
---> FILE = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

13) "NeroFilterCheck"
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe

14) "RemoteControl"
---> CMD = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
---> FILE = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

15) "TkBellExe"
---> CMD = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
---> FILE = (NOT EXISTS)

16) "QuickTime Task"
---> CMD = "C:\Program Files\QuickTime\qttask.exe" -atboottime
---> FILE = (NOT EXISTS)

17) "Google Desktop Search"
---> CMD = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
---> FILE = (NOT EXISTS)

18) "Windows Defender"
---> CMD = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
---> FILE = (NOT EXISTS)

19) "vptray"
---> CMD = C:\Program Files\NavNT\vptray.exe
---> FILE = C:\Program Files\NavNT\vptray.exe



-------------List of NOT running services -------------



000) "Alerter" - Alerter
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

001) "AppMgmt" - Application Management
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

002) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

003) "Browser" - Computer Browser
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

004) "cisvc" - Indexing Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\cisvc.exe

005) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe

006) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

007) "COMSysApp" - COM+ System Application
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

008) "dmadmin" - Logical Disk Manager Administrative Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

009) "dmserver" - Logical Disk Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

010) "HidServ" - Human Interface Device Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

011) "HTTPFilter" - HTTP SSL
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

012) "IDriverT" - InstallDriver Table Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

013) "ImapiService" - IMAPI CD-Burning COM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\imapi.exe

014) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

015) "mnmsrvc" - NetMeeting Remote Desktop Sharing
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\mnmsrvc.exe

016) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msdtc.exe

017) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V

018) "NetDDE" - Network DDE
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

019) "NetDDEdsdm" - Network DDE DSDM
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

020) "Netlogon" - Net Logon
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe

021) "NetSvc" - Intel NCS NetService
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Intel\NCS\Sync\NetSvc.exe

022) "NtLmSsp" - NT LM Security Support Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe

023) "NtmsSvc" - Removable Storage
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

024) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

025) "RasAuto" - Remote Access Auto Connection Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

026) "RDSessMgr" - Remote Desktop Help Session Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe

027) "RemoteAccess" - Routing and Remote Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

028) "RpcLocator" - Remote Procedure Call (RPC) Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\locator.exe

029) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\rsvp.exe

030) "SCardSvr" - Smart Card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe

031) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754}

032) "SysmonLog" - Performance Logs and Alerts
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe

033) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\tlntsvr.exe

034) "upnphost" - Universal Plug and Play Device Host
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

035) "UPS" - Uninterruptible Power Supply
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe

036) "VSS" - Volume Shadow Copy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe

037) "WMConnectCDS" - Windows Media Connect Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Windows Media Connect 2\wmccds.exe

038) "WmdmPmSN" - Portable Media Serial Number Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

039) "Wmi" - Windows Management Instrumentation Driver Extensions
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

040) "WmiApSrv" - WMI Performance Adapter
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\wbem\wmiapsrv.exe

041) "xmlprov" - Network Provisioning Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



-------------List of running device driver services -------------



000) "ACPI" - Microsoft ACPI Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPI.sys

001) "ACPIEC" - Microsoft Embedded Controller Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPIEC.sys

002) "AFD" - AFD Networking Support Environment
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys

003) "agp440" - Intel AGP Bus Filter
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\agp440.sys

004) "ANC" - ANC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\ANC.SYS

005) "atapi" - Standard IDE/ESDI Hard Disk Controller
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\atapi.sys

006) "audstub" - Audio Stub Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys

007) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

008) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys

009) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function

010) "BUFADPT" - BUFADPT
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\WINDOWS\system32\BUFADPT.SYS

011) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled

012) "Cdrom" - CD-ROM Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys

013) "CmBatt" - Microsoft AC Adapter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\CmBatt.sys

014) "Compbatt" - Microsoft Composite Battery Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\compbatt.sys

015) "cs429x" - Crystal WDM Audio Codec Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\cwawdm.sys

016) "Disk" - Disk Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\disk.sys

017) "E100B" - Intel(R) PRO Network Connection Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\e100b325.sys

018) "Fastfat" - Fastfat
---> STAT = (RUNNING) Disabled

019) "Fdc" - Floppy Disk Controller Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys

020) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function

021) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\drivers\fltmgr.sys

022) "Ftdisk" - Volume Manager Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ftdisk.sys

023) "Gpc" - Generic Packet Classifier
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys

024) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys

025) "i8042prt" - i8042 Keyboard and PS/2 Mouse Port Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\i8042prt.sys

026) "IBMPMDRV" - IBMPMDRV
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ibmpmdrv.sys

027) "IBMTPCHK" - IBMTPCHK
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\IBMBLDID.SYS

028) "Imapi" - CD-Burning Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys

029) "IntelIde" - IntelIde
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\intelide.sys

030) "IpNat" - IP Network Address Translator
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys

031) "IPSec" - IPSEC driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys

032) "irda" - IrDA Protocol
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys

033) "IRENUM" - IR Enumerator Service
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys

034) "isapnp" - PnP ISA/EISA Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\isapnp.sys

035) "Kbdclass" - Keyboard Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys

036) "kmixer" - Microsoft Kernel Wave Audio Mixer
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys

037) "KSecDD" - KSecDD
---> STAT = (RUNNING) Started by operating system loader

038) "ltmodem5" - Lucent Modem Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ltmdmxp.sys

039) "mnmdd" - mnmdd
---> STAT = (RUNNING) Started by "IoInitSystem" function

040) "Modem" - Modem
---> STAT = (RUNNING) Started manually

041) "Mouclass" - Mouse Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys

042) "MountMgr" - Mount Point Manager
---> STAT = (RUNNING) Started by operating system loader

043) "MRxDAV" - WebDav Client Redirector
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys

044) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys

045) "Msfs" - Msfs
---> STAT = (RUNNING) Started by "IoInitSystem" function

046) "mssmbios" - Microsoft System Management BIOS Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys

047) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader

048) "NAVAP" - NAVAP
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\NavNT\NAVAP.sys

049) "NAVAPEL" - NAVAPEL
---> STAT = (RUNNING) Started automatically
---> FILE = \??\C:\Program Files\NavNT\NAVAPEL.SYS

050) "NAVENG" - NAVENG
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.sys

051) "NAVEX15" - NAVEX15
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.sys

052) "NDIS" - NDIS System Driver
---> STAT = (RUNNING) Started by operating system loader

053) "NdisTapi" - Remote Access NDIS TAPI Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys

054) "Ndisuio" - NDIS Usermode I/O Protocol
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys

055) "NdisWan" - Remote Access NDIS WAN Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys

056) "NDProxy" - NDIS Proxy
---> STAT = (RUNNING) Started manually

057) "NetBIOS" - NetBIOS Interface
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys

058) "NetBT" - NetBios over Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys

059) "Npfs" - Npfs
---> STAT = (RUNNING) Started by "IoInitSystem" function

060) "NSCIRDA" - NSC Infrared Device Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nscirda.sys

061) "Ntfs" - Ntfs
---> STAT = (RUNNING) Disabled

062) "Null" - Null
---> STAT = (RUNNING) Started by "IoInitSystem" function

063) "P3" - Intel PentiumIII Processor Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\p3.sys

064) "Parport" - Parallel port driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys

065) "PartMgr" - Partition Manager
---> STAT = (RUNNING) Started by operating system loader

066) "ParVdm" - ParVdm
---> STAT = (RUNNING) Started automatically

067) "PCI" - PCI Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pci.sys

068) "Pcmcia" - Pcmcia
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pcmcia.sys

069) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspptp.sys

070) "PSched" - QoS Packet Scheduler
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\psched.sys

071) "Ptilink" - Direct Parallel Link Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ptilink.sys

072) "PxHelp20" - PxHelp20
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\Drivers\PxHelp20.sys

073) "RasAcd" - Remote Access Auto Connection Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rasacd.sys

074) "Rasirda" - WAN Miniport (IrDA)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasirda.sys

075) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasl2tp.sys

076) "RasPppoe" - Remote Access PPPOE Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspppoe.sys

077) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspti.sys

078) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rdbss.sys

079) "RDPCDD" - RDPCDD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys

080) "rdpdr" - Terminal Server Device Redirector Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rdpdr.sys

081) "redbook" - Digital CD Audio Playback Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\redbook.sys

082) "S3SSavage" - S3SSavage
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\s3ssavm.sys

083) "serenum" - Serenum Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\serenum.sys

084) "Serial" - Serial port driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\serial.sys

085) "Smapint" - Smapint
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Smapint.sys

086) "sr" - System Restore Filter Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\sr.sys

087) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv.sys

088) "swenum" - Software Bus Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\swenum.sys

089) "SymEvent" - SymEvent
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\Symantec\SYMEVENT.SYS

090) "sysaudio" - Microsoft Kernel System Audio Device
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys

091) "Tcpip" - TCP/IP Protocol Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\tcpip.sys

092) "TDSMAPI" - TDSMAPI
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TDSMAPI.SYS

093) "TermDD" - Terminal Device Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\termdd.sys

094) "Tp4Track" - PS/2 TrackPoint Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\tp4track.sys

095) "TPHKDRV" - TPHKDRV
---> STAT = (RUNNING) Started by "IoInitSystem" function

096) "TPPWR" - TPPWR
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Tppwr.sys

097) "TSMAPIP" - TSMAPIP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TSMAPIP.SYS

098) "Update" - Microcode Update Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\update.sys

099) "usbhub" - USB2 Enabled Hub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbhub.sys

100) "USBSTOR" - USB Mass Storage Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS

101) "usbuhci" - Microsoft USB Universal Host Controller Miniport Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbuhci.sys

102) "VgaSave" - VGA Display Controller.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys

103) "VolSnap" - VolSnap
---> STAT = (RUNNING) Started by operating system loader

104) "Wanarp" - Remote Access IP ARP Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\wanarp.sys

105) "wdmaud" - Microsoft WINMM WDM Audio Compatibility Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys



-------------List of NOT running device driver services -------------



000) "abp480n5" - abp480n5
---> STAT = (NOT RUNNING) Disabled

001) "ac97intc" - Intel(r) 82801 Audio Driver Install Service (WDM)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ac97intc.sys

002) "adpu160m" - adpu160m
---> STAT = (NOT RUNNING) Disabled

003) "aec" - Microsoft Kernel Acoustic Echo Canceller
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys

004) "Aha154x" - Aha154x
---> STAT = (NOT RUNNING) Disabled

005) "aic78u2" - aic78u2
---> STAT = (NOT RUNNING) Disabled

006) "aic78xx" - aic78xx
---> STAT = (NOT RUNNING) Disabled

007) "AliIde" - AliIde
---> STAT = (NOT RUNNING) Disabled

008) "amsint" - amsint
---> STAT = (NOT RUNNING) Disabled

009) "asc" - asc
---> STAT = (NOT RUNNING) Disabled

010) "asc3350p" - asc3350p
---> STAT = (NOT RUNNING) Disabled

011) "asc3550" - asc3550
---> STAT = (NOT RUNNING) Disabled

012) "AsyncMac" - RAS Asynchronous Media Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys

013) "Atdisk" - Atdisk
---> STAT = (NOT RUNNING) Disabled

014) "Atmarpc" - ATM ARP Client Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys

015) "BFAIFILT" - BFAIFILT
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\bfaifilt.sys

016) "cbidf2k" - cbidf2k
---> STAT = (NOT RUNNING) Disabled

017) "cd20xrnt" - cd20xrnt
---> STAT = (NOT RUNNING) Disabled

018) "Cdaudio" - Cdaudio
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

019) "Changer" - Changer
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

020) "CmdIde" - CmdIde
---> STAT = (NOT RUNNING) Disabled

021) "Cpqarray" - Cpqarray
---> STAT = (NOT RUNNING) Disabled

022) "dac960nt" - dac960nt
---> STAT = (NOT RUNNING) Disabled

023) "dmboot" - dmboot
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys

024) "dmio" - dmio
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmio.sys

025) "dmload" - dmload
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmload.sys

026) "DMusic" - Microsoft Kernel DLS Syntheiszer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys

027) "dpti2o" - dpti2o
---> STAT = (NOT RUNNING) Disabled

028) "drmkaud" - Microsoft Kernel DRM Audio Descrambler
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys

029) "Flpydisk" - Floppy Disk Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys

030) "HidUsb" - Microsoft HID Class Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys

031) "hpn" - hpn
---> STAT = (NOT RUNNING) Disabled

032) "hpt3xx" - hpt3xx
---> STAT = (NOT RUNNING) Disabled

033) "i2omgmt" - i2omgmt
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

034) "i2omp" - i2omp
---> STAT = (NOT RUNNING) Disabled

035) "ini910u" - ini910u
---> STAT = (NOT RUNNING) Disabled

036) "ip6fw" - IPv6 Windows Firewall Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys

037) "IpFilterDriver" - IP Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys

038) "IpInIp" - IP in IP Tunnel Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys

039) "kbdhid" - Keyboard HID Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdhid.sys

040) "lbrtfdc" - lbrtfdc
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

041) "mouhid" - Mouse HID Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys

042) "mraid35x" - mraid35x
---> STAT = (NOT RUNNING) Disabled

043) "MSKSSRV" - Microsoft Streaming Service Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys

044) "MSPCLOCK" - Microsoft Streaming Clock Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys

045) "MSPQM" - Microsoft Streaming Quality Manager Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys

046) "NAL" - Nal Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \??\C:\WINDOWS\system32\Drivers\iqvw32.sys

047) "NwlnkFlt" - IPX Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys

048) "NwlnkFwd" - IPX Traffic Forwarder Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys

049) "PCIDump" - PCIDump
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

050) "PCIIde" - PCIIde
---> STAT = (NOT RUNNING) Disabled

051) "PDCOMP" - PDCOMP
---> STAT = (NOT RUNNING) Started manually

052) "PDFRAME" - PDFRAME
---> STAT = (NOT RUNNING) Started manually

053) "PDRELI" - PDRELI
---> STAT = (NOT RUNNING) Started manually

054) "PDRFRAME" - PDRFRAME
---> STAT = (NOT RUNNING) Started manually

055) "perc2" - perc2
---> STAT = (NOT RUNNING) Disabled

056) "perc2hib" - perc2hib
---> STAT = (NOT RUNNING) Disabled

057) "Processor" - Processor Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\processr.sys

058) "QCNDISIF" - QCNDISIF
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\drivers\qcndisif.SYS

059) "ql1080" - ql1080
---> STAT = (NOT RUNNING) Disabled

060) "Ql10wnt" - Ql10wnt
---> STAT = (NOT RUNNING) Disabled

061) "ql12160" - ql12160
---> STAT = (NOT RUNNING) Disabled

062) "ql1240" - ql1240
---> STAT = (NOT RUNNING) Disabled

063) "ql1280" - ql1280
---> STAT = (NOT RUNNING) Disabled

064) "RDPWD" - RDPWD
---> STAT = (NOT RUNNING) Started manually

065) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\secdrv.sys

066) "Sfloppy" - Sfloppy
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

067) "Simbad" - Simbad
---> STAT = (NOT RUNNING) Disabled

068) "Sparrow" - Sparrow
---> STAT = (NOT RUNNING) Disabled

069) "splitter" - Microsoft Kernel Audio Splitter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys

070) "swmidi" - Microsoft Kernel GS Wavetable Synthesizer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys

071) "symc810" - symc810
---> STAT = (NOT RUNNING) Disabled

072) "symc8xx" - symc8xx
---> STAT = (NOT RUNNING) Disabled

073) "sym_hi" - sym_hi
---> STAT = (NOT RUNNING) Disabled

074) "sym_u3" - sym_u3
---> STAT = (NOT RUNNING) Disabled

075) "TDPIPE" - TDPIPE
---> STAT = (NOT RUNNING) Started manually

076) "TDTCP" - TDTCP
---> STAT = (NOT RUNNING) Started manually

077) "TosIde" - TosIde
---> STAT = (NOT RUNNING) Disabled

078) "TwoTrack" - IBM PS/2 TrackPoint Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\TwoTrack.sys

079) "u2kg54" - BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\rt2500usb.sys

080) "Udfs" - Udfs
---> STAT = (NOT RUNNING) Disabled

081) "ultra" - ultra
---> STAT = (NOT RUNNING) Disabled

082) "usbscan" - USB Scanner Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys

083) "ViaIde" - ViaIde
---> STAT = (NOT RUNNING) Disabled

084) "WDICA" - WDICA
---> STAT = (NOT RUNNING) Started manually

085) "WS2IFSL" - Windows Socket 2.0 Non-IFS Service Provider Support Environment
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys



-------------Svchost Instances-------------
### LocalService:
Alerter
C:\WINDOWS\system32\alrsvc.dll

WebClient
C:\WINDOWS\System32\webclnt.dll

LmHosts
C:\WINDOWS\System32\lmhsvc.dll

RemoteRegistry
C:\WINDOWS\system32\regsvc.dll

upnphost
C:\WINDOWS\System32\upnphost.dll

SSDPSRV
C:\WINDOWS\System32\ssdpsrv.dll

### NetworkService:
DnsCache
C:\WINDOWS\System32\dnsrslvr.dll

### netsvcs:
6to4
No File Listed

AppMgmt
C:\WINDOWS\System32\appmgmts.dll

AudioSrv
C:\WINDOWS\System32\audiosrv.dll

Browser
C:\WINDOWS\System32\browser.dll

CryptSvc
C:\WINDOWS\System32\cryptsvc.dll

DMServer
C:\WINDOWS\System32\dmserver.dll

DHCP
C:\WINDOWS\System32\dhcpcsvc.dll

ERSvc
C:\WINDOWS\System32\ersvc.dll

EventSystem
C:\WINDOWS\System32\es.dll

FastUserSwitchingCompatibility

HidServ
C:\WINDOWS\System32\hidserv.dll

No File Listed

Iprip
No File Listed

Irmon
C:\WINDOWS\System32\irmon.dll

LanmanServer
C:\WINDOWS\System32\srvsvc.dll

LanmanWorkstation
C:\WINDOWS\System32\wkssvc.dll

Messenger
C:\WINDOWS\System32\msgsvc.dll

Netman
C:\WINDOWS\System32\netman.dll

C:\WINDOWS\System32\mswsock.dll

Ntmssvc
C:\WINDOWS\system32\ntmssvc.dll

NWCWorkstation
No File Listed

Nwsapagent
No File Listed

Rasauto
C:\WINDOWS\System32\rasauto.dll

Rasman
C:\WINDOWS\System32\rasmans.dll

Remoteaccess
C:\WINDOWS\System32\mprdim.dll

Schedule
C:\WINDOWS\system32\schedsvc.dll

Seclogon
C:\WINDOWS\System32\seclogon.dll

C:\WINDOWS\system32\sens.dll

Sharedaccess
C:\WINDOWS\System32\ipnathlp.dll

SRService
C:\WINDOWS\System32\srsvc.dll

Tapisrv
C:\WINDOWS\System32\tapisrv.dll

Themes

TrkWks
C:\WINDOWS\system32\trkwks.dll

W32Time
C:\WINDOWS\System32\w32time.dll

WZCSVC
C:\WINDOWS\System32\wzcsvc.dll


WmdmPmSp
No File Listed

winmgmt
C:\WINDOWS\system32\wbem\WMIsvc.dll

TermService
C:\WINDOWS\System32\termsrv.dll

wuauserv
C:\WINDOWS\system32\wuauserv.dll

BITS
C:\WINDOWS\System32\qmgr.dll

ShellHWDetection

helpsvc
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

xmlprov
C:\WINDOWS\System32\xmlprov.dll

wscsvc
C:\WINDOWS\system32\wscsvc.dll

WmdmPmSN
C:\WINDOWS\system32\MsPMSNSv.dll

### rpcss:
RpcSs
C:\WINDOWS\system32\rpcss.dll

### imgsvc:
StiSvc
C:\WINDOWS\system32\wiaservc.dll

### termsvcs:
TermService
C:\WINDOWS\System32\termsrv.dll

### HTTPFilter:
HTTPFilter
C:\WINDOWS\System32\w3ssl.dll

### DcomLaunch:
DcomLaunch
C:\WINDOWS\system32\rpcss.dll

TermService
C:\WINDOWS\System32\termsrv.dll


-------------loaded Dlls -------------
NOTE: already known legit dlls are not shown



------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>

------------------------------------------------------------------------------
smss.exe pid: 600
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe

------------------------------------------------------------------------------
csrss.exe pid: 664
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75b40000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75b50000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75b60000 0x4a000 5.01.2600.2751 C:\WINDOWS\system32\winsrv.dll

------------------------------------------------------------------------------
winlogon.exe pid: 688
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x6000 C:\WINDOWS\system32\tphklock.dll
0x00fa0000 0xc000 C:\WINDOWS\system32\NavLogon.dll

------------------------------------------------------------------------------
services.exe pid: 736
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x758e0000 0x50000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dba0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b70000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll

------------------------------------------------------------------------------
lsass.exe pid: 748
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x75730000 0xb4000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x74440000 0x6a000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x744b0000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x767c0000 0x2c000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x74380000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll
0x74410000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x743e0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x75d90000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x743a0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x743c0000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll

------------------------------------------------------------------------------
ibmpmsvc.exe pid: 912
Command line: C:\WINDOWS\system32\ibmpmsvc.exe

Base Size Version Path
0x00400000 0x13000 1.33.0000.0000 C:\WINDOWS\system32\ibmpmsvc.exe

------------------------------------------------------------------------------
svchost.exe pid: 936
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x760f0000 0x53000 5.01.2600.2180 c:\windows\system32\termsrv.dll
0x74f70000 0x6000 5.01.2600.2180 c:\windows\system32\ICAAPI.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x75110000 0x1f000 5.01.2600.2180 c:\windows\system32\mstlsapi.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL

------------------------------------------------------------------------------
svchost.exe pid: 1044
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll

------------------------------------------------------------------------------
MsMpEng.exe pid: 1144
Command line: "C:\Program Files\Windows Defender\MsMpEng.exe"

Base Size Version Path
0x01000000 0x4000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpEng.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x5c800000 0x44000 1.01.1593.0000 C:\Program Files\Windows Defender\MpSvc.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5e800000 0xf000 1.01.1593.0000 C:\Program Files\Windows Defender\mprtplug.dll
0x01820000 0x2b5000 1.01.1904.0000 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E7367181-3162-4AAE-B5CE-F24FF61F0F9A}\mpengine.dll

------------------------------------------------------------------------------
svchost.exe pid: 1188
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76d80000 0x1e000 5.01.2600.2912 c:\windows\system32\dhcpcsvc.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x77620000 0x6e000 5.01.2600.2180 c:\windows\system32\wzcsvc.dll
0x76d30000 0x4000 5.01.2600.2180 c:\windows\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 c:\windows\system32\ESENT.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x65f40000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll
0x76b70000 0x1f000 5.01.2600.2180 C:\WINDOWS\System32\rastls.dll
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00fc0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\System32\TAPI32.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\System32\SCHANNEL.dll
0x58d30000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll
0x76bd0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\raschap.dll
0x77300000 0x32000 5.01.2600.2180 c:\windows\system32\schedsvc.dll
0x767a0000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x74f50000 0x5000 6.00.2900.2180 C:\WINDOWS\System32\MSIDLE.DLL
0x708b0000 0xd000 5.01.2600.2180 c:\windows\system32\audiosrv.dll
0x76e40000 0x23000 5.01.2600.2976 c:\windows\system32\wkssvc.dll
0x5b9f0000 0x64000 6.06.2600.2180 c:\windows\system32\qmgr.dll
0x76780000 0x9000 6.00.2900.2180 c:\windows\system32\SHFOLDER.dll
0x4d4f0000 0x58000 5.01.2600.2180 c:\windows\system32\WINHTTP.dll
0x76ce0000 0x12000 5.01.2600.2180 c:\windows\system32\cryptsvc.dll
0x77b90000 0x32000 5.01.2600.2180 c:\windows\system32\certcli.dll
0x74f80000 0x9000 5.01.2600.2180 c:\windows\system32\ersvc.dll
0x77710000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x74f40000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x75090000 0x1a000 5.01.2600.2577 c:\windows\system32\srvsvc.dll
0x77d00000 0x33000 5.01.2600.2743 c:\windows\system32\netman.dll
0x76400000 0x1a6000 5.01.2600.2180 c:\windows\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 c:\windows\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 c:\windows\system32\WZCSAPI.DLL
0x73d20000 0x8000 5.01.2600.2180 c:\windows\system32\seclogon.dll
0x722d0000 0xd000 5.01.2600.2180 c:\windows\system32\sens.dll
0x751a0000 0x2e000 5.01.2600.2180 c:\windows\system32\srsvc.dll
0x74ad0000 0x8000 6.00.2900.2180 c:\windows\system32\POWRPROF.dll
0x75070000 0x19000 5.01.2600.2180 c:\windows\system32\trkwks.dll
0x767c0000 0x2c000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x59490000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x753e0000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x65000000 0x2e000 7.00.5730.0011 C:\WINDOWS\System32\ADVPACK.dll
0x75150000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x600a0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x76da0000 0x15000 5.01.2600.2180 c:\windows\system32\browser.dll
0x66460000 0x55000 5.01.2600.2180 c:\windows\system32\ipnathlp.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x4c0a0000 0x17000 5.01.2600.2180 c:\windows\system32\wscsvc.dll
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76620000 0x13c000 2001.12.4414.0308 C:\WINDOWS\system32\comsvcs.dll
0x75130000 0x14000 2001.12.4414.0308 C:\WINDOWS\system32\colbact.DLL
0x750f0000 0x13000 2001.12.4414.0311 C:\WINDOWS\system32\MTXCLU.DLL
0x76d10000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\CLUSAPI.DLL
0x750b0000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\RESUTILS.DLL
0x762c0000 0x85000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\esscli.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\FastProx.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75200000 0x2e000 5.01.2600.2180 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x597f0000 0x6d000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x75390000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemess.dll
0x5f740000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\ncprov.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
0x755f0000 0x9a000 5.01.2600.2180 C:\WINDOWS\System32\netcfgx.dll
0x76de0000 0x23000 5.01.2600.2180 C:\WINDOWS\System32\upnp.dll
0x74f00000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\SSDPAPI.dll
0x7df30000 0x31000 5.01.2600.2936 C:\WINDOWS\System32\rasmans.dll
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x733e0000 0x40000 5.01.2600.2716 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\rastapi.dll
0x57cc0000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x72000000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\uniplat.dll
0x5b070000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x57d40000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x57d20000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x57d50000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x57d70000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x57d60000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x688f0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\HID.DLL
0x72240000 0x35000 5.01.2600.2180 C:\WINDOWS\System32\rasppp.dll
0x724b0000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\ntlsapi.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\System32\RASDLG.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\System32\dssenh.dll
0x6fb10000 0x9e000 2001.12.4414.0308 C:\WINDOWS\System32\catsrvut.dll
0x6fbd0000 0x3d000 2001.12.4414.0308 C:\WINDOWS\System32\catsrv.dll
0x61990000 0x9000 2001.12.4414.0258 C:\WINDOWS\System32\MfcSubs.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\sensapi.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll

------------------------------------------------------------------------------
svchost.exe pid: 1284
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76770000 0xd000 5.01.2600.2180 c:\windows\system32\dnsrslvr.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
svchost.exe pid: 1476
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74c40000 0x6000 5.01.2600.2180 c:\windows\system32\lmhsvc.dll
0x5a6e0000 0x15000 5.01.2600.2821 c:\windows\system32\webclnt.dll
0x00750000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76af0000 0x12000 5.01.2600.2180 c:\windows\system32\regsvc.dll
0x765e0000 0x14000 5.01.2600.2180 c:\windows\system32\ssdpsrv.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\System32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll

------------------------------------------------------------------------------
spoolsv.exe pid: 1664
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x75bb0000 0x56000 5.01.2600.2180 C:\WINDOWS\system32\localspl.dll
0x742a0000 0xe000 0.03.0000.0000 C:\WINDOWS\system32\cnbjmon.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x009e0000 0x8000 0.03.1897.0000 C:\WINDOWS\system32\mdimon.dll
0x00ec0000 0x8000 0.03.1897.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x75c10000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\win32spl.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\NETRAP.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x74300000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\inetpp.dll

------------------------------------------------------------------------------
guard.exe pid: 1944
Command line: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

Base Size Version Path
0x00400000 0x34000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
0x10000000 0xdd000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
0x76780000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
defwatch.exe pid: 1968
Command line: "C:\Program Files\NavNT\defwatch.exe"

Base Size Version Path
0x00400000 0x8000 7.60.0000.0926 C:\Program Files\NavNT\defwatch.exe

------------------------------------------------------------------------------
rtvscan.exe pid: 2024
Command line: "C:\Program Files\NavNT\rtvscan.exe"

Base Size Version Path
0x00400000 0x7a000 7.60.0000.0926 C:\Program Files\NavNT\rtvscan.exe
0x10000000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2.dll
0x00330000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ARJ.dll
0x00340000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ID.dll
0x00350000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LHA.dll
0x00360000 0x10000 2.50.0031.0052 C:\Program Files\NavNT\SymLHA.dll
0x00370000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LZ.dll
0x00380000 0x11000 2.50.0031.0052 C:\Program Files\NavNT\Dec2MIME.dll
0x003a0000 0x29000 2.50.0031.0052 C:\Program Files\NavNT\Dec2Zip.dll
0x003d0000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2AMG.dll
0x003e0000 0x1b000 2.50.0031.0052 C:\Program Files\NavNT\SYMAMG32.DLL
0x00480000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2UUE.dll
0x00490000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2SS.dll
0x004a0000 0xd000 2.50.0031.0052 C:\Program Files\NavNT\Dec2RTF.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x004b0000 0x10000 7.60.0000.0926 C:\Program Files\NavNT\NAVLU.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x01570000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x019a0000 0x42000 7.60.0000.0926 C:\Program Files\NavNT\i2ldvp3.dll
0x01a00000 0x31000 4.01.0000.0015 C:\Program Files\NavNT\NAVAPI32.DLL
0x69100000 0xd6000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX32a.DLL
0x692c0000 0x1e000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG32.DLL
0x01a70000 0xe000 5.03.0001.0039 C:\Program Files\NavNT\NAVAP32.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x50070000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\amslib.dll
0x01ac0000 0x18000 3.00.0000.0002 C:\WINDOWS\system32\loc32vc0.dll
0x03770000 0x2c000 7.60.0000.0926 C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\scandlgs.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL

------------------------------------------------------------------------------
QCONSVC.EXE pid: 268
Command line: System32\QCONSVC.EXE

Base Size Version Path
0x00400000 0x15000 3.08.0001.0000 C:\WINDOWS\System32\QCONSVC.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
svchost.exe pid: 508
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75aa0000 0x55000 5.01.2600.2180 c:\windows\system32\wiaservc.dll
0x74ae0000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll
0x73b30000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll

------------------------------------------------------------------------------
TpKmpSvc.exe pid: 636
Command line: C:\WINDOWS\system32\TpKmpSVC.exe

Base Size Version Path
0x00400000 0xa000 C:\WINDOWS\system32\TpKmpSVC.exe

------------------------------------------------------------------------------
wdfmgr.exe pid: 1136
Command line: C:\WINDOWS\system32\wdfmgr.exe

Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe

------------------------------------------------------------------------------
explorer.exe pid: 1784
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ba60000 0x71000 6.00.2900.2180 C:\WINDOWS\System32\themeui.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\MSIMG32.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\System32\msutb.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\System32\MSCTF.dll
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x74af0000 0xa000 6.00.2900.2180 C:\WINDOWS\System32\BatMeter.dll
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\System32\POWRPROF.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\NETSHELL.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x021c0000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x10000000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x021f0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x5af60000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\usbui.dll
0x01b10000 0x12000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x01af0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x6c1b0000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x00d00000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00d30000 0xa000 7.60.0000.0926 C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
0x00d90000 0x20000 7.05.0000.0049 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x73380000 0x57000 6.00.2900.2180 C:\WINDOWS\System32\zipfldr.dll

------------------------------------------------------------------------------
alg.exe pid: 2072
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
MSGSYS.EXE pid: 2148
Command line: MsgSys.EXE

Base Size Version Path
0x00400000 0x6000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.EXE
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll

------------------------------------------------------------------------------
tp4serv.exe pid: 2520
Command line: "C:\WINDOWS\system32\tp4serv.exe"

Base Size Version Path
0x00400000 0x1b000 3.55.0000.0000 C:\WINDOWS\system32\tp4serv.exe
0x008b0000 0x1e000 C:\WINDOWS\system32\tp4uires.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
jusched.exe pid: 2532
Command line: "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

Base Size Version Path
0x00400000 0x9000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
ltmsg.exe pid: 2592
Command line: "C:\WINDOWS\system32\ltmsg.exe" 9

Base Size Version Path
0x00400000 0xf000 3.00.0000.0002 C:\WINDOWS\system32\ltmsg.exe
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
PRONoMgr.exe pid: 2652
Command line: "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"

Base Size Version Path
0x00400000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\ENUPGUIR.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00d50000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\PNC802_3.dll
0x00d80000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\ENUPCMRs.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
TPHKMGR.exe pid: 2664
Command line: "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"

Base Size Version Path
0x00400000 0x19000 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0xd000 1.00.0000.0004 C:\WINDOWS\system32\Oemdspif.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
EZEJMNAP.EXE pid: 2784
Command line: "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"

Base Size Version Path
0x00400000 0x3e000 1.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x10000000 0xe000 C:\PROGRA~1\ThinkPad\UTILIT~1\US\EzMApRes.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
TPONSCR.exe pid: 2804
Command line: "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe"

Base Size Version Path
0x00400000 0x15000 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
QCTRAY.EXE pid: 2888
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"

Base Size Version Path
0x00400000 0xcf000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00240000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00250000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x05050000 0x11000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\TrayRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x081a0000 0x18000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANCA.dll
0x081c0000 0xf000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANC.dll

------------------------------------------------------------------------------
QCWLICON.EXE pid: 2916
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"

Base Size Version Path
0x00400000 0x17000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00340000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x00a00000 0x7000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\IconRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
rundll32.exe pid: 2924
Command line: "C:\WINDOWS\system32\RunDll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

Base Size Version Path
0x01000000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\RunDll32.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\powrprof.dll
0x00a00000 0x26000 4.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
PDVDServ.exe pid: 2996
Command line: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

Base Size Version Path
0x00400000 0x8000 6.00.0000.1027 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0xa000 3.02.0000.2021 C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
qttask.exe pid: 3036
Command line: "C:\Program Files\QuickTime\qttask.exe" -atboottime

Base Size Version Path
0x00400000 0x47000 7.01.0000.0210 C:\Program Files\QuickTime\qttask.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
GoogleDesktop.exe pid: 3048
Command line: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

Base Size Version Path
0x00400000 0x33000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
MSASCui.exe pid: 3112
Command line: "C:\Program Files\Windows Defender\MSASCui.exe" -hide

Base Size Version Path
0x01000000 0xd7000 1.01.1593.0000 C:\Program Files\Windows Defender\MSASCui.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x61800000 0x9a000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpRes.dll
0x5d800000 0xac000 1.01.1593.0000 C:\Program Files\Windows Defender\MpRtMon.DLL
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x4b400000 0x86000 5.41.0015.1509 C:\WINDOWS\system32\MSFTEDIT.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------
vptray.exe pid: 3140
Command line: "C:\Program Files\NavNT\vptray.exe"

Base Size Version Path
0x00400000 0x12000 7.60.0000.0926 C:\Program Files\NavNT\vptray.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x28000 7.60.0000.0926 C:\Program Files\NavNT\Cliproxy.dll
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x00950000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x00ba0000 0x40000 7.60.0000.0926 C:\Program Files\NavNT\Cliscan.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x009c0000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x00a20000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
ctfmon.exe pid: 3152
Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------
GoogleToolbarNotifier.exe pid: 3184
Command line: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"

Base Size Version Path
0x00400000 0x2b000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0xe000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00ef0000 0x41000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76d80000 0x1e000 5.01.2600.2912 C:\WINDOWS\system32\DHCPCSVC.DLL
0x77d00000 0x33000 5.01.2600.2743 C:\WINDOWS\system32\netman.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WZCSAPI.DLL
0x77620000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\WZCSvc.DLL
0x76d30000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 C:\WINDOWS\system32\ESENT.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
GoogleDesktopIndex.exe pid: 3228
Command line: "GoogleDesktopIndex.exe"

Base Size Version Path
0x00400000 0xc1000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
0x60000000 0x80000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x4d000000 0x34000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
iexplore.exe pid: 3540
Command line: "C:\Program Files\Internet Explorer\iexplore.exe"

Base Size Version Path
0x00400000 0x9a000 7.00.5730.0011 C:\Program Files\Internet Explorer\iexplore.exe
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\IEFRAME.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dff0000 0x2f000 7.00.5730.0011 C:\WINDOWS\system32\IEUI.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x47060000 0x21000 1.00.1018.0000 C:\WINDOWS\system32\xmllite.dll
0x746f0000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x61930000 0x4a000 7.00.5730.0011 C:\Program Files\Internet Explorer\ieproxy.dll
0x01270000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x10000000 0x337000 4.00.1020.2544 c:\program files\google\googletoolbar1.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x59a60000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x019a0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x7e830000 0x36f000 7.00.5730.0011 C:\WINDOWS\system32\mshtml.dll
0x746c0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x72ea0000 0x60000 7.00.5824.16386 C:\WINDOWS\system32\ieapfltr.dll
0x63380000 0x78000 5.07.0000.5730 C:\WINDOWS\system32\jscript.dll
0x1b000000 0xc000 7.00.5730.0011 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 7.00.5730.0011 C:\WINDOWS\system32\pngfilt.dll
0x30000000 0x222000 8.00.0022.0000 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
0x73300000 0x65000 5.07.0000.5730 C:\WINDOWS\system32\vbscript.dll
0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll
0x6d430000 0xa000 5.03.2600.2180 C:\WINDOWS\System32\ddrawex.dll
0x73760000 0x49000 5.03.2600.2180 C:\WINDOWS\System32\DDRAW.dll
0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll
0x63f00000 0xc000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x76200000 0x77000 7.00.5730.0011 C:\WINDOWS\system32\mshtmled.dll
0x58760000 0x32000 7.00.5730.0011 C:\WINDOWS\system32\iepeers.dll
0x07330000 0x8000 7.00.5730.0011 C:\WINDOWS\system32\corpol.dll
0x75e60000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5f800000 0x15000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpOAv.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x07ac0000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll

------------------------------------------------------------------------------
jucheck.exe pid: 1368
Command line: -auto

Base Size Version Path
0x00400000 0x3c000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
0x00320000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
systemscan.exe pid: 1860
Command line: "C:\Documents and Settings\Administrator\Desktop\systemscan.exe"

Base Size Version Path
0x00400000 0x24000 C:\Documents and Settings\Administrator\Desktop\systemscan.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL
0x74e30000 0x6c000 5.30.0023.1221 C:\WINDOWS\system32\RICHED20.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll

------------------------------------------------------------------------------
runme.exe pid: 3796
Command line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe"

Base Size Version Path
0x00400000 0x46000 2.00.0000.0023 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe
0x73420000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x6b800000 0x25000 5.06.0000.6626 C:\WINDOWS\system32\scrrun.dll

------------------------------------------------------------------------------
wmiprvse.exe pid: 2272
Command line: C:\WINDOWS\System32\wbem\wmiprvse.exe

Base Size Version Path
0x01000000 0x38000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvse.exe
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\wbem\FastProx.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ef0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemprox.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x5bd90000 0x18000 5.01.2600.2180 C:\WINDOWS\System32\wbem\stdprov.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\wbem\esscli.dll

------------------------------------------------------------------------------
cmd.exe pid: 1568
Command line: cmd /c listdlls.exe >> %systemdrive%\suspectfile\report.row

Base Size Version Path
0x4ad00000 0x61000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
Command line: listdlls.exe

Base Size Version Path
0x00400000 0x11000 2.25.0000.0000 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\LISTDLLS.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

-------------NTFS ADS -------------



Error opening C:\pagefile.sys:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\Administrator\NTUSER.DAT:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\Administrator\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.



C:\Documents and Settings\Administrator\Desktop\FixLinkopt.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Administrator\Desktop\gmer.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Administrator\Desktop\PrevxFixGrom.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Administrator\Favorites\HJT logi, kone on _todella_ hidas.url:

Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{340A3AE8-04A8-4934-861A-56F5C49D99CB}:
The process cannot access the file because it is being used by another process.



C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3D55C4EL\aawsepersonal[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8S63CC65\avgas-setup-7.5.0.50[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\FixLinkopt[1].exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\PrevxFixGrom[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\All Users\Application Data\TEMP:

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:
:encryptable:$DATA 0



Error opening C:\Documents and Settings\LocalService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\LocalService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\NetworkService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\NetworkService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.


..
C:\Documents and Settings\Tapio Uotila\Desktop\86743.asx:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\Desktop\sdsetup.exe:
:Zone.Identifier:$DATA 26
.

.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CA5YJZYT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021975241&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=47&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAE34TAZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022000438&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=50&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAEJWLUJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022019503&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAF7GQGK.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021958420&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=56&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CANBAK0R.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CARFYKFV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022031971&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=44&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAUIC2ZB.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.


.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA2JGNP5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=46&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA6B4XM7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021886706&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA83TL1V.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022038314&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=52&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA9KBTN4.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAC3UMJC.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021967592&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=57&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAIZU761.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022048136&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=53&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAOL2RA5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022024028&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=40&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAWG8C2H.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAYRS92J.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=60&u_java=true:
The system cannot find the path specified.


.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA0YJ51Q.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022018172&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA43GJWV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=43&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAKD0H2D.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021953954&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=55&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQNC9Q1.fcgi%3Fcategory%3D1500000000000005%26conference%3D4500000000000011%26subcat%3D485&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQXCDSR.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021977928&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=48&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWRWPOL.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26posting%3D22000000021982266&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWW16W5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021979211&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=58&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAZWH8TT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022026604&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=41&u_java=true:
The system cannot find the path specified.





Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA16EGJS.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA6NOL2F.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022033338&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=59&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA9IU61Y.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021987684&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=49&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAABKTMV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAGDC007.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.


.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAM2I2X4.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022029204&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=42&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAMR4TU7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=51&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAW2BYS0.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022037652&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=45&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYB81IJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYJGLMB.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=54&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYVWHEZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.


..
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\51koodia - Nimetty\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Anna Eriksson - Sinusta sinuun 2005\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Kiila - 2005\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD1_192\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD2_192\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Christian_Forss_-_Christian_Forss-KMR\Thumbs.db:
:encryptable:$DATA 0



C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Greenday.-.American.Idiot.(2004).-.by.LoCkY\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\gunther - pleasureman [2004]\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\H.I.M_-_Wings_of_A_Butterfly-Promo-CDS-2005-OASiS\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Hanna Pakarinen - When I Become Me 2004\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Him - And Love Said No (2004)\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Irina - Vahva\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Kotiteollisuus - Helvetistä Itään\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Angels Fall First\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Century Child\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Oceanborn\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Once\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Stratovarius - Infinite\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The best of hiphop_2005(Beyoncé, Snoop Dogg,alicia keys,,Destinys Child,missy elliot,Dodo Power,50 cent,kelis,eminem,black eyes peas,Xzibit...)\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Black Eyed Peas - (2005) Monkey Business .[WwW.LiMiTeDiVx.CoM].By KELOLO\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Rasmus - Dead Letters\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\20.8.2006 Vääräjoella\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ahvenanmaa 2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Elinan vanhojentanssit\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoon asuntomessut\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoosta\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\2005_02_06\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jeren kanssa muumimaailmassa kesällä 2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Joukon kaverin ristiäiset\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\jämi\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jämillä retkeilemässä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kesä 2005 kuvia\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\kesä 2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kulta zoomailee\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kuninkaan lähteellä uimassa\Thumbs.db:
:encryptable:$DATA 0



C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lentokauden päättäjäiset 2005\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lomailua Tevaniemessä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Laivalla\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Naantalin kylpylässä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja kultaseni\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muumi maailmassa\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muuta sekalaista\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Heinijärvellä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Vääksyssä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Naamiaiset 2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\O41 ja Opistonkuvia\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ollin kissa ja Janilta kuvia\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Pallas 2005\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\pirkan pyöräily 2006\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ranska 2005\Thumbs.db:
:encryptable:$DATA 0
.


C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Savusukellusharj. paperitehtaalla\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Turvallisuus messut\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Vanajan linnassa\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Jämillä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa 11.2.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_19\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_20\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Yyterissä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Received Files\testi.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\bsplayer137.826.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DivXPlay.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\ffdshow-20041012.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\PDVD_6_trial.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\RealPlayer10-5GOLD.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\wrar351.exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Ensihoito\Hengitysäänet\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Alkusammutus harjoitus 2.2.06\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Avajaiset\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Eläinten käsittely\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Ensihoito\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Harjoitusalue\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Kastajaiset\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Laskeutuminen\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Letkuhuoltoa\Thumbs.db:
:encryptable:$DATA 0



C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\liikenneonnettomuus\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Metsäpalokontti 21.3.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 1 7.2.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 2 8.2.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 3 9.2.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pintapelastus\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Savusukellus\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Ensihoito\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Vaahtokalusto 28.3.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Pulloventtiili.wmv:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\tvlista062006.doc:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\Uotilanuusin.doc:
:Zone.Identifier:$DATA 26
...

...

...

...
C:\RECYCLER\S-1-5-21-1220945662-436374069-854245398-1003\Dc5.asx:
:Zone.Identifier:$DATA 26


.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP2\A0001103.exe:
:Zone.Identifier:$DATA 26
..

.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004507.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004512.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004528.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004538.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004556.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004605.exe:
:Zone.Identifier:$DATA 26
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP46\A0004807.exe:
:Zone.Identifier:$DATA 26
.

...

...

...

...

...

...

...


Error opening C:\WINDOWS\system32\lpt6.waq:
The system cannot find the file specified.


...
Error opening C:\WINDOWS\system32\CatRoot2\edb.log:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\CatRoot2\tmp.edb:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\default:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\default.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\SAM:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\SAM.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\SECURITY:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\SECURITY.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\software:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\software.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\system:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\system.LOG:
The process cannot access the file because it is being used by another process.




...

.

-------------Encrypting File System dumping-------------

-------------Hidden Files -------------

Scannig hidden processes ...

Scannig hidden services ...

Scannig hidden autostart entries ...

Scannig hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

-------------Checking Rustock rootkit-------------

-------------Checking Suspicious files -------------
(Unusually Runtime packers compressed exe and dll files in C:\, C:\WINDOWS\, C:\WINDOWS\system32\)
Note:Not all files found by this scanner are bad
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SRCHSTS.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWREG.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWSC.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\IFMON.DLL
-This file is compressed with Nspack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\DIVX.DLL

--------------------------
Scan completed in 29,1 minutes
End of report

 

Ei suostuneet fixlinkoptimizer ja prevx enään käynistymään. Mutta kokeilin systemscan softaa, koka skannasi koneeni. Poisto työkaluna tuo tarjoaa AVRunner. Tässä logi systemscanilla. Myös alinmaisena HT:n startup logi safemodessa.

Olisiko noista logeista apua?

systemscan - www.suspectfile.com - ver. 2.0.23

Date: pe 05.01.2007
Time: 8:53:26,99

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files

-------------Users folders -------------
Volume in drive C has no label.
Volume Serial Number is F8CC-368F

Directory of C:\documents and settings

03.01.2007 08:40 <DIR> Administrator
27.12.2005 20:13 <DIR> All Users
27.12.2005 18:23 <DIR> Default User
27.12.2005 19:06 <DIR> LocalService
27.12.2005 18:29 <DIR> NetworkService
29.11.2006 10:40 <DIR> Tapio Uotila
04.01.2007 15:41 <DIR> testi

-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Program Files\Common Files, C:\WINDOWS\temp

Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\


04.01.2007 15:44 <DIR> Config.Msi
05.01.2007 08:53 <DIR> suspectfile
04.01.2007 13:05 <DIR> Documents and Settings
04.01.2007 15:44 <DIR> WINDOWS
04.01.2007 15:44 <DIR> Program Files
04.01.2007 12:02 0 gromozon_removal.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\WINDOWS


04.01.2007 15:44 <DIR> WBEM
05.01.2007 08:50 <DIR> temp
04.01.2007 15:44 <DIR> system32
05.01.2007 08:52 <DIR> Prefetch
03.01.2007 13:29 <DIR> Help
04.01.2007 15:41 <DIR> network diagnostic
21.11.2006 15:09 <DIR> msagent
03.01.2007 13:27 <DIR> Media
03.01.2007 13:23 11ÿ859 KB904942.log
03.01.2007 13:23 5ÿ640 KB914440.log
03.01.2007 13:24 6ÿ980 KB915865.log
20.11.2006 23:03 17ÿ414 KB920213.log
03.01.2007 13:27 1ÿ355 imsins.log
20.11.2006 23:03 31ÿ584 KB922760.log
03.01.2007 07:43 10ÿ795 KB923689.log
03.01.2007 07:43 11ÿ923 KB923694.log
20.11.2006 23:04 16ÿ159 KB923980.log
20.11.2006 23:04 15ÿ802 KB924270.log
03.01.2007 07:46 9ÿ141 KB925398.log
03.01.2007 07:46 33ÿ589 KB925454.log
03.01.2007 07:43 12ÿ115 KB926255.log
03.01.2007 13:27 44ÿ769 medctroc.Log
03.01.2007 13:25 1ÿ355 imsins.BAK
03.01.2007 13:27 774ÿ021 iis6.log
03.01.2007 13:28 25ÿ367 ie7_main.log
03.01.2007 13:27 47ÿ757 ie7.log
03.01.2007 13:27 32ÿ722 msgsocm.log
03.01.2007 13:27 214ÿ744 msmqinst.log
03.01.2007 13:25 7ÿ768 IDNMitigationAPIs.log
03.01.2007 13:27 110ÿ476 netfxocm.log
03.01.2007 13:24 7ÿ426 NLSDownlevelMapping.log
04.01.2007 15:51 1ÿ411ÿ686 ntbtlog.txt
03.01.2007 13:27 135ÿ039 ntdtcsetup.log
03.01.2007 13:27 324ÿ287 ocgen.log
03.01.2007 13:27 35ÿ869 ocmsn.log
04.01.2007 13:05 1ÿ859 OEWABLog.txt
03.01.2007 13:27 637ÿ985 FaxSetup.log
13.12.2006 18:02 1ÿ409 QTFont.for
04.01.2007 15:49 32ÿ634 SchedLgU.Txt
03.01.2007 13:27 222ÿ598 comsetup.log
03.01.2007 14:21 166ÿ052 setupact.log
03.01.2007 13:25 576ÿ401 setupapi.log
03.01.2007 07:53 741ÿ625 setuplog.txt
03.01.2007 13:30 38ÿ264 spupdsvc.log
08.11.2006 20:15 115 cdplayer.ini
03.01.2007 13:27 31ÿ539 tabletoc.log
03.01.2007 13:27 301ÿ558 tsoc.log
03.01.2007 13:27 55ÿ141 updspapi.log
05.01.2007 08:27 0 0.log
05.01.2007 08:27 159 wiadebug.log
05.01.2007 08:27 48 wiaservc.log
05.01.2007 08:48 1ÿ283ÿ208 WindowsUpdate.log
04.01.2007 13:05 72ÿ954 wmsetup.log
Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\WINDOWS\system32


04.01.2007 15:40 <DIR> Restore
03.01.2007 13:27 <DIR> en-US
04.01.2007 15:41 <DIR> drivers
03.01.2007 13:27 <DIR> config
05.01.2007 08:30 <DIR> CatRoot2
03.01.2007 08:24 <DIR> appmgmt
07.11.2006 03:25 10ÿ240 advpack.dll.mui
07.11.2006 03:26 123ÿ904 advpack.dll
07.11.2006 21:03 131ÿ584 extmgr.dll
07.11.2006 03:26 54ÿ784 ie4uinit.exe
07.11.2006 03:26 152ÿ064 ieakeng.dll
07.11.2006 03:27 229ÿ376 ieaksie.dll
07.11.2006 03:25 161ÿ792 ieakui.dll
07.11.2006 03:27 382ÿ976 iedkcs32.dll
07.11.2006 21:03 6ÿ049ÿ280 ieframe.dll
07.11.2006 21:03 191ÿ488 iepeers.dll
07.11.2006 03:26 43ÿ008 iernonce.dll
07.11.2006 03:26 55ÿ296 iesetup.dll
07.11.2006 03:26 13ÿ312 ieudinit.exe
07.11.2006 21:03 180ÿ736 ieui.dll
07.11.2006 03:24 56ÿ483 ieuinit.inf
08.11.2006 07:06 679ÿ424 inetcomm.dll
07.11.2006 03:26 92ÿ672 inseng.dll
07.11.2006 21:03 27ÿ136 jsproxy.dll
12.12.2006 10:45 1ÿ474ÿ864 LegitCheckControl.DLL
08.12.2006 01:13 10ÿ716ÿ584 MRT.exe
07.11.2006 21:03 458ÿ752 msfeeds.dll
07.11.2006 21:03 50ÿ688 msfeedsbs.dll
07.11.2006 03:26 71ÿ680 admparse.dll
07.11.2006 21:03 3ÿ577ÿ856 mshtml.dll
07.11.2006 21:03 475ÿ648 mshtmled.dll
07.11.2006 21:03 156ÿ160 msls31.dll
07.11.2006 21:03 670ÿ720 mstime.dll
12.11.2006 19:16 1ÿ688 TRJ_NTAUTO.TMP
07.11.2006 21:03 1ÿ162ÿ240 urlmon.dll
07.11.2006 21:03 413ÿ696 vbscript.dll
07.11.2006 21:03 231ÿ424 webcheck.dll
07.11.2006 21:03 818ÿ688 wininet.dll
07.12.2006 07:29 2ÿ374ÿ472 wmvcore.dll
03.01.2007 13:25 2ÿ206 wpa.dbl
03.01.2007 08:32 0 ypsg.dll
Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\Program Files\Common Files


03.01.2007 07:42 <DIR> System
Volume in drive C has no label.
Volume Serial Number is F8CC-368F


Directory of C:\WINDOWS\temp


05.01.2007 08:48 4ÿ790 MpSigStub.log
05.01.2007 08:48 3ÿ694 MpCmdRun.log



-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[Run]

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"="\\?\C:\WINDOWS\system32\lpt6.waq"

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\NavLogon]
"DllName"="C:\WINDOWS\system32\NavLogon.dll"
"Logoff"="NavLogoffEvent"
"StartShell"="NavStartShellEvent"

[Winlogon\Notify\QConGina]
@Class="HKEY_LOCAL_MACHINE"
"DllName"="QConGina.dll"
"Logoff"="QConGinaWLEventLogoff"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\tphotkey]
@=""
"DllName"="tphklock.dll"
"Startup"="WLEventStartup"
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp"
"BuildNumber"=dword:00000a28

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"TrackPointSrv"="tp4serv.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
"LTWinModem1"="ltmsg.exe 9"
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
"BLOG"="rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog"
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper"
"QCTRAY"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"
"QCWLICON"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"
"BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor"
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\""
"TkBellExe"="\"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe\" /startup"
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"vptray"="C:\Program Files\NavNT\vptray.exe"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

[RunServices]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:000002ec
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="239650f4"
"Pattern"=hex:6c,b4,d2,8e,b9,10,7c,6f,92,40,70,a0,ee,d5,cd,50,32,33,39,36,35,\
30,66,34,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,18,e2,86,74

[Lsa\GBG]
@Class="18fb6b05"
"GrafBlumGroup"=hex:e2,cc,ea,56,3e,12,2a,07,57

[Lsa\JD]
@Class="0e4774b9"
"Lookup"=hex:c6,4f,67,d3,57,37

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="86e2d8c2"
"SkewMatrix"=hex:50,7f,78,97,13,a2,e3,3b,83,6a,7d,dc,8c,64,7b,f6

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:70,49,00,66,0c,0b,c6,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."

[SharedAccess\Epoch]
"Epoch"=dword:000023dd

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe"="C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DC++\DCPlusPlus.exe:*isabledC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Connect"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Connect"

[SharedAccess\Security]
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{08B34ED9-341C-48EE-BD9C-488F5DBB2EFA}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
@="Selaimen mukautukset"
"ComponentID"="BRANDING.CAB"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@="Windows Media Player"
"ComponentID"="WMPACCESS"
"StubPath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-21"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@C:\WINDOWS\system32\iedkcs32.dll,-3052"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\Microsoft Base Smart Card Crypto Provider Package]

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.5.0_06\bin\regutils.dll"

[Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
"ComponentID"="KB922770"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
@="Internet Explorerin Lueminut-tiedosto"
"ComponentID"="IEREADME"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
@="IEEX"
"ComponentID"="IEEX"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"

[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4CDAF616-D274-41F9-9478-64D5CCFADE80}]
@="Macromedia Shockwave Player"
"ComponentID"="CUSTOM1"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-20"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[Installed Components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
"ComponentID"="M886903"
@="Microsoft .NET Framework 1.1 Hotfix (KB886903)"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"ComponentID"="KB917283"

[Installed Components\{C47D9DDA-83FF-4907-9056-DC7827271070}]
@="Macromedia FlashPlayer"
"ComponentID"="CUSTOM0"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
#### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx"
@="Macromedia Flash Player 8"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"

-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000FC0000000000000000000000000000004DF09D45010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {693A739E-EB16-475E-94BC-D41AEEDDF95E} REG_BINARY 060000000000000008000000000000004B419F45C1E50028C1E5002A030000000000000004000000000000004B419F45C1B801E1010000000000000004000000000000004B419F45FFFFFFE03B0000000000000004000000000000004B419F45000127503A0000000000000004000000000000004B419F450000A8C0330000000000000004000000000000004B419F4500015180360000000000000004000000000000004B419F45C1B801E1350000000000000001000000000000004B419F4505000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 9181 (0x23DD)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 9178 (0x23DA)

Result compared: Different


-------------List of running services -------------



000) "ALG" - Application Layer Gateway Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe

001) "AudioSrv" - Windows Audio
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

002) "AVG Anti-Spyware Guard" - AVG Anti-Spyware Guard
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

003) "BITS" - Background Intelligent Transfer Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

004) "CryptSvc" - Cryptographic Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

005) "DcomLaunch" - DCOM Server Process Launcher
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

006) "DefWatch" - DefWatch
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\defwatch.exe"

007) "Dhcp" - DHCP Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

008) "Dnscache" - DNS Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k NetworkService

009) "ERSvc" - Error Reporting Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

010) "Eventlog" - Event Log
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

011) "EventSystem" - COM+ Event System
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

012) "FastUserSwitchingCompatibility" - Fast User Switching Compatibility
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

013) "helpsvc" - Help and Support
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

014) "IBMPMSVC" - ThinkPad PM Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\ibmpmsvc.exe

015) "Irmon" - Infrared Monitor
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

016) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

017) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

018) "LmHosts" - TCP/IP NetBIOS Helper
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

019) "Netman" - Network Connections
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

020) "Nla" - Network Location Awareness (NLA)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

021) "Norton AntiVirus Server" - Norton AntiVirus Client
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\NavNT\rtvscan.exe"

022) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

023) "PolicyAgent" - IPSEC Services
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\lsass.exe

024) "ProtectedStorage" - Protected Storage
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

025) "QCONSVC" - QCONSVC
---> STAT = (RUNNING) Started automatically
---> FILE = System32\QCONSVC.EXE

026) "RasMan" - Remote Access Connection Manager
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

027) "RemoteRegistry" - Remote Registry
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

028) "RpcSs" - Remote Procedure Call (RPC)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss

029) "SamSs" - Security Accounts Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

030) "Schedule" - Task Scheduler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

031) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

032) "SENS" - System Event Notification
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

033) "SharedAccess" - Windows Firewall/Internet Connection Sharing (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

034) "ShellHWDetection" - Shell Hardware Detection
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

035) "Spooler" - Print Spooler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe

036) "srservice" - System Restore Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

037) "SSDPSRV" - SSDP Discovery Service
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

038) "stisvc" - Windows Image Acquisition (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k imgsvc

039) "TapiSrv" - Telephony
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

040) "TermService" - Terminal Services
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

041) "Themes" - Themes
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

042) "TpKmpSVC" - IBM KCU Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\TpKmpSVC.exe

043) "TrkWks" - Distributed Link Tracking Client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

044) "UMWdf" - Windows User Mode Driver Framework
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\wdfmgr.exe

045) "W32Time" - Windows Time
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

046) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

047) "WinDefend" - Windows Defender
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Program Files\Windows Defender\MsMpEng.exe"

048) "winmgmt" - Windows Management Instrumentation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

049) "wscsvc" - Security Center
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

050) "wuauserv" - Automatic Updates
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

051) "WZCSVC" - Wireless Zero Configuration
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



..:: BOOT REGISTRY ::..

0) "TrackPointSrv"
---> CMD = tp4serv.exe
---> FILE = C:\WINDOWS\System32\tp4serv.exe

1) "SunJavaUpdateSched"
---> CMD = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

2) "LTWinModem1"
---> CMD = ltmsg.exe 9
---> FILE = C:\Program Files\Java\jre1.5.0_06\bin\ltmsg.exe 9

3) "PRONoMgr.exe"
---> CMD = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
---> FILE = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

4) "TPHOTKEY"
---> CMD = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

5) "TP4EX"
---> CMD = tp4ex.exe
---> FILE = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\tp4ex.exe

6) "EZEJMNAP"
---> CMD = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
---> FILE = C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

7) "BLOG"
---> CMD = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
---> FILE = (NOT EXISTS)

8) "TPKMAPHELPER"
---> CMD = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
---> FILE = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe

9) "QCTRAY"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE

10) "QCWLICON"
---> CMD = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
---> FILE = C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE

11) "BMMGAG"
---> CMD = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
---> FILE = (NOT EXISTS)

12) "BMMLREF"
---> CMD = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
---> FILE = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

13) "NeroFilterCheck"
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe

14) "RemoteControl"
---> CMD = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
---> FILE = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

15) "TkBellExe"
---> CMD = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
---> FILE = (NOT EXISTS)

16) "QuickTime Task"
---> CMD = "C:\Program Files\QuickTime\qttask.exe" -atboottime
---> FILE = (NOT EXISTS)

17) "Google Desktop Search"
---> CMD = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
---> FILE = (NOT EXISTS)

18) "Windows Defender"
---> CMD = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
---> FILE = (NOT EXISTS)

19) "vptray"
---> CMD = C:\Program Files\NavNT\vptray.exe
---> FILE = C:\Program Files\NavNT\vptray.exe



-------------List of NOT running services -------------



000) "Alerter" - Alerter
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

001) "AppMgmt" - Application Management
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

002) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

003) "Browser" - Computer Browser
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

004) "cisvc" - Indexing Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\cisvc.exe

005) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe

006) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

007) "COMSysApp" - COM+ System Application
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

008) "dmadmin" - Logical Disk Manager Administrative Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

009) "dmserver" - Logical Disk Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

010) "HidServ" - Human Interface Device Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

011) "HTTPFilter" - HTTP SSL
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

012) "IDriverT" - InstallDriver Table Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

013) "ImapiService" - IMAPI CD-Burning COM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\imapi.exe

014) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

015) "mnmsrvc" - NetMeeting Remote Desktop Sharing
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\mnmsrvc.exe

016) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msdtc.exe

017) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V

018) "NetDDE" - Network DDE
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

019) "NetDDEdsdm" - Network DDE DSDM
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

020) "Netlogon" - Net Logon
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe

021) "NetSvc" - Intel NCS NetService
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Intel\NCS\Sync\NetSvc.exe

022) "NtLmSsp" - NT LM Security Support Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe

023) "NtmsSvc" - Removable Storage
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

024) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

025) "RasAuto" - Remote Access Auto Connection Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

026) "RDSessMgr" - Remote Desktop Help Session Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe

027) "RemoteAccess" - Routing and Remote Access
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

028) "RpcLocator" - Remote Procedure Call (RPC) Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\locator.exe

029) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\rsvp.exe

030) "SCardSvr" - Smart Card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe

031) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{4C4C996A-2463-4EFC-88BF-B7FDD76AE754}

032) "SysmonLog" - Performance Logs and Alerts
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe

033) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\tlntsvr.exe

034) "upnphost" - Universal Plug and Play Device Host
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

035) "UPS" - Uninterruptible Power Supply
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe

036) "VSS" - Volume Shadow Copy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe

037) "WMConnectCDS" - Windows Media Connect Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Program Files\Windows Media Connect 2\wmccds.exe

038) "WmdmPmSN" - Portable Media Serial Number Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

039) "Wmi" - Windows Management Instrumentation Driver Extensions
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

040) "WmiApSrv" - WMI Performance Adapter
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\wbem\wmiapsrv.exe

041) "xmlprov" - Network Provisioning Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



-------------List of running device driver services -------------



000) "ACPI" - Microsoft ACPI Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPI.sys

001) "ACPIEC" - Microsoft Embedded Controller Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPIEC.sys

002) "AFD" - AFD Networking Support Environment
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys

003) "agp440" - Intel AGP Bus Filter
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\agp440.sys

004) "ANC" - ANC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\ANC.SYS

005) "atapi" - Standard IDE/ESDI Hard Disk Controller
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\atapi.sys

006) "audstub" - Audio Stub Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys

007) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

008) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys

009) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function

010) "BUFADPT" - BUFADPT
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\WINDOWS\system32\BUFADPT.SYS

011) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled

012) "Cdrom" - CD-ROM Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys

013) "CmBatt" - Microsoft AC Adapter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\CmBatt.sys

014) "Compbatt" - Microsoft Composite Battery Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\compbatt.sys

015) "cs429x" - Crystal WDM Audio Codec Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\cwawdm.sys

016) "Disk" - Disk Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\disk.sys

017) "E100B" - Intel(R) PRO Network Connection Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\e100b325.sys

018) "Fastfat" - Fastfat
---> STAT = (RUNNING) Disabled

019) "Fdc" - Floppy Disk Controller Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys

020) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function

021) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\drivers\fltmgr.sys

022) "Ftdisk" - Volume Manager Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ftdisk.sys

023) "Gpc" - Generic Packet Classifier
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys

024) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys

025) "i8042prt" - i8042 Keyboard and PS/2 Mouse Port Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\i8042prt.sys

026) "IBMPMDRV" - IBMPMDRV
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ibmpmdrv.sys

027) "IBMTPCHK" - IBMTPCHK
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\IBMBLDID.SYS

028) "Imapi" - CD-Burning Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys

029) "IntelIde" - IntelIde
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\intelide.sys

030) "IpNat" - IP Network Address Translator
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys

031) "IPSec" - IPSEC driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys

032) "irda" - IrDA Protocol
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys

033) "IRENUM" - IR Enumerator Service
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys

034) "isapnp" - PnP ISA/EISA Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\isapnp.sys

035) "Kbdclass" - Keyboard Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys

036) "kmixer" - Microsoft Kernel Wave Audio Mixer
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys

037) "KSecDD" - KSecDD
---> STAT = (RUNNING) Started by operating system loader

038) "ltmodem5" - Lucent Modem Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ltmdmxp.sys

039) "mnmdd" - mnmdd
---> STAT = (RUNNING) Started by "IoInitSystem" function

040) "Modem" - Modem
---> STAT = (RUNNING) Started manually

041) "Mouclass" - Mouse Class Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys

042) "MountMgr" - Mount Point Manager
---> STAT = (RUNNING) Started by operating system loader

043) "MRxDAV" - WebDav Client Redirector
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys

044) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys

045) "Msfs" - Msfs
---> STAT = (RUNNING) Started by "IoInitSystem" function

046) "mssmbios" - Microsoft System Management BIOS Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys

047) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader

048) "NAVAP" - NAVAP
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\NavNT\NAVAP.sys

049) "NAVAPEL" - NAVAPEL
---> STAT = (RUNNING) Started automatically
---> FILE = \??\C:\Program Files\NavNT\NAVAPEL.SYS

050) "NAVENG" - NAVENG
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.sys

051) "NAVEX15" - NAVEX15
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.sys

052) "NDIS" - NDIS System Driver
---> STAT = (RUNNING) Started by operating system loader

053) "NdisTapi" - Remote Access NDIS TAPI Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys

054) "Ndisuio" - NDIS Usermode I/O Protocol
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys

055) "NdisWan" - Remote Access NDIS WAN Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys

056) "NDProxy" - NDIS Proxy
---> STAT = (RUNNING) Started manually

057) "NetBIOS" - NetBIOS Interface
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys

058) "NetBT" - NetBios over Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys

059) "Npfs" - Npfs
---> STAT = (RUNNING) Started by "IoInitSystem" function

060) "NSCIRDA" - NSC Infrared Device Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nscirda.sys

061) "Ntfs" - Ntfs
---> STAT = (RUNNING) Disabled

062) "Null" - Null
---> STAT = (RUNNING) Started by "IoInitSystem" function

063) "P3" - Intel PentiumIII Processor Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\p3.sys

064) "Parport" - Parallel port driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys

065) "PartMgr" - Partition Manager
---> STAT = (RUNNING) Started by operating system loader

066) "ParVdm" - ParVdm
---> STAT = (RUNNING) Started automatically

067) "PCI" - PCI Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pci.sys

068) "Pcmcia" - Pcmcia
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pcmcia.sys

069) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspptp.sys

070) "PSched" - QoS Packet Scheduler
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\psched.sys

071) "Ptilink" - Direct Parallel Link Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ptilink.sys

072) "PxHelp20" - PxHelp20
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\Drivers\PxHelp20.sys

073) "RasAcd" - Remote Access Auto Connection Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rasacd.sys

074) "Rasirda" - WAN Miniport (IrDA)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasirda.sys

075) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasl2tp.sys

076) "RasPppoe" - Remote Access PPPOE Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspppoe.sys

077) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspti.sys

078) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rdbss.sys

079) "RDPCDD" - RDPCDD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys

080) "rdpdr" - Terminal Server Device Redirector Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rdpdr.sys

081) "redbook" - Digital CD Audio Playback Filter Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\redbook.sys

082) "S3SSavage" - S3SSavage
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\s3ssavm.sys

083) "serenum" - Serenum Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\serenum.sys

084) "Serial" - Serial port driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\serial.sys

085) "Smapint" - Smapint
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Smapint.sys

086) "sr" - System Restore Filter Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\sr.sys

087) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv.sys

088) "swenum" - Software Bus Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\swenum.sys

089) "SymEvent" - SymEvent
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Program Files\Symantec\SYMEVENT.SYS

090) "sysaudio" - Microsoft Kernel System Audio Device
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys

091) "Tcpip" - TCP/IP Protocol Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\tcpip.sys

092) "TDSMAPI" - TDSMAPI
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TDSMAPI.SYS

093) "TermDD" - Terminal Device Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\termdd.sys

094) "Tp4Track" - PS/2 TrackPoint Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\tp4track.sys

095) "TPHKDRV" - TPHKDRV
---> STAT = (RUNNING) Started by "IoInitSystem" function

096) "TPPWR" - TPPWR
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\Tppwr.sys

097) "TSMAPIP" - TSMAPIP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\TSMAPIP.SYS

098) "Update" - Microcode Update Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\update.sys

099) "usbhub" - USB2 Enabled Hub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbhub.sys

100) "USBSTOR" - USB Mass Storage Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS

101) "usbuhci" - Microsoft USB Universal Host Controller Miniport Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbuhci.sys

102) "VgaSave" - VGA Display Controller.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys

103) "VolSnap" - VolSnap
---> STAT = (RUNNING) Started by operating system loader

104) "Wanarp" - Remote Access IP ARP Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\wanarp.sys

105) "wdmaud" - Microsoft WINMM WDM Audio Compatibility Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys



-------------List of NOT running device driver services -------------



000) "abp480n5" - abp480n5
---> STAT = (NOT RUNNING) Disabled

001) "ac97intc" - Intel(r) 82801 Audio Driver Install Service (WDM)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ac97intc.sys

002) "adpu160m" - adpu160m
---> STAT = (NOT RUNNING) Disabled

003) "aec" - Microsoft Kernel Acoustic Echo Canceller
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys

004) "Aha154x" - Aha154x
---> STAT = (NOT RUNNING) Disabled

005) "aic78u2" - aic78u2
---> STAT = (NOT RUNNING) Disabled

006) "aic78xx" - aic78xx
---> STAT = (NOT RUNNING) Disabled

007) "AliIde" - AliIde
---> STAT = (NOT RUNNING) Disabled

008) "amsint" - amsint
---> STAT = (NOT RUNNING) Disabled

009) "asc" - asc
---> STAT = (NOT RUNNING) Disabled

010) "asc3350p" - asc3350p
---> STAT = (NOT RUNNING) Disabled

011) "asc3550" - asc3550
---> STAT = (NOT RUNNING) Disabled

012) "AsyncMac" - RAS Asynchronous Media Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys

013) "Atdisk" - Atdisk
---> STAT = (NOT RUNNING) Disabled

014) "Atmarpc" - ATM ARP Client Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys

015) "BFAIFILT" - BFAIFILT
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\bfaifilt.sys

016) "cbidf2k" - cbidf2k
---> STAT = (NOT RUNNING) Disabled

017) "cd20xrnt" - cd20xrnt
---> STAT = (NOT RUNNING) Disabled

018) "Cdaudio" - Cdaudio
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

019) "Changer" - Changer
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

020) "CmdIde" - CmdIde
---> STAT = (NOT RUNNING) Disabled

021) "Cpqarray" - Cpqarray
---> STAT = (NOT RUNNING) Disabled

022) "dac960nt" - dac960nt
---> STAT = (NOT RUNNING) Disabled

023) "dmboot" - dmboot
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys

024) "dmio" - dmio
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmio.sys

025) "dmload" - dmload
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmload.sys

026) "DMusic" - Microsoft Kernel DLS Syntheiszer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys

027) "dpti2o" - dpti2o
---> STAT = (NOT RUNNING) Disabled

028) "drmkaud" - Microsoft Kernel DRM Audio Descrambler
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys

029) "Flpydisk" - Floppy Disk Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys

030) "HidUsb" - Microsoft HID Class Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys

031) "hpn" - hpn
---> STAT = (NOT RUNNING) Disabled

032) "hpt3xx" - hpt3xx
---> STAT = (NOT RUNNING) Disabled

033) "i2omgmt" - i2omgmt
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

034) "i2omp" - i2omp
---> STAT = (NOT RUNNING) Disabled

035) "ini910u" - ini910u
---> STAT = (NOT RUNNING) Disabled

036) "ip6fw" - IPv6 Windows Firewall Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys

037) "IpFilterDriver" - IP Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys

038) "IpInIp" - IP in IP Tunnel Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys

039) "kbdhid" - Keyboard HID Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdhid.sys

040) "lbrtfdc" - lbrtfdc
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

041) "mouhid" - Mouse HID Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys

042) "mraid35x" - mraid35x
---> STAT = (NOT RUNNING) Disabled

043) "MSKSSRV" - Microsoft Streaming Service Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys

044) "MSPCLOCK" - Microsoft Streaming Clock Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys

045) "MSPQM" - Microsoft Streaming Quality Manager Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys

046) "NAL" - Nal Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \??\C:\WINDOWS\system32\Drivers\iqvw32.sys

047) "NwlnkFlt" - IPX Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys

048) "NwlnkFwd" - IPX Traffic Forwarder Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys

049) "PCIDump" - PCIDump
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

050) "PCIIde" - PCIIde
---> STAT = (NOT RUNNING) Disabled

051) "PDCOMP" - PDCOMP
---> STAT = (NOT RUNNING) Started manually

052) "PDFRAME" - PDFRAME
---> STAT = (NOT RUNNING) Started manually

053) "PDRELI" - PDRELI
---> STAT = (NOT RUNNING) Started manually

054) "PDRFRAME" - PDRFRAME
---> STAT = (NOT RUNNING) Started manually

055) "perc2" - perc2
---> STAT = (NOT RUNNING) Disabled

056) "perc2hib" - perc2hib
---> STAT = (NOT RUNNING) Disabled

057) "Processor" - Processor Driver
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\processr.sys

058) "QCNDISIF" - QCNDISIF
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\drivers\qcndisif.SYS

059) "ql1080" - ql1080
---> STAT = (NOT RUNNING) Disabled

060) "Ql10wnt" - Ql10wnt
---> STAT = (NOT RUNNING) Disabled

061) "ql12160" - ql12160
---> STAT = (NOT RUNNING) Disabled

062) "ql1240" - ql1240
---> STAT = (NOT RUNNING) Disabled

063) "ql1280" - ql1280
---> STAT = (NOT RUNNING) Disabled

064) "RDPWD" - RDPWD
---> STAT = (NOT RUNNING) Started manually

065) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\secdrv.sys

066) "Sfloppy" - Sfloppy
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

067) "Simbad" - Simbad
---> STAT = (NOT RUNNING) Disabled

068) "Sparrow" - Sparrow
---> STAT = (NOT RUNNING) Disabled

069) "splitter" - Microsoft Kernel Audio Splitter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys

070) "swmidi" - Microsoft Kernel GS Wavetable Synthesizer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys

071) "symc810" - symc810
---> STAT = (NOT RUNNING) Disabled

072) "symc8xx" - symc8xx
---> STAT = (NOT RUNNING) Disabled

073) "sym_hi" - sym_hi
---> STAT = (NOT RUNNING) Disabled

074) "sym_u3" - sym_u3
---> STAT = (NOT RUNNING) Disabled

075) "TDPIPE" - TDPIPE
---> STAT = (NOT RUNNING) Started manually

076) "TDTCP" - TDTCP
---> STAT = (NOT RUNNING) Started manually

077) "TosIde" - TosIde
---> STAT = (NOT RUNNING) Disabled

078) "TwoTrack" - IBM PS/2 TrackPoint Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\TwoTrack.sys

079) "u2kg54" - BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\rt2500usb.sys

080) "Udfs" - Udfs
---> STAT = (NOT RUNNING) Disabled

081) "ultra" - ultra
---> STAT = (NOT RUNNING) Disabled

082) "usbscan" - USB Scanner Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys

083) "ViaIde" - ViaIde
---> STAT = (NOT RUNNING) Disabled

084) "WDICA" - WDICA
---> STAT = (NOT RUNNING) Started manually

085) "WS2IFSL" - Windows Socket 2.0 Non-IFS Service Provider Support Environment
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys



-------------Svchost Instances-------------
### LocalService:
Alerter
C:\WINDOWS\system32\alrsvc.dll

WebClient
C:\WINDOWS\System32\webclnt.dll

LmHosts
C:\WINDOWS\System32\lmhsvc.dll

RemoteRegistry
C:\WINDOWS\system32\regsvc.dll

upnphost
C:\WINDOWS\System32\upnphost.dll

SSDPSRV
C:\WINDOWS\System32\ssdpsrv.dll

### NetworkService:
DnsCache
C:\WINDOWS\System32\dnsrslvr.dll

### netsvcs:
6to4
No File Listed

AppMgmt
C:\WINDOWS\System32\appmgmts.dll

AudioSrv
C:\WINDOWS\System32\audiosrv.dll

Browser
C:\WINDOWS\System32\browser.dll

CryptSvc
C:\WINDOWS\System32\cryptsvc.dll

DMServer
C:\WINDOWS\System32\dmserver.dll

DHCP
C:\WINDOWS\System32\dhcpcsvc.dll

ERSvc
C:\WINDOWS\System32\ersvc.dll

EventSystem
C:\WINDOWS\System32\es.dll

FastUserSwitchingCompatibility

HidServ
C:\WINDOWS\System32\hidserv.dll

No File Listed

Iprip
No File Listed

Irmon
C:\WINDOWS\System32\irmon.dll

LanmanServer
C:\WINDOWS\System32\srvsvc.dll

LanmanWorkstation
C:\WINDOWS\System32\wkssvc.dll

Messenger
C:\WINDOWS\System32\msgsvc.dll

Netman
C:\WINDOWS\System32\netman.dll

C:\WINDOWS\System32\mswsock.dll

Ntmssvc
C:\WINDOWS\system32\ntmssvc.dll

NWCWorkstation
No File Listed

Nwsapagent
No File Listed

Rasauto
C:\WINDOWS\System32\rasauto.dll

Rasman
C:\WINDOWS\System32\rasmans.dll

Remoteaccess
C:\WINDOWS\System32\mprdim.dll

Schedule
C:\WINDOWS\system32\schedsvc.dll

Seclogon
C:\WINDOWS\System32\seclogon.dll

C:\WINDOWS\system32\sens.dll

Sharedaccess
C:\WINDOWS\System32\ipnathlp.dll

SRService
C:\WINDOWS\System32\srsvc.dll

Tapisrv
C:\WINDOWS\System32\tapisrv.dll

Themes

TrkWks
C:\WINDOWS\system32\trkwks.dll

W32Time
C:\WINDOWS\System32\w32time.dll

WZCSVC
C:\WINDOWS\System32\wzcsvc.dll


WmdmPmSp
No File Listed

winmgmt
C:\WINDOWS\system32\wbem\WMIsvc.dll

TermService
C:\WINDOWS\System32\termsrv.dll

wuauserv
C:\WINDOWS\system32\wuauserv.dll

BITS
C:\WINDOWS\System32\qmgr.dll

ShellHWDetection

helpsvc
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

xmlprov
C:\WINDOWS\System32\xmlprov.dll

wscsvc
C:\WINDOWS\system32\wscsvc.dll

WmdmPmSN
C:\WINDOWS\system32\MsPMSNSv.dll

### rpcss:
RpcSs
C:\WINDOWS\system32\rpcss.dll

### imgsvc:
StiSvc
C:\WINDOWS\system32\wiaservc.dll

### termsvcs:
TermService
C:\WINDOWS\System32\termsrv.dll

### HTTPFilter:
HTTPFilter
C:\WINDOWS\System32\w3ssl.dll

### DcomLaunch:
DcomLaunch
C:\WINDOWS\system32\rpcss.dll

TermService
C:\WINDOWS\System32\termsrv.dll


-------------loaded Dlls -------------
NOTE: already known legit dlls are not shown



------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>

------------------------------------------------------------------------------
smss.exe pid: 600
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe

------------------------------------------------------------------------------
csrss.exe pid: 664
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75b40000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75b50000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75b60000 0x4a000 5.01.2600.2751 C:\WINDOWS\system32\winsrv.dll

------------------------------------------------------------------------------
winlogon.exe pid: 688
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x6000 C:\WINDOWS\system32\tphklock.dll
0x00fa0000 0xc000 C:\WINDOWS\system32\NavLogon.dll

------------------------------------------------------------------------------
services.exe pid: 736
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x758e0000 0x50000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dba0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b70000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll

------------------------------------------------------------------------------
lsass.exe pid: 748
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x75730000 0xb4000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x74440000 0x6a000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x744b0000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x767c0000 0x2c000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x74380000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll
0x74410000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x743e0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x75d90000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x743a0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x743c0000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll

------------------------------------------------------------------------------
ibmpmsvc.exe pid: 912
Command line: C:\WINDOWS\system32\ibmpmsvc.exe

Base Size Version Path
0x00400000 0x13000 1.33.0000.0000 C:\WINDOWS\system32\ibmpmsvc.exe

------------------------------------------------------------------------------
svchost.exe pid: 936
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x760f0000 0x53000 5.01.2600.2180 c:\windows\system32\termsrv.dll
0x74f70000 0x6000 5.01.2600.2180 c:\windows\system32\ICAAPI.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x75110000 0x1f000 5.01.2600.2180 c:\windows\system32\mstlsapi.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL

------------------------------------------------------------------------------
svchost.exe pid: 1044
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a80000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll

------------------------------------------------------------------------------
MsMpEng.exe pid: 1144
Command line: "C:\Program Files\Windows Defender\MsMpEng.exe"

Base Size Version Path
0x01000000 0x4000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpEng.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x5c800000 0x44000 1.01.1593.0000 C:\Program Files\Windows Defender\MpSvc.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5e800000 0xf000 1.01.1593.0000 C:\Program Files\Windows Defender\mprtplug.dll
0x01820000 0x2b5000 1.01.1904.0000 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E7367181-3162-4AAE-B5CE-F24FF61F0F9A}\mpengine.dll

------------------------------------------------------------------------------
svchost.exe pid: 1188
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76d80000 0x1e000 5.01.2600.2912 c:\windows\system32\dhcpcsvc.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x77620000 0x6e000 5.01.2600.2180 c:\windows\system32\wzcsvc.dll
0x76d30000 0x4000 5.01.2600.2180 c:\windows\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 c:\windows\system32\ESENT.dll
0x76b20000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x65f40000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll
0x76b70000 0x1f000 5.01.2600.2180 C:\WINDOWS\System32\rastls.dll
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00fc0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\System32\TAPI32.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\System32\SCHANNEL.dll
0x58d30000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll
0x76bd0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\raschap.dll
0x77300000 0x32000 5.01.2600.2180 c:\windows\system32\schedsvc.dll
0x767a0000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x74f50000 0x5000 6.00.2900.2180 C:\WINDOWS\System32\MSIDLE.DLL
0x708b0000 0xd000 5.01.2600.2180 c:\windows\system32\audiosrv.dll
0x76e40000 0x23000 5.01.2600.2976 c:\windows\system32\wkssvc.dll
0x5b9f0000 0x64000 6.06.2600.2180 c:\windows\system32\qmgr.dll
0x76780000 0x9000 6.00.2900.2180 c:\windows\system32\SHFOLDER.dll
0x4d4f0000 0x58000 5.01.2600.2180 c:\windows\system32\WINHTTP.dll
0x76ce0000 0x12000 5.01.2600.2180 c:\windows\system32\cryptsvc.dll
0x77b90000 0x32000 5.01.2600.2180 c:\windows\system32\certcli.dll
0x74f80000 0x9000 5.01.2600.2180 c:\windows\system32\ersvc.dll
0x77710000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x74f40000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x75090000 0x1a000 5.01.2600.2577 c:\windows\system32\srvsvc.dll
0x77d00000 0x33000 5.01.2600.2743 c:\windows\system32\netman.dll
0x76400000 0x1a6000 5.01.2600.2180 c:\windows\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 c:\windows\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 c:\windows\system32\WZCSAPI.DLL
0x73d20000 0x8000 5.01.2600.2180 c:\windows\system32\seclogon.dll
0x722d0000 0xd000 5.01.2600.2180 c:\windows\system32\sens.dll
0x751a0000 0x2e000 5.01.2600.2180 c:\windows\system32\srsvc.dll
0x74ad0000 0x8000 6.00.2900.2180 c:\windows\system32\POWRPROF.dll
0x75070000 0x19000 5.01.2600.2180 c:\windows\system32\trkwks.dll
0x767c0000 0x2c000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x76080000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x59490000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x753e0000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x65000000 0x2e000 7.00.5730.0011 C:\WINDOWS\System32\ADVPACK.dll
0x75150000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x600a0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x76da0000 0x15000 5.01.2600.2180 c:\windows\system32\browser.dll
0x66460000 0x55000 5.01.2600.2180 c:\windows\system32\ipnathlp.dll
0x776c0000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x4c0a0000 0x17000 5.01.2600.2180 c:\windows\system32\wscsvc.dll
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76620000 0x13c000 2001.12.4414.0308 C:\WINDOWS\system32\comsvcs.dll
0x75130000 0x14000 2001.12.4414.0308 C:\WINDOWS\system32\colbact.DLL
0x750f0000 0x13000 2001.12.4414.0311 C:\WINDOWS\system32\MTXCLU.DLL
0x76d10000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\CLUSAPI.DLL
0x750b0000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\RESUTILS.DLL
0x762c0000 0x85000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\esscli.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\FastProx.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75200000 0x2e000 5.01.2600.2180 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x597f0000 0x6d000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x75390000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemess.dll
0x5f740000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\ncprov.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
0x755f0000 0x9a000 5.01.2600.2180 C:\WINDOWS\System32\netcfgx.dll
0x76de0000 0x23000 5.01.2600.2180 C:\WINDOWS\System32\upnp.dll
0x74f00000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\SSDPAPI.dll
0x7df30000 0x31000 5.01.2600.2936 C:\WINDOWS\System32\rasmans.dll
0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x733e0000 0x40000 5.01.2600.2716 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\rastapi.dll
0x57cc0000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x72000000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\uniplat.dll
0x5b070000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x57d40000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x57d20000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x57d50000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x57d70000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x57d60000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x688f0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\HID.DLL
0x72240000 0x35000 5.01.2600.2180 C:\WINDOWS\System32\rasppp.dll
0x724b0000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\ntlsapi.dll
0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\System32\RASDLG.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\System32\dssenh.dll
0x6fb10000 0x9e000 2001.12.4414.0308 C:\WINDOWS\System32\catsrvut.dll
0x6fbd0000 0x3d000 2001.12.4414.0308 C:\WINDOWS\System32\catsrv.dll
0x61990000 0x9000 2001.12.4414.0258 C:\WINDOWS\System32\MfcSubs.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\sensapi.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll

------------------------------------------------------------------------------
svchost.exe pid: 1284
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76770000 0xd000 5.01.2600.2180 c:\windows\system32\dnsrslvr.dll
0x76f20000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
svchost.exe pid: 1476
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74c40000 0x6000 5.01.2600.2180 c:\windows\system32\lmhsvc.dll
0x5a6e0000 0x15000 5.01.2600.2821 c:\windows\system32\webclnt.dll
0x00750000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x76af0000 0x12000 5.01.2600.2180 c:\windows\system32\regsvc.dll
0x765e0000 0x14000 5.01.2600.2180 c:\windows\system32\ssdpsrv.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\System32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll

------------------------------------------------------------------------------
spoolsv.exe pid: 1664
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x75bb0000 0x56000 5.01.2600.2180 C:\WINDOWS\system32\localspl.dll
0x742a0000 0xe000 0.03.0000.0000 C:\WINDOWS\system32\cnbjmon.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x009e0000 0x8000 0.03.1897.0000 C:\WINDOWS\system32\mdimon.dll
0x00ec0000 0x8000 0.03.1897.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x75c10000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\win32spl.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\NETRAP.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x74300000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\inetpp.dll

------------------------------------------------------------------------------
guard.exe pid: 1944
Command line: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

Base Size Version Path
0x00400000 0x34000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
0x10000000 0xdd000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
0x76780000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
defwatch.exe pid: 1968
Command line: "C:\Program Files\NavNT\defwatch.exe"

Base Size Version Path
0x00400000 0x8000 7.60.0000.0926 C:\Program Files\NavNT\defwatch.exe

------------------------------------------------------------------------------
rtvscan.exe pid: 2024
Command line: "C:\Program Files\NavNT\rtvscan.exe"

Base Size Version Path
0x00400000 0x7a000 7.60.0000.0926 C:\Program Files\NavNT\rtvscan.exe
0x10000000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2.dll
0x00330000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ARJ.dll
0x00340000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2ID.dll
0x00350000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LHA.dll
0x00360000 0x10000 2.50.0031.0052 C:\Program Files\NavNT\SymLHA.dll
0x00370000 0x7000 2.50.0031.0052 C:\Program Files\NavNT\Dec2LZ.dll
0x00380000 0x11000 2.50.0031.0052 C:\Program Files\NavNT\Dec2MIME.dll
0x003a0000 0x29000 2.50.0031.0052 C:\Program Files\NavNT\Dec2Zip.dll
0x003d0000 0x8000 2.50.0031.0052 C:\Program Files\NavNT\Dec2AMG.dll
0x003e0000 0x1b000 2.50.0031.0052 C:\Program Files\NavNT\SYMAMG32.DLL
0x00480000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2UUE.dll
0x00490000 0x9000 2.50.0031.0052 C:\Program Files\NavNT\Dec2SS.dll
0x004a0000 0xd000 2.50.0031.0052 C:\Program Files\NavNT\Dec2RTF.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x004b0000 0x10000 7.60.0000.0926 C:\Program Files\NavNT\NAVLU.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x01570000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x019a0000 0x42000 7.60.0000.0926 C:\Program Files\NavNT\i2ldvp3.dll
0x01a00000 0x31000 4.01.0000.0015 C:\Program Files\NavNT\NAVAPI32.DLL
0x69100000 0xd6000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX32a.DLL
0x692c0000 0x1e000 20061.03.0000.0012 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG32.DLL
0x01a70000 0xe000 5.03.0001.0039 C:\Program Files\NavNT\NAVAP32.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x50070000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\amslib.dll
0x01ac0000 0x18000 3.00.0000.0002 C:\WINDOWS\system32\loc32vc0.dll
0x03770000 0x2c000 7.60.0000.0926 C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\scandlgs.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL

------------------------------------------------------------------------------
QCONSVC.EXE pid: 268
Command line: System32\QCONSVC.EXE

Base Size Version Path
0x00400000 0x15000 3.08.0001.0000 C:\WINDOWS\System32\QCONSVC.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
svchost.exe pid: 508
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75aa0000 0x55000 5.01.2600.2180 c:\windows\system32\wiaservc.dll
0x74ae0000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll
0x73b30000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll

------------------------------------------------------------------------------
TpKmpSvc.exe pid: 636
Command line: C:\WINDOWS\system32\TpKmpSVC.exe

Base Size Version Path
0x00400000 0xa000 C:\WINDOWS\system32\TpKmpSVC.exe

------------------------------------------------------------------------------
wdfmgr.exe pid: 1136
Command line: C:\WINDOWS\system32\wdfmgr.exe

Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe

------------------------------------------------------------------------------
explorer.exe pid: 1784
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ba60000 0x71000 6.00.2900.2180 C:\WINDOWS\System32\themeui.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\MSIMG32.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\System32\msutb.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\System32\MSCTF.dll
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x74af0000 0xa000 6.00.2900.2180 C:\WINDOWS\System32\BatMeter.dll
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\System32\POWRPROF.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\NETSHELL.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x021c0000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x10000000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x021f0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x5af60000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\usbui.dll
0x01b10000 0x12000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x01af0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x6c1b0000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x00d00000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00d30000 0xa000 7.60.0000.0926 C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
0x00d90000 0x20000 7.05.0000.0049 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x73380000 0x57000 6.00.2900.2180 C:\WINDOWS\System32\zipfldr.dll

------------------------------------------------------------------------------
alg.exe pid: 2072
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
MSGSYS.EXE pid: 2148
Command line: MsgSys.EXE

Base Size Version Path
0x00400000 0x6000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.EXE
0x50250000 0x13000 6.00.0201.0940 C:\WINDOWS\system32\NTS.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\MSWSOCK.dll
0x501e0000 0x7000 6.00.0201.0940 C:\WINDOWS\system32\CBA.DLL
0x50240000 0x8000 6.00.0201.0940 C:\WINDOWS\system32\MsgSys.dll
0x50270000 0x17000 6.00.0201.0940 C:\WINDOWS\system32\PDS.DLL
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll

------------------------------------------------------------------------------
tp4serv.exe pid: 2520
Command line: "C:\WINDOWS\system32\tp4serv.exe"

Base Size Version Path
0x00400000 0x1b000 3.55.0000.0000 C:\WINDOWS\system32\tp4serv.exe
0x008b0000 0x1e000 C:\WINDOWS\system32\tp4uires.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
jusched.exe pid: 2532
Command line: "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

Base Size Version Path
0x00400000 0x9000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
ltmsg.exe pid: 2592
Command line: "C:\WINDOWS\system32\ltmsg.exe" 9

Base Size Version Path
0x00400000 0xf000 3.00.0000.0002 C:\WINDOWS\system32\ltmsg.exe
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
PRONoMgr.exe pid: 2652
Command line: "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"

Base Size Version Path
0x00400000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\ENUPGUIR.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00d50000 0x17000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\PNC802_3.dll
0x00d80000 0x56000 6.01.0042.0000 C:\Program Files\Intel\NCS\PROSet\8023\ENUPCMRs.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
TPHKMGR.exe pid: 2664
Command line: "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"

Base Size Version Path
0x00400000 0x19000 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0xd000 1.00.0000.0004 C:\WINDOWS\system32\Oemdspif.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
EZEJMNAP.EXE pid: 2784
Command line: "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"

Base Size Version Path
0x00400000 0x3e000 1.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x10000000 0xe000 C:\PROGRA~1\ThinkPad\UTILIT~1\US\EzMApRes.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
TPONSCR.exe pid: 2804
Command line: "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe"

Base Size Version Path
0x00400000 0x15000 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
QCTRAY.EXE pid: 2888
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE"

Base Size Version Path
0x00400000 0xcf000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00240000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00250000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x05050000 0x11000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\TrayRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x081a0000 0x18000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANCA.dll
0x081c0000 0xf000 8.03.0000.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\ANC.dll

------------------------------------------------------------------------------
QCWLICON.EXE pid: 2916
Command line: "C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE"

Base Size Version Path
0x00400000 0x17000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
0x20000000 0x11d000 3.08.0001.0000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCON.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x768d0000 0xa4000 5.01.2600.2180 C:\WINDOWS\system32\RASDLG.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x2b000 1.00.0000.0001 C:\Program Files\ThinkPad\Yhteysapuohjelmat\MerlinC201.dll
0x00340000 0x11000 7.00.2600.2180 C:\WINDOWS\system32\MSVCIRT.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ae0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CfgMgr32.dll
0x00a00000 0x7000 C:\Program Files\ThinkPad\Yhteysapuohjelmat\Res\US\IconRes.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
rundll32.exe pid: 2924
Command line: "C:\WINDOWS\system32\RunDll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

Base Size Version Path
0x01000000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\RunDll32.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x1c000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\powrprof.dll
0x00a00000 0x26000 4.00.0000.0000 C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
PDVDServ.exe pid: 2996
Command line: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

Base Size Version Path
0x00400000 0x8000 6.00.0000.1027 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0xa000 3.02.0000.2021 C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
qttask.exe pid: 3036
Command line: "C:\Program Files\QuickTime\qttask.exe" -atboottime

Base Size Version Path
0x00400000 0x47000 7.01.0000.0210 C:\Program Files\QuickTime\qttask.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
GoogleDesktop.exe pid: 3048
Command line: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

Base Size Version Path
0x00400000 0x33000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
MSASCui.exe pid: 3112
Command line: "C:\Program Files\Windows Defender\MSASCui.exe" -hide

Base Size Version Path
0x01000000 0xd7000 1.01.1593.0000 C:\Program Files\Windows Defender\MSASCui.exe
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Program Files\Windows Defender\MpClient.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x61800000 0x9a000 1.01.1593.0000 C:\Program Files\Windows Defender\MsMpRes.dll
0x5d800000 0xac000 1.01.1593.0000 C:\Program Files\Windows Defender\MpRtMon.DLL
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x4b400000 0x86000 5.41.0015.1509 C:\WINDOWS\system32\MSFTEDIT.DLL
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------
vptray.exe pid: 3140
Command line: "C:\Program Files\NavNT\vptray.exe"

Base Size Version Path
0x00400000 0x12000 7.60.0000.0926 C:\Program Files\NavNT\vptray.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x28000 7.60.0000.0926 C:\Program Files\NavNT\Cliproxy.dll
0x6db60000 0x11000 2.31.0000.0000 C:\WINDOWS\system32\CTL3D32.dll
0x00950000 0xd000 1.00.0000.0001 C:\Program Files\NavNT\NAVNTUTL.DLL
0x00ba0000 0x40000 7.60.0000.0926 C:\Program Files\NavNT\Cliscan.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x009c0000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x00a20000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------
ctfmon.exe pid: 3152
Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5fc10000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------
GoogleToolbarNotifier.exe pid: 3184
Command line: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"

Base Size Version Path
0x00400000 0x2b000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0xe000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00ef0000 0x41000 1.02.0908.5008 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76d80000 0x1e000 5.01.2600.2912 C:\WINDOWS\system32\DHCPCSVC.DLL
0x77d00000 0x33000 5.01.2600.2743 C:\WINDOWS\system32\netman.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x73030000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WZCSAPI.DLL
0x77620000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\WZCSvc.DLL
0x76d30000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\WMI.dll
0x606b0000 0x10d000 5.01.2600.2780 C:\WINDOWS\system32\ESENT.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
GoogleDesktopIndex.exe pid: 3228
Command line: "GoogleDesktopIndex.exe"

Base Size Version Path
0x00400000 0xc1000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
0x60000000 0x80000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x4d000000 0x34000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
0x62000000 0x88000 4.2006.1008.2039 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
iexplore.exe pid: 3540
Command line: "C:\Program Files\Internet Explorer\iexplore.exe"

Base Size Version Path
0x00400000 0x9a000 7.00.5730.0011 C:\Program Files\Internet Explorer\iexplore.exe
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\IEFRAME.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dff0000 0x2f000 7.00.5730.0011 C:\WINDOWS\system32\IEUI.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x47060000 0x21000 1.00.1018.0000 C:\WINDOWS\system32\xmllite.dll
0x746f0000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x61930000 0x4a000 7.00.5730.0011 C:\Program Files\Internet Explorer\ieproxy.dll
0x01270000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x10000000 0x337000 4.00.1020.2544 c:\program files\google\googletoolbar1.dll
0x74980000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x59a60000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x019a0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x7e830000 0x36f000 7.00.5730.0011 C:\WINDOWS\system32\mshtml.dll
0x746c0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x72ea0000 0x60000 7.00.5824.16386 C:\WINDOWS\system32\ieapfltr.dll
0x63380000 0x78000 5.07.0000.5730 C:\WINDOWS\system32\jscript.dll
0x1b000000 0xc000 7.00.5730.0011 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 7.00.5730.0011 C:\WINDOWS\system32\pngfilt.dll
0x30000000 0x222000 8.00.0022.0000 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
0x73300000 0x65000 5.07.0000.5730 C:\WINDOWS\system32\vbscript.dll
0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll
0x6d430000 0xa000 5.03.2600.2180 C:\WINDOWS\System32\ddrawex.dll
0x73760000 0x49000 5.03.2600.2180 C:\WINDOWS\System32\DDRAW.dll
0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll
0x63f00000 0xc000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x767f0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x76200000 0x77000 7.00.5730.0011 C:\WINDOWS\system32\mshtmled.dll
0x58760000 0x32000 7.00.5730.0011 C:\WINDOWS\system32\iepeers.dll
0x07330000 0x8000 7.00.5730.0011 C:\WINDOWS\system32\corpol.dll
0x75e60000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x5f800000 0x15000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpOAv.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x07ac0000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll

------------------------------------------------------------------------------
jucheck.exe pid: 1368
Command line: -auto

Base Size Version Path
0x00400000 0x3c000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
0x00320000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ddc0000 0x9000 6.06.2600.2180 C:\WINDOWS\System32\qmgrprxy.dll
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fc0000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
systemscan.exe pid: 1860
Command line: "C:\Documents and Settings\Administrator\Desktop\systemscan.exe"

Base Size Version Path
0x00400000 0x24000 C:\Documents and Settings\Administrator\Desktop\systemscan.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL
0x74e30000 0x6c000 5.30.0023.1221 C:\WINDOWS\system32\RICHED20.dll
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll

------------------------------------------------------------------------------
runme.exe pid: 3796
Command line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe"

Base Size Version Path
0x00400000 0x46000 2.00.0000.0023 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\runme.exe
0x73420000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x74720000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x6b800000 0x25000 5.06.0000.6626 C:\WINDOWS\system32\scrrun.dll

------------------------------------------------------------------------------
wmiprvse.exe pid: 2272
Command line: C:\WINDOWS\System32\wbem\wmiprvse.exe

Base Size Version Path
0x01000000 0x38000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiprvse.exe
0x75290000 0x37000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x75690000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\wbem\FastProx.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x5f770000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74ef0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemprox.dll
0x74ed0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wmiutils.dll
0x5bd90000 0x18000 5.01.2600.2180 C:\WINDOWS\System32\wbem\stdprov.dll
0x75310000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\wbem\esscli.dll

------------------------------------------------------------------------------
cmd.exe pid: 1568
Command line: cmd /c listdlls.exe >> %systemdrive%\suspectfile\report.row

Base Size Version Path
0x4ad00000 0x61000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
Command line: listdlls.exe

Base Size Version Path
0x00400000 0x11000 2.25.0000.0000 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\LISTDLLS.exe
0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

-------------NTFS ADS -------------



Error opening C:\pagefile.sys:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\Administrator\NTUSER.DAT:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\Administrator\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.



C:\Documents and Settings\Administrator\Desktop\FixLinkopt.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Administrator\Desktop\gmer.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Administrator\Desktop\PrevxFixGrom.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Administrator\Favorites\HJT logi, kone on _todella_ hidas.url:

Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{340A3AE8-04A8-4934-861A-56F5C49D99CB}:
The process cannot access the file because it is being used by another process.



C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3D55C4EL\aawsepersonal[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8S63CC65\avgas-setup-7.5.0.50[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\FixLinkopt[1].exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QU3EFPP6\PrevxFixGrom[1].exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\All Users\Application Data\TEMP:

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:
:encryptable:$DATA 0



Error opening C:\Documents and Settings\LocalService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\LocalService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\NetworkService\NTUSER.DAT:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\NetworkService\ntuser.dat.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:
The process cannot access the file because it is being used by another process.



Error opening C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:
The process cannot access the file because it is being used by another process.


..
C:\Documents and Settings\Tapio Uotila\Desktop\86743.asx:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\Desktop\sdsetup.exe:
:Zone.Identifier:$DATA 26
.

.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CA5YJZYT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021975241&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=47&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAE34TAZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022000438&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=50&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAEJWLUJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022019503&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAF7GQGK.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021958420&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=56&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CANBAK0R.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CARFYKFV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022031971&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=44&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WIHFVJO\CAUIC2ZB.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.


.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA2JGNP5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=46&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA6B4XM7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021886706&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA83TL1V.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022038314&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=52&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CA9KBTN4.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAC3UMJC.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021967592&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=57&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAIZU761.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022048136&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=53&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAOL2RA5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022024028&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=40&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAWG8C2H.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=64&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\G057IC5S\CAYRS92J.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=60&u_java=true:
The system cannot find the path specified.


.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA0YJ51Q.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022018172&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=38&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CA43GJWV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=43&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAKD0H2D.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021953954&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=55&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQNC9Q1.fcgi%3Fcategory%3D1500000000000005%26conference%3D4500000000000011%26subcat%3D485&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAQXCDSR.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021977928&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=48&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWRWPOL.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26posting%3D22000000021982266&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAWW16W5.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021979211&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=58&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\GQH2FUHD\CAZWH8TT.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022026604&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=41&u_java=true:
The system cannot find the path specified.





Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA16EGJS.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=39&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA6NOL2F.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022033338&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=59&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CA9IU61Y.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000021987684&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=49&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAABKTMV.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAGDC007.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=37&u_java=true:
The system cannot find the path specified.


.
Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAM2I2X4.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022029204&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=42&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAMR4TU7.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=51&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAW2BYS0.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26posting%3D22000000022037652&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=45&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYB81IJ.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=63&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYJGLMB.fcgi%3Fcategory%3D123%26conference%3D4500000000000240%26subcat%3D288&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=54&u_java=true:
The system cannot find the path specified.



Error opening C:\Documents and Settings\Tapio Uotila\Local Settings\Temp\Temporary Internet Files\Content.IE5\PHODHUPZ\CAYVWHEZ.fcgi%3Fcategory%3D123%26conference%3D4500000000000084%26subcat%3D293&cc=100&u_h=1050&u_w=1400&u_ah=1020&u_aw=1400&u_cd=32&u_tz=120&u_his=62&u_java=true:
The system cannot find the path specified.


..
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\51koodia - Nimetty\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Anna Eriksson - Sinusta sinuun 2005\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Kiila - 2005\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD1_192\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Apulanta - Syitä ja seurauksia CD2_192\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Christian_Forss_-_Christian_Forss-KMR\Thumbs.db:
:encryptable:$DATA 0



C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Greenday.-.American.Idiot.(2004).-.by.LoCkY\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\gunther - pleasureman [2004]\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\H.I.M_-_Wings_of_A_Butterfly-Promo-CDS-2005-OASiS\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Hanna Pakarinen - When I Become Me 2004\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Him - And Love Said No (2004)\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Irina - Vahva\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Kotiteollisuus - Helvetistä Itään\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Angels Fall First\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Century Child\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Oceanborn\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Nightwish - Once\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\Stratovarius - Infinite\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The best of hiphop_2005(Beyoncé, Snoop Dogg,alicia keys,,Destinys Child,missy elliot,Dodo Power,50 cent,kelis,eminem,black eyes peas,Xzibit...)\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Black Eyed Peas - (2005) Monkey Business .[WwW.LiMiTeDiVx.CoM].By KELOLO\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Music\The Rasmus - Dead Letters\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\20.8.2006 Vääräjoella\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ahvenanmaa 2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Elinan vanhojentanssit\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoon asuntomessut\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Espoosta\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Janin ja Heidin tuparit\2005_02_06\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jeren kanssa muumimaailmassa kesällä 2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Joukon kaverin ristiäiset\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\jämi\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Jämillä retkeilemässä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kesä 2005 kuvia\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\kesä 2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kulta zoomailee\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Kuninkaan lähteellä uimassa\Thumbs.db:
:encryptable:$DATA 0



C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lentokauden päättäjäiset 2005\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Lomailua Tevaniemessä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Laivalla\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja Elina Naantalin kylpylässä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Minä ja kultaseni\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muumi maailmassa\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Muuta sekalaista\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Heinijärvellä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Mökkiviikonloppu Vääksyssä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Naamiaiset 2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\O41 ja Opistonkuvia\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ollin kissa ja Janilta kuvia\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Pallas 2005\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\pirkan pyöräily 2006\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Ranska 2005\Thumbs.db:
:encryptable:$DATA 0
.


C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Savusukellusharj. paperitehtaalla\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Turvallisuus messut\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Vanajan linnassa\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Jämillä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitoa Sorvassa 11.2.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_19\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Varjoliitokurssi\2005_02_20\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Pictures\Yyterissä\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\My Received Files\testi.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\bsplayer137.826.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\DivXPlay.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\ffdshow-20041012.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\PDVD_6_trial.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\RealPlayer10-5GOLD.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\ohjelmat\wrar351.exe:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Ensihoito\Hengitysäänet\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Alkusammutus harjoitus 2.2.06\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Avajaiset\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Eläinten käsittely\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Ensihoito\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Harjoitusalue\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Kastajaiset\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Laskeutuminen\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Letkuhuoltoa\Thumbs.db:
:encryptable:$DATA 0



C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\liikenneonnettomuus\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Metsäpalokontti 21.3.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 1 7.2.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 2 8.2.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pelastuskalusto 3 9.2.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Pintapelastus\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Savusukellus\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Sekalaisia\Ensihoito\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Vaahtokalusto 28.3.2006\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Pulloventtiili.wmv:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\Pelastajakurssi 55\Valokuvat ja Videot\Videot\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\tvlista062006.doc:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\Tapio Uotila\My Documents\Vammala\Uotilanuusin.doc:
:Zone.Identifier:$DATA 26
...

...

...

...
C:\RECYCLER\S-1-5-21-1220945662-436374069-854245398-1003\Dc5.asx:
:Zone.Identifier:$DATA 26


.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP2\A0001103.exe:
:Zone.Identifier:$DATA 26
..

.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004507.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004512.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004528.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004538.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004556.exe:
:Zone.Identifier:$DATA 26

C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP44\A0004605.exe:
:Zone.Identifier:$DATA 26
.
C:\System Volume Information\_restore{26C4B9B1-1025-4603-9452-1B5E58BD6854}\RP46\A0004807.exe:
:Zone.Identifier:$DATA 26
.

...

...

...

...

...

...

...


Error opening C:\WINDOWS\system32\lpt6.waq:
The system cannot find the file specified.


...
Error opening C:\WINDOWS\system32\CatRoot2\edb.log:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\CatRoot2\tmp.edb:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\default:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\default.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\SAM:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\SAM.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\SECURITY:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\SECURITY.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\software:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\software.LOG:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\system:
The process cannot access the file because it is being used by another process.



Error opening C:\WINDOWS\system32\config\system.LOG:
The process cannot access the file because it is being used by another process.




...

.

-------------Encrypting File System dumping-------------

-------------Hidden Files -------------

Scannig hidden processes ...

Scannig hidden services ...

Scannig hidden autostart entries ...

Scannig hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

-------------Checking Rustock rootkit-------------

-------------Checking Suspicious files -------------
(Unusually Runtime packers compressed exe and dll files in C:\, C:\WINDOWS\, C:\WINDOWS\system32\)
Note:Not all files found by this scanner are bad
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SRCHSTS.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWREG.EXE
-This file is compressed with UPX C:\WINDOWS\SYSTEM32\SWSC.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with Upack C:\WINDOWS\SYSTEM32\IFMON.DLL
-This file is compressed with Nspack C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\SYSTEM32\DIVX.DLL

--------------------------
Scan completed in 29,1 minutes
End of report