Smittad av Antivirus 2008 Xp

18 augusti, 2008

Ja det verkar fungera som det ska nu!

Tack så jättemycket för hjälpen cecilia, du är en stjärna!

(Törs man fråga om ett annat problem nu? eller ska jag lägga in det i en ny tråd?)

/Adam

18 augusti, 2008

Det var roligt att höra och tack för alla poäng! :)

Det är bra med nya problem i nya trådar.

18 augusti, 2008

Hej igen Cecilia.

Jag är måste tyvärr meddela att de inte va helt bra ....

Har gjort några scanningar nu i efterhand, och de har kommit upp 2 filer som jag inte lyckas ta bort, dom är tillbaka varje gång jag skannar med MBAM.

(Har även kört med internet urdraget flertalet gånger)

Filerna är dessa (taget direkt ur loggen):

[log]Malwarebytes' Anti-Malware 1.24

Databasversion: 1054

Windows 5.1.2600 Service Pack 2

17:23:37 2008-08-18

mbam-log-8-18-2008 (17-23-37).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 47694

Förfluten tid: 4 minute(s), 27 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0099945 (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

C:\WINDOWS\system32\__c0099945.dat (Trojan.Agent) -> Delete on reboot.

[/log]

Du ser vilka dessa två filer är. Det står att dom tas bort, men sen kommer dom tillbaka varje scanning jag gör.

18 augusti, 2008

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

18 augusti, 2008

Jag har en trådlös internet mottagare, extern hårdisk samt mus i Usb anslutning....så combofix kanske kan ställa till det?

18 augusti, 2008

Med internetanslutning i USB-kontakt så är det inte bra köra ComboFix.

Ladda ner SuspectFile-skanner till Skrivbordet

http://www.suspectfile.com/systemscan

Starta programmet och tryck på Unselect all

Bocka sedan för Recent files och välj days old 30

Bocka också för:

Registry run keys

Windows services

Device driver services

Loaded modules

Hidden objects

Suspicious files

Tryck på Scan Now och klistra in loggen som kommer ut.

18 augusti, 2008

hittar ingen Windows services, jag antar att du menar services and Drivers?

dom som jag bockat för just nu är

recent files (30days)

registry run keys

services and drivers

loaded modules

hidden objects

suspicious files

är de dom jag ska ta?

18 augusti, 2008

Det ser bra ut.

18 augusti, 2008

jag har testat att köra programmet 3 ggr nu. Varje gång kommer jag till

"step 5 of 6 i progress..."

sedan efter en stund stängs programmet ner och försvinner spårlöst...ska de va så? så att loggfilen sparas någonstans?

Jag går in på länken som du skickade, då börjar programmet laddas ner automatiskt. Sedan öppnar jag den filen som laddats ner. Och väljer agree på licensavtalet sedan trycker jag på proceed. Då kommer jag in i menyn där jag väljer [unselect all] och sedan bockar för de du skrev.

18 augusti, 2008

Jag känner inte till den här skannern så bra eftersom jag hörde om den först idag, därför att skannern jag brukar använda när ComboFix inte kan användas är tillfälligt indragen pga problem.

Steg 5 av 6 skulle kunna motsvara "Hidden objects" så låt bli att bocka för den så får vi se om det går bättre.

18 augusti, 2008

ok, jag gör ett försök, ja de är hidden objects som den fastnar på varje gång...

19 augusti, 2008

Det fungerar inte för mig att skapa inlägg....

19 augusti, 2008

här kommer en del av loggen utan hidden objects

[log]

SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)

System directory: C:\WINDOWS

SystemScan file: C:\Documents and Settings\AdamEkstromBackaholm\Desktop\sys59016.exe

Running in: User mode

Date: 2008-08-18

Time: 23:49:12

Output limited to:

-Recent files

-Registry Run Keys

-Services and Drivers (all)

-Loaded Dlls

-Suspicious Files

===================== RECENT FILES =====================

Showing files newer than 30 days

----- recent files in C:13-08-2008 21:20:49 130048 byte 5 days old -- srdyxdh.exe

13-08-2008 21:20:54 2 byte 5 days old -- -2070740813

15-08-2008 11:43:21 (DIR) 0 byte 3 days old -- Program Files

18-08-2008 22:07:45 (DIR)2145386496 byte 0 days old -- pagefile.sys

18-08-2008 22:10:11 (DIR) 0 byte 0 days old -- WINDOWS

18-08-2008 23:44:12 557 byte 0 days old -- test.txt

----- recent files in C:\WINDOWS13-08-2008 17:39:06 578183 byte 5 days old -- setupapi.log

13-08-2008 17:39:23 349632 byte 5 days old -- setupact.log

13-08-2008 18:01:55 750 byte 5 days old -- win.ini

13-08-2008 18:04:12 (DIR) 0 byte 5 days old -- $NtUninstallKB951066$

13-08-2008 18:04:16 10554 byte 5 days old -- KB951066.log

13-08-2008 18:04:32 20321 byte 5 days old -- KB953838-IE7.log

13-08-2008 18:04:34 (DIR) 0 byte 5 days old -- $NtUninstallKB952287$

13-08-2008 18:04:37 16150 byte 5 days old -- KB952287.log

13-08-2008 18:04:39 (DIR) 0 byte 5 days old -- $NtUninstallKB951072-v2$

13-08-2008 18:04:42 35276 byte 5 days old -- KB951072-v2.log

13-08-2008 18:06:09 (DIR) 0 byte 5 days old -- $NtUninstallKB950974$

13-08-2008 18:06:10 22163 byte 5 days old -- KB950974.log

13-08-2008 18:06:12 (DIR) 0 byte 5 days old -- $NtUninstallKB953839$

13-08-2008 18:06:14 15224 byte 5 days old -- KB953839.log

13-08-2008 18:06:15 (DIR) 0 byte 5 days old -- $hf_mig$

13-08-2008 18:06:16 (DIR) 0 byte 5 days old -- $NtUninstallKB946648$

13-08-2008 18:06:18 16744 byte 5 days old -- KB946648.log

13-08-2008 18:06:18 1374 byte 5 days old -- imsins.BAK

13-08-2008 18:06:20 (DIR) 0 byte 5 days old -- $NtUninstallKB952954$

13-08-2008 18:06:21 131124 byte 5 days old -- updspapi.log

13-08-2008 18:06:22 231858 byte 5 days old -- netfxocm.log

13-08-2008 18:06:22 389858 byte 5 days old -- msmqinst.log

13-08-2008 18:06:22 142082 byte 5 days old -- plusoc.log

13-08-2008 18:06:22 63183 byte 5 days old -- tabletoc.log

13-08-2008 18:06:22 575177 byte 5 days old -- tsoc.log

13-08-2008 18:06:22 252437 byte 5 days old -- ntdtcsetup.log

13-08-2008 18:06:22 597876 byte 5 days old -- ocgen.log

13-08-2008 18:06:22 68044 byte 5 days old -- ocmsn.log

13-08-2008 18:06:22 62532 byte 5 days old -- msgsocm.log

13-08-2008 18:06:22 1379566 byte 5 days old -- iis6.log

13-08-2008 18:06:22 1374 byte 5 days old -- imsins.log

13-08-2008 18:06:22 419094 byte 5 days old -- comsetup.log

13-08-2008 18:06:22 1259798 byte 5 days old -- FaxSetup.log

13-08-2008 18:06:22 (DIR) 0 byte 5 days old -- inf

13-08-2008 18:06:22 22695 byte 5 days old -- KB952954.log

13-08-2008 18:06:23 69507 byte 5 days old -- ehOCGen.log

13-08-2008 18:06:23 150429 byte 5 days old -- MedCtrOC.log

13-08-2008 18:16:27 0 byte 5 days old -- 0.log

13-08-2008 21:21:00 (DIR) 0 byte 5 days old -- Help

13-08-2008 23:16:23 140980 byte 5 days old -- ntbtlog.txt

18-08-2008 14:31:40 171125 byte 0 days old -- wmsetup.log

18-08-2008 16:54:03 (DIR) 0 byte 0 days old -- Registration

18-08-2008 22:05:57 (DIR) 0 byte 0 days old -- Installer

18-08-2008 22:06:56 32438 byte 0 days old -- SchedLgU.Txt

18-08-2008 22:07:55 2048 byte 0 days old -- bootstat.dat

18-08-2008 22:08:23 50 byte 0 days old -- wiaservc.log

18-08-2008 22:10:53 (DIR) 0 byte 0 days old -- system32

18-08-2008 23:40:12 1252203 byte 0 days old -- WindowsUpdate.log

18-08-2008 23:42:23 (DIR) 0 byte 0 days old -- Prefetch

18-08-2008 23:44:13 (DIR) 0 byte 0 days old -- temp

18-08-2008 23:47:53 (DIR) 0 byte 0 days old -- Tasks

----- recent files in C:\WINDOWS\Downloaded Program Files

----- recent files in C:\WINDOWS\system

----- recent files in C:\WINDOWS\system3203-08-2008 12:08:13 6692 byte 15 days old -- jupdate-1.6.0_07-b06.log

05-08-2008 20:11:02 15888504 byte 13 days old -- MRT.exe

13-08-2008 18:04:39 609356 byte 5 days old -- TZLog.log

13-08-2008 18:15:10 73451 byte 5 days old -- nvapps.xml

13-08-2008 21:20:49 130048 byte 5 days old -- pla.ax

13-08-2008 21:20:51 577536 byte 5 days old -- user32.DLL

13-08-2008 21:20:51 233472 byte 5 days old -- nvrsul32.dll

13-08-2008 21:26:49 0 byte 5 days old -- 8fb0c462-.txt

13-08-2008 22:11:10 143104 byte 5 days old -- guard32.dll

15-08-2008 10:09:06 1158 byte 3 days old -- wpa.dbl

15-08-2008 10:23:18 (DIR) 0 byte 3 days old -- drivers

16-08-2008 12:35:24 (DIR) 0 byte 2 days old -- dllcache

16-08-2008 21:29:03 (DIR) 0 byte 2 days old -- wbem

16-08-2008 21:29:03 507832 byte 2 days old -- PerfStringBackup.INI

16-08-2008 21:29:03 428540 byte 2 days old -- perfh009.dat

16-08-2008 21:29:03 72864 byte 2 days old -- perfc009.dat

18-08-2008 17:56:14 25088 byte 0 days old -- __c00675A2.dat

18-08-2008 22:10:53 64000 byte 0 days old -- sgm.c

18-08-2008 22:10:53 98816 byte 0 days old -- 3.fe

18-08-2008 22:10:54 21504 byte 0 days old -- cmgmk.ak

18-08-2008 22:11:54 (DIR) 0 byte 0 days old -- CatRoot2

----- recent files in C:\WINDOWS\system32\drivers30-07-2008 20:07:52 17144 byte 19 days old -- mbam.sys

30-07-2008 20:07:56 38472 byte 19 days old -- mbamswissarmy.sys

13-08-2008 21:20:55 30976 byte 5 days old -- ipinzkzbpaqkd.sys

13-08-2008 21:20:57 233 byte 5 days old -- atmapi.sys

13-08-2008 21:21:10 9757 byte 5 days old -- str.sys

13-08-2008 22:11:10 87056 byte 5 days old -- cmdguard.sys

13-08-2008 22:11:10 79760 byte 5 days old -- inspect.sys

13-08-2008 22:11:10 24208 byte 5 days old -- cmdhlp.sys

----- recent files in C:\WINDOWS\temp13-08-2008 18:01:16 340 byte 5 days old -- MSI3fea2.LOG

13-08-2008 22:25:13 (DIR) 0 byte 5 days old -- Cookies

13-08-2008 22:25:13 (DIR) 0 byte 5 days old -- History

13-08-2008 22:25:13 131072 byte 5 days old -- rld76.tmp

13-08-2008 22:25:14 129536 byte 5 days old -- rld77.tmp

14-08-2008 10:13:18 130560 byte 4 days old -- rld4.tmp

14-08-2008 10:13:18 130048 byte 4 days old -- rld5.tmp

14-08-2008 10:13:28 61440 byte 4 days old -- rld6.tmp.bak

15-08-2008 10:11:34 144896 byte 3 days old -- rld6.tmp

15-08-2008 10:11:35 1002 byte 3 days old -- .tt7.tmp.vbs

18-08-2008 23:43:00 67 byte 0 days old -- systemscan.ini

18-08-2008 23:43:00 16384 byte 0 days old -- ~DFD034.tmp

18-08-2008 23:44:13 53248 byte 0 days old -- catchme.dll

18-08-2008 23:44:14 (DIR) 0 byte 0 days old -- nsi10.tmp

09-08-2008 18:11:28 127 byte 9 days old -- CE67013C.TMP

[/log]

19 augusti, 2008

del 2

[log]----- recent files in C:\Program Files03-08-2008 12:08:13 (DIR) 0 byte 15 days old -- Java

13-08-2008 18:04:28 (DIR) 0 byte 5 days old -- Internet Explorer

13-08-2008 18:06:17 (DIR) 0 byte 5 days old -- Messenger

13-08-2008 21:52:53 (DIR) 0 byte 5 days old -- Common Files

13-08-2008 21:53:22 (DIR) 0 byte 5 days old -- SUPERAntiSpyware

13-08-2008 22:11:11 (DIR) 0 byte 5 days old -- COMODO

13-08-2008 22:21:02 (DIR) 0 byte 5 days old -- Trend Micro

13-08-2008 22:48:00 (DIR) 0 byte 5 days old -- apdvbmg

15-08-2008 10:23:19 (DIR) 0 byte 3 days old -- Malwarebytes' Anti-Malware

18-08-2008 22:36:35 (DIR) 0 byte 0 days old -- Mozilla Firefox

12-08-2008 23:04:03 (DIR) 0 byte 6 days old -- PhotomatixPro3

----- recent files in C:\Program Files\Common Files13-08-2008 21:52:53 (DIR) 0 byte 5 days old -- Wise Installation Wizard

----- recent files in C:\Documents and Settings\AdamEkstromBackaholm\Application Data29-07-2008 16:57:43 (DIR) 0 byte 20 days old -- Adobe

13-08-2008 21:22:04 (DIR) 0 byte 5 days old -- Uniblue

13-08-2008 21:53:20 (DIR) 0 byte 5 days old -- SUPERAntiSpyware.com

13-08-2008 22:11:13 (DIR) 0 byte 5 days old -- Comodo

15-08-2008 10:23:19 (DIR) 0 byte 3 days old -- Malwarebytes

16-08-2008 22:29:57 (DIR) 0 byte 2 days old -- Hamachi

18-08-2008 23:48:17 (DIR) 0 byte 0 days old -- SiteAdvisor

----- recent files in C:\DOCUME~1\ADAMEK~1\LOCALS~1\Temp06-08-2008 21:20:45 16384 byte 12 days old -- ~DFE034.tmp

07-08-2008 20:54:50 16384 byte 11 days old -- ~DF2248.tmp

08-08-2008 21:42:20 115 byte 10 days old -- 888AFB86.TMP

13-08-2008 11:05:10 16384 byte 5 days old -- ~DFD03.tmp

13-08-2008 16:16:15 16384 byte 5 days old -- ~DF882A.tmp

13-08-2008 16:16:55 72192 byte 5 days old -- ~e5.0001

13-08-2008 17:28:13 127 byte 5 days old -- CE67013C.TMP

13-08-2008 18:17:29 16384 byte 5 days old -- ~DF2AF2.tmp

13-08-2008 20:50:21 0 byte 5 days old -- Twunk002.MTX

13-08-2008 20:51:13 (DIR) 0 byte 5 days old -- Adobe

13-08-2008 20:56:16 340 byte 5 days old -- MSI48760.LOG

13-08-2008 21:21:07 517 byte 5 days old -- win4A.tmp

13-08-2008 21:21:07 32768 byte 5 days old -- twe49.tmp

13-08-2008 21:21:16 0 byte 5 days old -- win4C.tmp

13-08-2008 21:21:16 28010 byte 5 days old -- win4B.tmp

13-08-2008 21:21:31 0 byte 5 days old -- win4E.tmp

13-08-2008 21:21:31 43267 byte 5 days old -- win4D.tmp

13-08-2008 21:21:58 0 byte 5 days old -- win50.tmp

13-08-2008 21:21:58 141877 byte 5 days old -- win4F.tmp

13-08-2008 21:22:00 0 byte 5 days old -- .tt52.tmp

13-08-2008 21:22:12 36394 byte 5 days old -- win51.tmp

13-08-2008 21:22:12 0 byte 5 days old -- win58.tmp

13-08-2008 22:06:37 4161 byte 5 days old -- win5B.tmp

13-08-2008 22:10:57 (DIR) 0 byte 5 days old -- CDIResData

13-08-2008 22:11:10 (DIR) 0 byte 5 days old -- comodo

13-08-2008 22:11:11 (DIR) 0 byte 5 days old -- Drivers

13-08-2008 22:11:11 (DIR) 0 byte 5 days old -- scanners

13-08-2008 23:22:04 (DIR) 0 byte 5 days old -- WER769e.dir00

13-08-2008 23:27:04 (DIR) 0 byte 5 days old -- WERfa7c.dir00

13-08-2008 23:27:17 16384 byte 5 days old -- ~DF3E58.tmp

14-08-2008 10:32:04 16384 byte 4 days old -- ~DFCCF.tmp

14-08-2008 10:34:57 (DIR) 0 byte 4 days old -- is-J6HAQ.tmp

14-08-2008 10:45:36 (DIR) 0 byte 4 days old -- is-IB4UF.tmp

15-08-2008 10:14:17 16384 byte 3 days old -- ~DF1BFC.tmp

15-08-2008 12:00:53 16384 byte 3 days old -- ~DFD6CF.tmp

15-08-2008 12:23:26 2622 byte 3 days old -- AC5.tmp

15-08-2008 12:24:17 176 byte 3 days old -- AC6.tmp

15-08-2008 12:26:37 924 byte 3 days old -- AC7.tmp

15-08-2008 12:27:17 922 byte 3 days old -- AC8.tmp

15-08-2008 14:14:32 2891 byte 3 days old -- cfpinfo.ini

15-08-2008 16:12:36 1727 byte 3 days old -- java_install_reg.log

15-08-2008 17:50:03 (DIR) 0 byte 3 days old -- hsperfdata_AdamEkstromBackaholm

16-08-2008 11:45:50 16384 byte 2 days old -- ~DFADE2.tmp

16-08-2008 13:18:02 16384 byte 2 days old -- ~DFD1A4.tmp

16-08-2008 19:35:46 16384 byte 2 days old -- ~DF39D7.tmp

16-08-2008 21:07:35 340 byte 2 days old -- MSIa5225.LOG

16-08-2008 21:29:02 (DIR) 0 byte 2 days old -- outlook logging

17-08-2008 12:30:58 16384 byte 1 days old -- ~DFDDC5.tmp

17-08-2008 12:31:50 34816 byte 1 days old -- _A00F6ADF6.exe

17-08-2008 17:26:10 16384 byte 1 days old -- ~DFA6EF.tmp

17-08-2008 18:16:06 156 byte 1 days old -- Twunk001.MTX

17-08-2008 18:16:06 4 byte 1 days old -- Twain001.Mtx

17-08-2008 18:17:59 899 byte 1 days old -- TWAIN.LOG

17-08-2008 18:18:09 59964 byte 1 days old -- Adobelm_Cleanup.0001

17-08-2008 22:54:56 32584 byte 1 days old -- amt.log

17-08-2008 22:54:56 10616 byte 1 days old -- alm.log

18-08-2008 11:34:49 (DIR) 0 byte 0 days old -- WER1177.dir00

18-08-2008 11:38:22 16384 byte 0 days old -- ~DF4AC.tmp

18-08-2008 11:41:12 (DIR) 0 byte 0 days old -- MessengerCache

18-08-2008 14:10:37 16384 byte 0 days old -- ~DFFFA1.tmp

18-08-2008 14:13:10 311296 byte 0 days old -- ~DF4EEF.tmp

18-08-2008 14:14:29 0 byte 0 days old -- IMG3.tmp

18-08-2008 14:40:11 2 byte 0 days old -- PrePict.htm

18-08-2008 15:20:37 16384 byte 0 days old -- ~DF191B.tmp

18-08-2008 15:49:56 (DIR) 0 byte 0 days old -- WER0d83.dir00

18-08-2008 15:50:19 16384 byte 0 days old -- ~DFDB5B.tmp

18-08-2008 16:07:08 (DIR) 0 byte 0 days old -- WER0b58.dir00

18-08-2008 16:09:16 16384 byte 0 days old -- ~DF8517.tmp

18-08-2008 16:53:50 (DIR) 0 byte 0 days old -- WEReb2d.dir00

18-08-2008 16:57:12 16384 byte 0 days old -- ~DFF1B0.tmp

18-08-2008 17:56:06 (DIR) 0 byte 0 days old -- WER9735.dir00

18-08-2008 17:57:13 16384 byte 0 days old -- ~DFE2FB.tmp

18-08-2008 22:08:38 (DIR) 0 byte 0 days old -- WPDNSE

18-08-2008 22:08:43 (DIR) 0 byte 0 days old -- WER0c42.dir00

18-08-2008 22:12:11 16384 byte 0 days old -- ~DF8C71.tmp

18-08-2008 22:13:37 129152 byte 0 days old -- jusched.log

18-08-2008 23:13:45 16384 byte 0 days old -- ~DFAB2E.tmp

18-08-2008 23:13:45 (DIR) 0 byte 0 days old -- nsa3.tmp

18-08-2008 23:18:54 16384 byte 0 days old -- ~DFE02E.tmp

18-08-2008 23:21:49 53248 byte 0 days old -- catchme.dll

18-08-2008 23:21:51 (DIR) 0 byte 0 days old -- nsc5.tmp

18-08-2008 23:26:08 16384 byte 0 days old -- ~DF9DD7.tmp

18-08-2008 23:27:41 (DIR) 0 byte 0 days old -- nsa7.tmp

18-08-2008 23:30:14 16384 byte 0 days old -- ~DFB74F.tmp

18-08-2008 23:33:17 (DIR) 0 byte 0 days old -- nsy9.tmp

18-08-2008 23:41:34 0 byte 0 days old -- IMGA.tmp

18-08-2008 23:41:37 16384 byte 0 days old -- ~DF4125.tmp

18-08-2008 23:41:37 (DIR) 0 byte 0 days old -- nsqC.tmp

18-08-2008 23:49:01 67 byte 0 days old -- systemscan.ini

18-08-2008 23:49:01 16384 byte 0 days old -- ~DF29D5.tmp

18-08-2008 23:49:01 (DIR) 0 byte 0 days old -- nsg12.tmp

09-08-2008 11:59:55 16384 byte 9 days old -- ~DFA0DE.tmp

10-08-2008 11:45:00 16384 byte 8 days old -- ~DF394D.tmp

10-08-2008 22:12:27 16384 byte 8 days old -- ~DFB457.tmp

11-08-2008 11:16:28 16384 byte 7 days old -- ~DFD0B8.tmp

11-08-2008 20:04:29 (DIR) 0 byte 7 days old -- plugtmp-1

11-08-2008 20:16:38 0 byte 7 days old -- 1F2525F.dmp

11-08-2008 21:13:21 16384 byte 7 days old -- ~DF6BA6.tmp

12-08-2008 11:41:43 16384 byte 6 days old -- ~DFA8AA.tmp

[/log]

19 augusti, 2008

del 3

[log]

===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe"

"LaunchApp"="Alaunch"

"RTHDCPL"="RTHDCPL.EXE"

"SkyTel"="SkyTel.EXE"

"Alcmtr"="ALCMTR.EXE"

@=""

"IMJPMIG8.1"="\"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"

"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe\""

"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe"

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"

"HP Software Update"="\"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe\""

"HP Component Manager"="\"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe\""

"UserFaultCheck"=expand:"%systemroot%\system32\dumprep 0 -u"

"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"

"Symantec PIF AlertEng"="\"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe\" /a /m \"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll\""

"ISUSPM"="\"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe\" -scheduler"

"KernelFaultCheck"=expand:"%systemroot%\system32\dumprep 0 -k"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]

"Installed"="1"

[Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

[Run\OptionalComponents\MSFS]

"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

@=""

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

"msnmsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"

"A00F6ADF6.exe"="C:\DOCUME~1\ADAMEK~1\LOCALS~1\Temp\_A00F6ADF6.exe"

[Run\AdobeUpdater]

@=""

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]

"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[shellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

"winadmact"="{3B6C0668-E410-8E23-EFC1-0118F6CE9275}"

#### HKCR\CLSID\{3B6C0668-E410-8E23-EFC1-0118F6CE9275}\InprocServer32 @="C:\Program Files\apdvbmg\winadmact.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[shellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""

#### HKCR\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5}\InprocServer32 @="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll"

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

#### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]

"Shell"="c:\windows\explorer.exe"

"System"=""

"Userinit"="c:\windows\system32\userinit.exe"

"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""

"UIHost"=expand:"logonui.exe"

"LogonType"=dword:00000001

"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]

"@="Wireless"

"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]

"@="Folder Redirection"

"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]

"@="Microsoft Disk Quota"

"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]

"@="QoS Packet Scheduler"

"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]

"@="Scripts"

"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]

"@="Internet Explorer Zonemapping"

"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]

"DllName"=expand:"scecli.dll"

"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]

"DllName"="iedkcs32.dll"

"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]

"DllName"=expand:"scecli.dll"

"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]

"@="Microsoft Offline Files"

"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]

"@="Software Installation"

"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]

"@="IP Security"

"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\!saswinlogon]

"DllName"="C:\Program Files\SUPERAntiSpyware\SASWINLO.dll"

[Winlogon\Notify\crypt32chain]

"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]

"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]

"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]

"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]

"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]

[Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

[Winlogon\Notify\__c00675A2]

"DllName"="C:\WINDOWS\system32\__c00675A2.dat"

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]

"HelpAssistant"=dword:00000000

"TsInternetUser"=dword:00000000

"SQLAgentCmdExec"=dword:00000000

"NetShowServices"=dword:00000000

"IWAM_"=dword:00010000

"IUSR_"=dword:00010000

"VUSR_"=dword:00010000

"ASPNET"=dword:00000000

"Hjälpassistent"=dword:00000000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]

"ParseAutoexec"="1"

"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook"

"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[image File Execution Options\Your Image File Name Here without a path]

"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[session Manager]

"BootExecute"=multi:"autocheck autochk *\00\00"

[session Manager\SubSystems]

"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]

"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"

"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[browser Helper Objects]

[browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

@=""

[browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]

#### HKCR\CLSID\{2F85D76C-0569-466F-A488-493E6BD0E955}\InprocServer32 @="C:\Program Files\Windows Desktop Search\dsWebAllow.dll"

@=""

[browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="D:\Spybot\SPYBOT~1\SDHelper.dll"

[browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll"

"NoExplorer"=dword:00000001

[browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

@=""

[browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"

@=""

[browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]

@=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[urlSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

[MSConfig]

[MSConfig\services]

[MSConfig\startupfolder]

[MSConfig\startupfolder\C:^Documents and Settings^AdamEkstromBackaholm^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]

"path"="C:\Documents and Settings\AdamEkstromBackaholm\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk"

"backup"="C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup"

"location"="Startup"

"command"="C:\Documents and Settings\AdamEkstromBackaholm\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe --silent"

"item"="Memeo AutoBackup Launcher"

[MSConfig\startupfolder\C:^Documents and Settings^AdamEkstromBackaholm^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]

"path"="C:\Documents and Settings\AdamEkstromBackaholm\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk"

"backup"="C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup"

"location"="Startup"

"command"="C:\PROGRA~1\Memeo\AutoSync\MEMEOL~1.EXE --silent"

"item"="Memeo AutoSync Launcher"

[MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

"path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"

"backup"="C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

[MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

"path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk"

"backup"="C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe "

"item"="HP Digital Imaging Monitor"

[MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Snabbstarta.lnk]

"path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Snabbstarta.lnk"

"backup"="C:\WINDOWS\pss\HP Image Zone Snabbstarta.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s"

"item"="HP Image Zone Snabbstarta"

[MSConfig\startupreg]

[MSConfig\state]

"system.ini"=dword:00000000

"win.ini"=dword:00000000

"bootini"=dword:00000000

"services"=dword:00000000

"startup"=dword:00000002

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]

@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[url\DefaultPrefix]

@="http://"'>http://"'>http://"'>http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]

"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]

"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]

"Name"="Digest"

"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]

"Name"="DPA"

"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]

"Name"="MSN"

"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[sharedAccess]

"DependOnGroup"=multi:"\00"

"DependOnService"=multi:"Netman\00WinMgmt\00\00"

"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."

"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"

"ErrorControl"=dword:00000001

"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"

"ObjectName"="LocalSystem"

"Start"=dword:00000002

"Type"=dword:00000020

[sharedAccess\Epoch]

"Epoch"=dword:0009e001

[sharedAccess\Parameters]

"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[sharedAccess\Parameters\FirewallPolicy]

[sharedAccess\Parameters\FirewallPolicy\DomainProfile]

[sharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[sharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[sharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[sharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"

"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"

"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"

"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"

[sharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=dword:00000001

"DoNotAllowExceptions"=dword:00000000

"DisableNotifications"=dword:00000000

[sharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[sharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"

"C:\Program Files\Electronic Arts\Slaget om Midgård II\game.dat"="C:\Program Files\Electronic Arts\Slaget om Midgård II\game.dat:*:Enabled:Slaget om Midgård™ II"

"C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe"="C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe:*:Enabled:NETGEAR WG111v2 Smart Wizard"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Electronic Arts\Häxkungens Tid\game.dat"="C:\Program Files\Electronic Arts\Häxkungens Tid\game.dat:*:Enabled:Ringarnas herre™ - Häxkungens tid™"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Fjärrhjälp - Windows Messenger och tal"

"D:\PROGRAM\hamachi.exe"="D:\PROGRAM\hamachi.exe:*:Enabled:Hamachi"

"D:\program\Backburner 2007.0\monitor.exe"="D:\program\Backburner 2007.0\monitor.exe:*:Enabled:backburner 2.3 monitor"

"D:\program\Backburner 2007.0\manager.exe"="D:\program\Backburner 2007.0\manager.exe:*:Enabled:backburner 2.3 manager"

"D:\program\Backburner 2007.0\server.exe"="D:\program\Backburner 2007.0\server.exe:*:Enabled:backburner 2.3 server"

"D:\program\utorrent\uTorrent.exe"="D:\program\utorrent\uTorrent.exe:*:Enabled:µTorrent"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"

"D:\program\3ds max\3dsmax.exe"="D:\program\3ds max\3dsmax.exe:*:Disabled:Autodesk 3ds Max 9 32-bit"

"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:aom"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"

"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

[sharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[sharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"

"2869:TCP"="2869:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22008"

"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"

"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"

"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"

"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"

[sharedAccess\Setup]

"ServiceUpgrade"=dword:00000001

[sharedAccess\Setup\InterfacesUnfirewalledAtUpdate]

"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]

"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00, "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00, "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00, "EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]

"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"

"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"

"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"

"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]

"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[security Center]

"FirstRunDisabled"=dword:00000001

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

[security Center\Monitoring]

"DisableMonitoring"=dword:00000001

[security Center\Monitoring\AhnlabAntiVirus]

[security Center\Monitoring\ComputerAssociatesAntiVirus]

[security Center\Monitoring\KasperskyAntiVirus]

[security Center\Monitoring\McAfeeAntiVirus]

[security Center\Monitoring\McAfeeFirewall]

[security Center\Monitoring\PandaAntiVirus]

[security Center\Monitoring\PandaFirewall]

[security Center\Monitoring\SophosAntiVirus]

[security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[security Center\Monitoring\TinyFirewall]

[security Center\Monitoring\TrendAntiVirus]

[security Center\Monitoring\TrendFirewall]

[security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[systemRestore]

"DisableSR"=dword:00000000

"CreateFirstRunRp"=dword:00000001

"DSMin"=dword:000000c8

"DSMax"=dword:00000190

"RPSessionInterval"=dword:00000000

"RPGlobalInterval"=dword:00015180

"RPLifeInterval"=dword:0076a700

"CompressionBurst"=dword:0000003c

"TimerInterval"=dword:00000078

"DiskPercent"=dword:0000000c

"ThawInterval"=dword:00000384

"RestoreDiskSpaceError"=dword:00000000

[systemRestore\Cfg]

"DiskPercent"=dword:0000000c

"MachineGuid"="{D3082CFB-DDFE-4DF0-9644-2FC454148387}"

[systemRestore\SnapshotCallbacks]

@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\WarReg_PopUp]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[installed Components]

[installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

"@="IE7 Uninstall Stub"

"ComponentID"="IEUDINIT"

"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"

"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"

"@="Microsoft Windows Media Player"

"ComponentID"="WMPACCESS"

[installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

"@="Internet Explorer"

"ComponentID"="IEACCESS"

"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"@="Browser Customizations"

"ComponentiD"="BRANDING.CAB"

"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]

"@="Browser Customizations"

"ComponentID"="BRANDING.CAB"

"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

"@="Outlook Express"

"ComponentID"="OEACCESS"

"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[installed Components\KB910393]

"@="KB910393"

"ComponentID"="KB910393"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall"

[installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]

"@="Java (Sun)"

"ComponentID"="JAVAVM"

"KeyFileName"="C:\Program Files\Java\jre1.6.0_07\bin\regutils.dll"

[installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]

"@="Vector Graphics Rendering (VML)"

"ComponentID"="MSVML"

[installed Components\{1325db73-d9f1-48f8-8895-6d814ec58889}]

"@="Security Update for Windows XP (KB913433)"

"ComponentID"="KB913433"

[installed Components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]

"@="Microsoft .NET Framework 1.0 Hotfix (KB887998)"

"ComponentID"="NDPKB887998"

[installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]

#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"

"ComponentID"="NetShow"

"StubPath"=""

[installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"

"ComponentID"="Microsoft Windows Media Player"

"StubPath"=""

"@="Microsoft Windows Media Player 6.4"

[installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]

#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"

"ComponentID"="Director"

"@="Adobe Shockwave Director 10.2"

[installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]

"@="DirectAnimation"

"ComponentID"="DirectAnimation"

[installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]

"ComponentID"="Director"

"@="Adobe Shockwave Director 10.2"

[installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

"@="Themes Setup"

"ComponentID"="Theme Component"

"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]

"@="Dynamic HTML Data Binding for Java"

"ComponentID"="TridataJava"

[installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]

"@="Offline Browsing Pack"

"ComponentID"="MobilePk"

[installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]

"@="Uniscribe"

"ComponentID"="USP10"

[installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]

"@="Media Center"

"ComponentID"="Media Center Shortcut"

"StubPath"=expand:"%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf"

[installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]

"ComponentID"="S867460"

"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

[installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]

"@="Advanced Authoring"

"ComponentID"="AdvAuth"

[installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"@="Microsoft Outlook Express 6"

"ComponentID"="MailNews"

"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

"@="NetMeeting 3.01"

"ComponentID"="NetMeeting"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]

"@="DirectShow"

"ComponentID"="activemovie"

[installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]

"@="DirectDrawEx"

"ComponentID"="DirectDrawEx"

[installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]

"@="Internet Explorer Help"

"ComponentID"="HelpCont"

[installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]

"@="DirectAnimation Java Classes"

"ComponentID"="DAJava"

[installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]

"@="Microsoft Windows Script 5.6"

"ComponentID"="MSVBScript"

[installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

"@="Windows Messenger 4.7"

"ComponentID"="Messenger"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]

"(Default)"="Internet Connection Wizard"

"ComponentID"="ICW"

[installed Components\{5D8D5BE4-6FB8-A51A-1382-1B020DB338A6}]

"@="Vector Graphics Rendering (VML)"

"ComponentID"="MSVML"

[installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]

"@="Internet Explorer Setup Tools"

"ComponentID"="GenSetup"

[installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]

"@="Browsing Enhancements"

"ComponentID"="ExtraPack"

"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"

"@="Microsoft Windows Media Player"

"ComponentID"="Microsoft Windows Media Player"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]

"@="MSN Site Access"

"ComponentID"="MSN_Auth"

[installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]

"ComponentID"=".NETFramework"

"@=".NET Framework"

[installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]

"@="Web Folders"

"ComponentID"="WebFolders"

"StubPath"=""

[installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"@="Address Book 6"

"ComponentID"="WAB"

"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

"@="Windows Desktop Update"

"ComponentID"="IE4Shell_NT"

"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

"@="Internet Explorer"

"ComponentID"="BASEIE40_W2K"

"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

"ComponentID"="DOTNETFRAMEWORKS"

"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]

"@="Fax"

"ComponentID"="Fax"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser"

[installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]

"ComponentID"="M928366"

"@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"

[installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]

"@="Dynamic HTML Data Binding"

"ComponentID"="Tridata"

[installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]

"@="Fax Provider"

"ComponentID"="Fax Provider"

"StubPath"=""

[installed Components\{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}]

"@=".NET Framework"

"ComponentID"=".NETFramework"

[installed Components\{A1D75879-FD85-0AD6-B3EB-E405AC647C49}]

"@="Internet Explorer"

"ComponentID"="IEACCESS"

[installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]

"ComponentID"=".NETFramework"

"@=".NET Framework"

[installed Components\{B5FBDD5E-FA1C-DC6A-7EC2-89E20B5F1B88}]

"@="Security Update for Windows XP (KB913433)"

"ComponentID"="KB913433"

[installed Components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]

"@="Microsoft .NET Framework 1.0 Hotfix (KB930494)"

"ComponentID"="NDPKB930494"

[installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]

"@="Internet Explorer Core Fonts"

"ComponentID"="Fontcore"

[installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]

"ComponentID"=".NETFramework"

"@=".NET Framework"

[installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]

"@="Task Scheduler"

"ComponentID"="MSTASK"

[installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]

"ComponentID"="Windows Movie Maker v2.1"

[installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

"@="Adobe Flash Player 9 ActiveX"

"ComponentID"="Flash"

[installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]

"@="HTML Help"

"ComponentID"="HTMLHelp"

[installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

"@="Active Directory Service Interface"

"ComponentID"="ADSI"

[installed Components\{F74940C6-E082-2DB5-F8CD-7332824EB6C4}]

"@="KB910393"

"ComponentID"="KB910393"

[installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]

"@=".NET Framework"

"ComponentID"=".NETFramework"

-----Comparing registry keys CCS1 vs CCS2 -----

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\5731b01a

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ASP.NET_2.0.50727\Performance WbemAdapStatus REG_DWORD 1 (0x1)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ASP.NET_2.0.50727\Performance WbemAdapStatus REG_DWORD 0 (0x0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state\Performance WbemAdapFileSignature REG_BINARY E7D97E60E8C3A0C47244D6BDCB5AE68B

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aspnet_state\Performance WbemAdapFileSignature REG_BINARY CF935F24C484073585AE85D921FF4A02

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state\Performance WbemAdapFileTime REG_BINARY 00F2D6F9697DC701

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aspnet_state\Performance WbemAdapFileTime REG_BINARY 0061280ECF15C801

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state\Performance WbemAdapFileSize REG_DWORD 23552 (0x5C00)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aspnet_state\Performance WbemAdapFileSize REG_DWORD 33288 (0x8208)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\cmdagent

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\cmdguard

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\cmdhlp

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\COMSysApp ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} REG_BINARY 01000000000000000400000000000000DD4EA348FF00000033000000000000000400000000000000DD4EA348000000FF36000000000000000400000000000000DD4EA3480500000135000000000000000100000000000000DD4EA34805000000

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} REG_BINARY 01000000000000000400000000000000A0D7A948FF00000033000000000000000400000000000000A0D7A948000000FF36000000000000000400000000000000A0D7A9480500000135000000000000000100000000000000A0D7A94805000000

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {0AF0ACF8-203D-4092-ABA3-496C6853FAA8} REG_BINARY 06000000000000000800000000000000745AA448C343C718C343C71903000000000000000400000000000000745AA448C0A8010101000000000000000400000000000000745AA448FFFFFF0036000000000000000400000000000000745AA448C0A8010135000000000000000100000000000000745AA4480500000033000000000000000400000000000000745AA44800015180FC000000000000000000000000000000A61BA348

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {0AF0ACF8-203D-4092-ABA3-496C6853FAA8} REG_BINARY 06000000000000000000000000000000C695A94803000000000000000000000000000000C695A94801000000000000000000000000000000C695A94833000000000000000000000000000000C695A94836000000000000000000000000000000C695A94835000000000000000000000000000000C695A948

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\Microsoft H.323 Telephony Service Provider

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\hayswmovaz

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\inspect

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver\parameters Guid REG_BINARY 4F227AFE04024E4181B4C80C357D0DFE

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\lanmanserver\parameters Guid REG_BINARY 99E32293FB41B645ACABACB92FD8992E

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance Version REG_DWORD 13 (0xD)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Outlook\Performance Version REG_DWORD 14 (0xE)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance Last Counter REG_DWORD 5848 (0x16D8)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Outlook\Performance Last Counter REG_DWORD 6552 (0x1998)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance Last Help REG_DWORD 5849 (0x16D9)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Outlook\Performance Last Help REG_DWORD 6553 (0x1999)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance First Counter REG_DWORD 5812 (0x16B4)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Outlook\Performance First Counter REG_DWORD 6516 (0x1974)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance First Help REG_DWORD 5813 (0x16B5)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Outlook\Performance First Help REG_DWORD 6517 (0x1975)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sasdifsv\filestodelete

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 643234 (0x9D0A2)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 647000 (0x9DF58)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\WINDOWS\system32\winver.exe REG_SZ C:\WINDOWS\system32\winver.exe:*:Enabled:winver

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\d1.exe REG_SZ C:\d1.exe:*:Enabled:enable

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\sptd\Cfg

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} NTEContextList REG_MULTI_SZ 0x00000004\0\0

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} NTEContextList REG_MULTI_SZ \0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpServer REG_SZ 192.168.1.1

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpServer REG_SZ 255.255.255.255

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} Lease REG_DWORD 86400 (0x15180)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} Lease REG_DWORD 3600 (0xE10)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} LeaseObtainedTime REG_DWORD 1218644212 (0x48A308F4)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} LeaseObtainedTime REG_DWORD 1219073478 (0x48A995C6)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} T1 REG_DWORD 1218687412 (0x48A3B1B4)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} T1 REG_DWORD 1219075278 (0x48A99CCE)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} T2 REG_DWORD 1218719812 (0x48A43044)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} T2 REG_DWORD 1219076628 (0x48A9A214)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} LeaseTerminatesTime REG_DWORD 1218730612 (0x48A45A74)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} LeaseTerminatesTime REG_DWORD 1219077078 (0x48A9A3D6)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpIPAddress REG_SZ 192.168.1.100

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpSubnetMask REG_SZ 255.255.255.0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpNameServer REG_SZ 195.67.199.24 195.67.199.25

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} LeaseObtainedTime REG_DWORD 1218661854 (0x48A34DDE)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} LeaseObtainedTime REG_DWORD 1219090081 (0x48A9D6A1)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} T1 REG_DWORD 1218661981 (0x48A34E5D)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} T1 REG_DWORD 1219090208 (0x48A9D720)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} T2 REG_DWORD 1218662077 (0x48A34EBD)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} T2 REG_DWORD 1219090304 (0x48A9D780)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} LeaseTerminatesTime REG_DWORD 1218662109 (0x48A34EDD)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} LeaseTerminatesTime REG_DWORD 1219090336 (0x48A9D7A0)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} DhcpRetryTime REG_DWORD 123 (0x7B)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} DhcpRetryStatus REG_DWORD 0 (0x0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7aac0a7\0\0\0\0\0\0\0\0\0\0\0\0

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7aad24b\0\0\0\0\0\0\0\0\0\0\0\0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\wuauserv Start REG_DWORD 4 (0x4)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\wuauserv Start REG_DWORD 2 (0x2)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpIPAddress REG_SZ 192.168.1.100

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpIPAddress REG_SZ 0.0.0.0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpSubnetMask REG_SZ 255.255.255.0

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpSubnetMask REG_SZ 255.0.0.0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpServer REG_SZ 192.168.1.1

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpServer REG_SZ 255.255.255.255

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip Lease REG_DWORD 86400 (0x15180)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip Lease REG_DWORD 3600 (0xE10)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1218644212 (0x48A308F4)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1219073478 (0x48A995C6)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip T1 REG_DWORD 1218687412 (0x48A3B1B4)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip T1 REG_DWORD 1219075278 (0x48A99CCE)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip T2 REG_DWORD 1218719812 (0x48A43044)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip T2 REG_DWORD 1219076628 (0x48A9A214)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1218730612 (0x48A45A74)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1219077078 (0x48A9A3D6)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1218661854 (0x48A34DDE)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1219090081 (0x48A9D6A1)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip T1 REG_DWORD 1218661981 (0x48A34E5D)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip T1 REG_DWORD 1219090208 (0x48A9D720)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip T2 REG_DWORD 1218662077 (0x48A34EBD)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip T2 REG_DWORD 1219090304 (0x48A9D780)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1218662109 (0x48A34EDD)

> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1219090336 (0x48A9D7A0)

Result compared: Different

-----Comparing registry keys CCS1 vs CCS3 -----

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\5731b01a

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ASP.NET_2.0.50727\Performance WbemAdapStatus REG_DWORD 1 (0x1)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\ASP.NET_2.0.50727\Performance WbemAdapStatus REG_DWORD 0 (0x0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state\Performance WbemAdapFileSignature REG_BINARY E7D97E60E8C3A0C47244D6BDCB5AE68B

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\aspnet_state\Performance WbemAdapFileSignature REG_BINARY CF935F24C484073585AE85D921FF4A02

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state\Performance WbemAdapFileTime REG_BINARY 00F2D6F9697DC701

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\aspnet_state\Performance WbemAdapFileTime REG_BINARY 0061280ECF15C801

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state\Performance WbemAdapFileSize REG_DWORD 23552 (0x5C00)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\aspnet_state\Performance WbemAdapFileSize REG_DWORD 33288 (0x8208)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\cmdagent

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\cmdguard

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\cmdhlp

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\COMSysApp ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} REG_BINARY 01000000000000000400000000000000DD4EA348FF00000033000000000000000400000000000000DD4EA348000000FF36000000000000000400000000000000DD4EA3480500000135000000000000000100000000000000DD4EA34805000000

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} REG_BINARY 01000000000000000400000000000000F3EEA948FF00000033000000000000000400000000000000F3EEA948000000FF36000000000000000400000000000000F3EEA9480500000135000000000000000100000000000000F3EEA94805000000

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {0AF0ACF8-203D-4092-ABA3-496C6853FAA8} REG_BINARY 06000000000000000800000000000000745AA448C343C718C343C71903000000000000000400000000000000745AA448C0A8010101000000000000000400000000000000745AA448FFFFFF0036000000000000000400000000000000745AA448C0A8010135000000000000000100000000000000745AA4480500000033000000000000000400000000000000745AA44800015180FC000000000000000000000000000000A61BA348

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {0AF0ACF8-203D-4092-ABA3-496C6853FAA8} REG_BINARY 06000000000000000800000000000000D02EAB48C343C718C343C71903000000000000000400000000000000D02EAB48C0A8010101000000000000000400000000000000D02EAB48FFFFFF0036000000000000000400000000000000D02EAB48C0A8010135000000000000000100000000000000D02EAB4805000000FC00000000000000000000000000000047ECA94833000000000000000400000000000000D02EAB4800015180

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\hayswmovaz

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\inspect

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver\parameters Guid REG_BINARY 4F227AFE04024E4181B4C80C357D0DFE

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\lanmanserver\parameters Guid REG_BINARY 99E32293FB41B645ACABACB92FD8992E

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance Version REG_DWORD 13 (0xD)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Outlook\Performance Version REG_DWORD 14 (0xE)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance Last Counter REG_DWORD 5848 (0x16D8)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Outlook\Performance Last Counter REG_DWORD 6552 (0x1998)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance Last Help REG_DWORD 5849 (0x16D9)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Outlook\Performance Last Help REG_DWORD 6553 (0x1999)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance First Counter REG_DWORD 5812 (0x16B4)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Outlook\Performance First Counter REG_DWORD 6516 (0x1974)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Outlook\Performance First Help REG_DWORD 5813 (0x16B5)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Outlook\Performance First Help REG_DWORD 6517 (0x1975)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sasdifsv\filestodelete

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Schedule NextAtJobId REG_DWORD 1 (0x1)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Schedule NextAtJobId REG_DWORD 2 (0x2)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Schedule AtTaskMaxHours REG_DWORD 72 (0x48)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 643234 (0x9D0A2)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 647169 (0x9E001)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\WINDOWS\system32\winver.exe REG_SZ C:\WINDOWS\system32\winver.exe:*:Enabled:winver

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\d1.exe REG_SZ C:\d1.exe:*:Enabled:enable

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\sptd\Cfg

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} LeaseObtainedTime REG_DWORD 1218644212 (0x48A308F4)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} LeaseObtainedTime REG_DWORD 1219091792 (0x48A9DD50)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} T1 REG_DWORD 1218687412 (0x48A3B1B4)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} T1 REG_DWORD 1219134992 (0x48AA8610)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} T2 REG_DWORD 1218719812 (0x48A43044)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} T2 REG_DWORD 1219167392 (0x48AB04A0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} LeaseTerminatesTime REG_DWORD 1218730612 (0x48A45A74)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} LeaseTerminatesTime REG_DWORD 1219178192 (0x48AB2ED0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpIPAddress REG_SZ 192.168.1.100

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpIPAddress REG_SZ 192.168.1.102

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpRetryTime REG_DWORD 43197 (0xA8BD)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8} DhcpRetryStatus REG_DWORD 0 (0x0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} LeaseObtainedTime REG_DWORD 1218661854 (0x48A34DDE)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} LeaseObtainedTime REG_DWORD 1219096052 (0x48A9EDF4)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} T1 REG_DWORD 1218661981 (0x48A34E5D)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} T1 REG_DWORD 1219096179 (0x48A9EE73)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} T2 REG_DWORD 1218662077 (0x48A34EBD)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} T2 REG_DWORD 1219096275 (0x48A9EED3)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} LeaseTerminatesTime REG_DWORD 1218662109 (0x48A34EDD)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} LeaseTerminatesTime REG_DWORD 1219096307 (0x48A9EEF3)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} DhcpRetryTime REG_DWORD 127 (0x7F)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1} DhcpRetryStatus REG_DWORD 0 (0x0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7aac0a7\0\0\0\0\0\0\0\0\0\0\0\0

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7aad24b\0\0\0\0\0\0\0\0\0\0\0\0

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\wuauserv Start REG_DWORD 4 (0x4)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\wuauserv Start REG_DWORD 2 (0x2)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpIPAddress REG_SZ 192.168.1.100

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip DhcpIPAddress REG_SZ 192.168.1.102

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1218644212 (0x48A308F4)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1219091792 (0x48A9DD50)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip T1 REG_DWORD 1218687412 (0x48A3B1B4)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip T1 REG_DWORD 1219134992 (0x48AA8610)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip T2 REG_DWORD 1218719812 (0x48A43044)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip T2 REG_DWORD 1219167392 (0x48AB04A0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1218730612 (0x48A45A74)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{0AF0ACF8-203D-4092-ABA3-496C6853FAA8}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1219178192 (0x48AB2ED0)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1218661854 (0x48A34DDE)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1219096052 (0x48A9EDF4)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip T1 REG_DWORD 1218661981 (0x48A34E5D)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip T1 REG_DWORD 1219096179 (0x48A9EE73)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip T2 REG_DWORD 1218662077 (0x48A34EBD)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip T2 REG_DWORD 1219096275 (0x48A9EED3)

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1218662109 (0x48A34EDD)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{EBBE4A40-6C7D-4C23-B086-9936ACEB31F1}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1219096307 (0x48A9EEF3)

Result compared: Different

[/log]

19 augusti, 2008

del 4

[log]

===================== LIST OF ALL SERVICES & DRIVERS =====================

-----HKLM\system\currentcontrolset\services-----

000) "a347bus"

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\a347bus.sys

---> TYPE = KERNEL_DRIVER

001) "a347scsi"

---> STAT = (RUNNING) Started by operating system loader

---> FILE = System32\Drivers\a347scsi.sys

---> TYPE = KERNEL_DRIVER

002) "Abiosdsk"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

003) "abp480n5"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

004) "ACPI" - Microsoft ACPI Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\ACPI.sys

---> TYPE = KERNEL_DRIVER

005) "ACPIEC"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

006) "adpu160m"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

007) "aec" - Microsoft Kernel Acoustic Echo Canceller

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\aec.sys

---> TYPE = KERNEL_DRIVER

008) "AFD" - AFD

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = \SystemRoot\System32\drivers\afd.sys

---> TYPE = KERNEL_DRIVER

009) "Aha154x"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

010) "aic78u2"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

011) "aic78xx"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

012) "AliIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

013) "AmdK8" - AMD-processordrivrutin

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\AmdK8.sys

---> TYPE = KERNEL_DRIVER

014) "amsint"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

015) "Arp1394" - 1394 ARP Client Protocol

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\arp1394.sys

---> TYPE = KERNEL_DRIVER

016) "asc"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

017) "asc3350p"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

018) "asc3550"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

019) "AsyncMac" - RAS Asynchronous Media Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\asyncmac.sys

---> TYPE = KERNEL_DRIVER

020) "atapi" - Standard IDE/ESDI Hard Disk Controller

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\atapi.sys

---> TYPE = KERNEL_DRIVER

021) "Atdisk"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

022) "Atmarpc" - ATM ARP Client Protocol

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\atmarpc.sys

---> TYPE = KERNEL_DRIVER

023) "audstub" - Audio Stub Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\audstub.sys

---> TYPE = KERNEL_DRIVER

024) "Beep"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

025) "catchme"

---> STAT = (RUNNING) Started manually

---> FILE = C:\DOCUME~1\ADAMEK~1\LOCALS~1\Temp\catchme.sys

---> TYPE = KERNEL_DRIVER

026) "cbidf2k"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

027) "cd20xrnt"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

028) "Cdaudio"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

029) "Cdfs"

---> STAT = (RUNNING) Disabled

---> TYPE = FILE_SYSTEM_DRIVER

030) "Cdrom" - CD-ROM Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\cdrom.sys

---> TYPE = KERNEL_DRIVER

031) "Changer"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

032) "CmdIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

033) "Cpqarray"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

034) "dac2w2k"

---> STAT = (RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

035) "dac960nt"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

036) "Disk" - Disk Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\disk.sys

---> TYPE = KERNEL_DRIVER

037) "dmboot"

---> STAT = (NOT RUNNING) Disabled

---> FILE = System32\drivers\dmboot.sys

---> TYPE = KERNEL_DRIVER

038) "dmio" - Logical Disk Manager Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = System32\drivers\dmio.sys

---> TYPE = KERNEL_DRIVER

039) "dmload"

---> STAT = (RUNNING) Started by operating system loader

---> FILE = System32\drivers\dmload.sys

---> TYPE = KERNEL_DRIVER

040) "DMusic" - Microsoft Kernel DLS Syntheiszer

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\DMusic.sys

---> TYPE = KERNEL_DRIVER

041) "dpti2o"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

042) "drmkaud" - Microsoft Kernel DRM Audio Descrambler

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\drmkaud.sys

---> TYPE = KERNEL_DRIVER

043) "dtscsi"

---> STAT = (RUNNING) Started manually

---> FILE = \SystemRoot\System32\Drivers\dtscsi.sys

---> TYPE = KERNEL_DRIVER

044) "eeCtrl" - Symantec Eraser Control driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

---> TYPE = KERNEL_DRIVER

045) "Fastfat"

---> STAT = (RUNNING) Disabled

---> TYPE = FILE_SYSTEM_DRIVER

046) "Fdc" - Floppy Disk Controller Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\fdc.sys

---> TYPE = KERNEL_DRIVER

047) "Fips"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

048) "Flpydisk" - Floppy Disk Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\flpydisk.sys

---> TYPE = KERNEL_DRIVER

049) "FltMgr" - FltMgr

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\fltMgr.sys

---> TYPE = FILE_SYSTEM_DRIVER

050) "Ftdisk" - Volume Manager Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\ftdisk.sys

---> TYPE = KERNEL_DRIVER

051) "Gpc" - Generic Packet Classifier

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\msgpc.sys

---> TYPE = KERNEL_DRIVER

052) "hamachi" - Hamachi Network Interface

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\hamachi.sys

---> TYPE = KERNEL_DRIVER

053) "Hardlock" - Hardlock

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\drivers\hardlock.sys

---> TYPE = KERNEL_DRIVER

054) "HDAudBus" - Microsoft UAA Bus Driver for High Definition Audio

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\HDAudBus.sys

---> TYPE = KERNEL_DRIVER

055) "hidusb" - Microsoft HID Class Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\hidusb.sys

---> TYPE = KERNEL_DRIVER

056) "hpn"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

057) "HTTP" - HTTP

---> STAT = (RUNNING) Started manually

---> FILE = System32\Drivers\HTTP.sys

---> TYPE = KERNEL_DRIVER

058) "i2omgmt"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

059) "i2omp"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

060) "i8042prt" - i8042 Keyboard and PS/2 Mouse Port Driver

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\i8042prt.sys

---> TYPE = KERNEL_DRIVER

061) "Imapi" - CD-Burning Filter Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\imapi.sys

---> TYPE = KERNEL_DRIVER

062) "ini910u"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

063) "int15.sys" - int15.sys

---> STAT = (RUNNING) Started manually

---> FILE = C:\Acer\Empowering Technology\eRecovery\int15.sys

---> TYPE = KERNEL_DRIVER

064) "IntcAzAudAddService" - Service for Realtek HD Audio (WDM)

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\RtkHDAud.sys

---> TYPE = KERNEL_DRIVER

065) "IntelIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

066) "Ip6Fw" - IPv6 Windows Firewall Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\Ip6Fw.sys

---> TYPE = KERNEL_DRIVER

067) "IpFilterDriver" - IP Traffic Filter Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\ipfltdrv.sys

---> TYPE = KERNEL_DRIVER

068) "IpInIp" - IP in IP Tunnel Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\ipinip.sys

---> TYPE = KERNEL_DRIVER

069) "IpNat" - IP Network Address Translator

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ipnat.sys

---> TYPE = KERNEL_DRIVER

070) "IPSec" - IPSEC driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\ipsec.sys

---> TYPE = KERNEL_DRIVER

071) "IRENUM" - IR Enumerator Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\irenum.sys

---> TYPE = KERNEL_DRIVER

072) "isapnp" - PnP ISA/EISA Bus Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\isapnp.sys

---> TYPE = KERNEL_DRIVER

073) "Kbdclass" - Keyboard Class Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\kbdclass.sys

---> TYPE = KERNEL_DRIVER

074) "kbdhid" - Keyboard HID Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\kbdhid.sys

---> TYPE = KERNEL_DRIVER

075) "kmixer" - Microsoft Kernel Wave Audio Mixer

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\kmixer.sys

---> TYPE = KERNEL_DRIVER

076) "KSecDD"

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

077) "lbrtfdc"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

078) "MHNDRV" - MHN driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\mhndrv.sys

---> TYPE = KERNEL_DRIVER

079) "mnmdd"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

080) "Modem"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

081) "Mouclass" - Mouse Class Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\mouclass.sys

---> TYPE = KERNEL_DRIVER

082) "mouhid" - Mouse HID Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\mouhid.sys

---> TYPE = KERNEL_DRIVER

083) "MountMgr"

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

084) "mraid35x"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

085) "MRVW245" - Linksys Wireless-N USB Network Adapter WUSB300N

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\MRVW245.sys

---> TYPE = KERNEL_DRIVER

086) "MRxDAV" - WebDav Client Redirector

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\mrxdav.sys

---> TYPE = FILE_SYSTEM_DRIVER

087) "MRxSmb" - MRXSMB

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\mrxsmb.sys

---> TYPE = FILE_SYSTEM_DRIVER

088) "Msfs"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = FILE_SYSTEM_DRIVER

089) "MSKSSRV" - Microsoft Streaming Service Proxy

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\MSKSSRV.sys

---> TYPE = KERNEL_DRIVER

090) "MSPCLOCK" - Microsoft Streaming Clock Proxy

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\MSPCLOCK.sys

---> TYPE = KERNEL_DRIVER

091) "MSPQM" - Microsoft Streaming Quality Manager Proxy

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\MSPQM.sys

---> TYPE = KERNEL_DRIVER

092) "mssmbios" - Microsoft System Management BIOS Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\mssmbios.sys

---> TYPE = KERNEL_DRIVER

093) "Mup" - Mup

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = FILE_SYSTEM_DRIVER

094) "NDIS" - NDIS System Driver

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

095) "NdisTapi" - Remote Access NDIS TAPI Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ndistapi.sys

---> TYPE = KERNEL_DRIVER

096) "Ndisuio" - NDIS Usermode I/O Protocol

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ndisuio.sys

---> TYPE = KERNEL_DRIVER

097) "NdisWan" - Remote Access NDIS WAN Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ndiswan.sys

---> TYPE = KERNEL_DRIVER

098) "NDProxy" - multi:NDIS Proxy\00\00

---> STAT = (RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

099) "NetBIOS" - NetBIOS Interface

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\netbios.sys

---> TYPE = FILE_SYSTEM_DRIVER

100) "NetBT" - NetBios over Tcpip

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\netbt.sys

---> TYPE = KERNEL_DRIVER

101) "NIC1394" - 1394 Net Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\nic1394.sys

---> TYPE = KERNEL_DRIVER

102) "Npfs"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = FILE_SYSTEM_DRIVER

103) "Ntfs"

---> STAT = (RUNNING) Disabled

---> TYPE = FILE_SYSTEM_DRIVER

104) "NTIDrvr" - Upper Class Filter Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\NTIDrvr.sys

---> TYPE = KERNEL_DRIVER

105) "Null"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

106) "nv"

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\nv4_mini.sys

---> TYPE = KERNEL_DRIVER

107) "nvatabus"

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\drivers\nvatabus.sys

---> TYPE = KERNEL_DRIVER

108) "nvraid" - NVIDIA nForce RAID Class Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\drivers\nvraid.sys

---> TYPE = KERNEL_DRIVER

109) "NwlnkFlt" - IPX Traffic Filter Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\nwlnkflt.sys

---> TYPE = KERNEL_DRIVER

110) "NwlnkFwd" - IPX Traffic Forwarder Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\nwlnkfwd.sys

---> TYPE = KERNEL_DRIVER

111) "ohci1394" - Texas Instruments OHCI Compliant IEEE 1394 Host Controller

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\ohci1394.sys

---> TYPE = KERNEL_DRIVER

112) "Parport" - Parallel port driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\parport.sys

---> TYPE = KERNEL_DRIVER

113) "PartMgr"

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

114) "ParVdm"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

115) "PCI" - PCI Bus Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\pci.sys

---> TYPE = KERNEL_DRIVER

116) "PCIDump"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

117) "PCIIde"

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\pciide.sys

---> TYPE = KERNEL_DRIVER

118) "Pcmcia"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

119) "PDCOMP"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

120) "PDFRAME"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

121) "PDRELI"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

122) "PDRFRAME"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

123) "perc2"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

124) "perc2hib"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

125) "Point32" - Microsoft IntelliPoint Filter Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\point32.sys

---> TYPE = KERNEL_DRIVER

126) "PptpMiniport" - WAN Miniport (PPTP)

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\raspptp.sys

---> TYPE = KERNEL_DRIVER

127) "Processor" - Processor Driver

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\processr.sys

---> TYPE = KERNEL_DRIVER

128) "PSched" - QoS Packet Scheduler

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\psched.sys

---> TYPE = KERNEL_DRIVER

129) "psdfilter" - psdfilter

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\Drivers\psdfilter.sys

---> TYPE = KERNEL_DRIVER

130) "psdvdisk" - psdvdisk

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\Drivers\psdvdisk.sys

---> TYPE = KERNEL_DRIVER

131) "Ptilink" - Direct Parallel Link Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ptilink.sys

---> TYPE = KERNEL_DRIVER

132) "PxHelp20" - PxHelp20

---> STAT = (RUNNING) Started by operating system loader

---> FILE = System32\Drivers\PxHelp20.sys

---> TYPE = KERNEL_DRIVER

133) "ql1080"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

134) "Ql10wnt"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

135) "ql12160"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

136) "ql1240"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

137) "ql1280"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

138) "RasAcd" - Remote Access Auto Connection Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\rasacd.sys

---> TYPE = KERNEL_DRIVER

139) "Rasl2tp" - WAN Miniport (L2TP)

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\rasl2tp.sys

---> TYPE = KERNEL_DRIVER

140) "RasPppoe" - Remote Access PPPOE Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\raspppoe.sys

---> TYPE = KERNEL_DRIVER

141) "Raspti" - Direct Parallel

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\raspti.sys

---> TYPE = KERNEL_DRIVER

142) "Rdbss" - Rdbss

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\rdbss.sys

---> TYPE = FILE_SYSTEM_DRIVER

143) "RDPCDD"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = System32\DRIVERS\RDPCDD.sys

---> TYPE = KERNEL_DRIVER

144) "rdpdr" - Terminal Server Device Redirector Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\rdpdr.sys

---> TYPE = KERNEL_DRIVER

145) "RDPWD"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

146) "redbook" - Digital CD Audio Playback Filter Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\redbook.sys

---> TYPE = KERNEL_DRIVER

147) "RTLWUSB" - NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\wg111v2.sys

---> TYPE = KERNEL_DRIVER

148) "SASDIFSV" - SASDIFSV

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

---> TYPE = KERNEL_DRIVER

149) "SASENUM" - SASENUM

---> STAT = (RUNNING) Started manually

---> FILE = C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

---> TYPE = KERNEL_DRIVER

150) "SASKUTIL" - SASKUTIL

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

---> TYPE = KERNEL_DRIVER

151) "Secdrv" - Secdrv

---> STAT = (RUNNING) Started automatically

---> FILE = system32\DRIVERS\secdrv.sys

---> TYPE = KERNEL_DRIVER

152) "serenum" - Serenum Filter Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\serenum.sys

---> TYPE = KERNEL_DRIVER

153) "Serial" - Serial port driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\serial.sys

---> TYPE = KERNEL_DRIVER

154) "Sfloppy"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

155) "Simbad"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

156) "Sparrow"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

157) "splitter" - Microsoft Kernel Audio Splitter

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\splitter.sys

---> TYPE = KERNEL_DRIVER

158) "sptd"

---> STAT = (RUNNING) Started by operating system loader

---> FILE = System32\Drivers\sptd.sys

---> TYPE = KERNEL_DRIVER

159) "sr" - System Restore Filter Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\sr.sys

---> TYPE = FILE_SYSTEM_DRIVER

160) "Srv" - Srv

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\srv.sys

---> TYPE = FILE_SYSTEM_DRIVER

161) "StillCam" - Still Serial Digital Camera Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\serscan.sys

---> TYPE = KERNEL_DRIVER

162) "swenum" - Software Bus Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\swenum.sys

---> TYPE = KERNEL_DRIVER

163) "swmidi" - Microsoft Kernel GS Wavetable Synthesizer

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\swmidi.sys

---> TYPE = KERNEL_DRIVER

164) "symc810"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

165) "symc8xx"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

166) "symlcbrd" - symlcbrd

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\drivers\symlcbrd.sys

---> TYPE = KERNEL_DRIVER

167) "sym_hi"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

168) "sym_u3"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

169) "sysaudio" - Microsoft Kernel System Audio Device

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\sysaudio.sys

---> TYPE = KERNEL_DRIVER

170) "Tcpip" - TCP/IP Protocol Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\tcpip.sys

---> TYPE = KERNEL_DRIVER

171) "TDPIPE"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

172) "TDTCP"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

173) "TermDD" - Terminal Device Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\termdd.sys

---> TYPE = KERNEL_DRIVER

174) "TosIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

175) "UBHelper"

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

176) "Udfs"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = FILE_SYSTEM_DRIVER

177) "ultra"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

178) "Update" - Microcode Update Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\update.sys

---> TYPE = KERNEL_DRIVER

179) "usbccgp" - Microsoft USB Generic Parent Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\usbccgp.sys

---> TYPE = KERNEL_DRIVER

180) "usbehci" - Microsoft USB 2.0 Enhanced Host Controller Miniport Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\usbehci.sys

---> TYPE = KERNEL_DRIVER

181) "usbhub" - USB2 Enabled Hub

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\usbhub.sys

---> TYPE = KERNEL_DRIVER

182) "usbohci" - Microsoft USB Open Host Controller Miniport Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\usbohci.sys

---> TYPE = KERNEL_DRIVER

183) "USBSTOR" - USB Mass Storage Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\USBSTOR.SYS

---> TYPE = KERNEL_DRIVER

184) "VgaSave"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = \SystemRoot\System32\drivers\vga.sys

---> TYPE = KERNEL_DRIVER

185) "ViaIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

186) "VolSnap"

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

187) "Wanarp" - Remote Access IP ARP Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\wanarp.sys

---> TYPE = KERNEL_DRIVER

188) "WDICA"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

189) "wdmaud" - Microsoft WINMM WDM Audio Compatibility Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\wdmaud.sys

---> TYPE = KERNEL_DRIVER

190) "WudfPf" - Windows Driver Foundation - User-mode Driver Framework Platform Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\WudfPf.sys

---> TYPE = KERNEL_DRIVER

191) "WudfRd" - Windows Driver Foundation - User-mode Driver Framework Reflector

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\wudfrd.sys

---> TYPE = KERNEL_DRIVER

192) "yukonwxp" - NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\yk51x86.sys

---> TYPE = KERNEL_DRIVER

193) "ZD1211BU(ZyDAS)" - ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\zd1211Bu.sys

---> TYPE = KERNEL_DRIVER

194) "ZD1211U(ZyDAS)" - ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\zd1211u.sys

---> TYPE = KERNEL_DRIVER

195) "ZDPSp50" - ZDPSp50 NDIS Protocol Driver

---> STAT = (RUNNING) Started manually

---> FILE = System32\Drivers\ZDPSp50.sys

---> TYPE = KERNEL_DRIVER

-----HKLM\system\currentcontrolset\services-----

000) "AcerMemUsageCheckService" - Memory Check Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

---> TYPE = OWN_SERVICE

001) "Adobe LM Service" - Adobe LM Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe---> TYPE = OWN_SERVICE

002) "Alerter" - Alerter

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

003) "ALG" - Application Layer Gateway Service

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\alg.exe

---> TYPE = OWN_SERVICE

004) "AppMgmt" - Application Management

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

005) "aspnet_state" - ASP.NET State Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

---> TYPE = OWN_SERVICE

006) "AudioSrv" - Windows Audio

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

007) "Autodesk Licensing Service" - Autodesk Licensing Service

---> STAT = (RUNNING) Started automatically

---> FILE = \C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe---> TYPE = OWN_SERVICE

008) "Automatic LiveUpdate Scheduler" - Automatic LiveUpdate Scheduler

---> STAT = (RUNNING) Started automatically

---> FILE = \C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe---> TYPE = OWN_SERVICE

009) "AutoSyncService" - Memeo AutoSync

---> STAT = (NOT RUNNING) Disabled

---> FILE = \C:\Program Files\Memeo\AutoSync\MemeoService.exe---> TYPE = OWN_SERVICE

010) "BITS" - Background Intelligent Transfer Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

011) "Bonjour Service" - ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##

---> STAT = (RUNNING) Started automatically

---> FILE = \C:\Program Files\Bonjour\mDNSResponder.exe---> TYPE = OWN_SERVICE

012) "Browser" - Computer Browser

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

013) "CiSvc" - Indexing Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\cisvc.exe

---> TYPE = SHARE_SERVICE

014) "ClipSrv" - ClipBook

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\clipsrv.exe

---> TYPE = OWN_SERVICE

015) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

---> TYPE = OWN_SERVICE

016) "CLTNetCnService" - Symantec Lic NetConnect service

---> STAT = (NOT RUNNING) Started automatically

---> FILE = \C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe\ /h ccCommon

---> TYPE = SHARE_SERVICE

017) "COMSysApp" - COM+ System Application

---> STAT = (NOT RUNNING) Started manually

---> TYPE = OWN_SERVICE

018) "CryptSvc" - Cryptographic Services

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

019) "DcomLaunch" - DCOM Server Process Launcher

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

---> TYPE = SHARE_SERVICE

020) "Dhcp" - DHCP Client

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

021) "dmadmin" - Logical Disk Manager Administrative Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

---> TYPE = SHARE_SERVICE

022) "dmserver" - Logical Disk Manager

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

023) "Dnscache" - DNS Client

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService

---> TYPE = SHARE_SERVICE

024) "ehRecvr" - Media Center Receiver Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\eHome\ehRecvr.exe

---> TYPE = OWN_SERVICE

025) "ehSched" - Media Center Scheduler Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\eHome\ehSched.exe

---> TYPE = OWN_SERVICE

026) "ERSvc" - Error Reporting Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

027) "Eventlog" - Event Log

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\services.exe

---> TYPE = SHARE_SERVICE

028) "EventSystem" - COM+ Event System

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

029) "FastUserSwitchingCompatibility" - Fast User Switching Compatibility

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

030) "Fax" - Fax

---> STAT = (NOT RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\fxssvc.exe

---> TYPE = OWN_SERVICE

[/log]

19 augusti, 2008

del 5

[log]031) "FLEXnet Licensing Service" - FLEXnet Licensing Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe---> TYPE = OWN_SERVICE

032) "helpsvc" - Help and Support

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

033) "HidServ" - HID Input Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

034) "HTTPFilter" - HTTP SSL

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

---> TYPE = SHARE_SERVICE

035) "IDriverT" - InstallDriver Table Manager

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe---> TYPE = OWN_SERVICE

036) "ImapiService" - IMAPI CD-Burning COM Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\imapi.exe

---> TYPE = OWN_SERVICE

037) "lanmanserver" - Server

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

038) "lanmanworkstation" - Workstation

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

039) "LightScribeService" - LightScribeService Direct Disc Labeling Service

---> STAT = (RUNNING) Started automatically

---> FILE = \c:\Program Files\Common Files\LightScribe\LSSrvc.exe---> TYPE = OWN_SERVICE

040) "LiveUpdate" - LiveUpdate

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE---> TYPE = OWN_SERVICE

041) "LiveUpdate Notice Ex" - LiveUpdate Notice Service Ex

---> STAT = (NOT RUNNING) Started automatically

---> FILE = \C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe\ /h ccCommon

---> TYPE = SHARE_SERVICE

042) "LiveUpdate Notice Service" - LiveUpdate Notice Service

---> STAT = (RUNNING) Started automatically

---> FILE = \C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe\ /m \C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll---> TYPE = OWN_SERVICE

043) "LmHosts" - TCP/IP NetBIOS Helper

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

044) "McrdSvc" - Media Center Extender Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\ehome\mcrdsvc.exe

---> TYPE = OWN_SERVICE

045) "MDM" - Machine Debug Manager

---> STAT = (NOT RUNNING) Started automatically

---> TYPE = OWN_SERVICE

046) "Messenger" - Messenger

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

047) "MHN" - MHN

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

048) "mi-raysat_3dsmax9_32" - mental ray 3.5 Satellite (32-bit)

---> STAT = (NOT RUNNING) Started automatically

---> TYPE = OWN_SERVICE

049) "mnmsrvc" - NetMeeting Remote Desktop Sharing

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\mnmsrvc.exe

---> TYPE = OWN_SERVICE

050) "MSDTC" - Distributed Transaction Coordinator

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\msdtc.exe

---> TYPE = OWN_SERVICE

051) "MSIServer" - Windows Installer

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\msiexec.exe /V

---> TYPE = SHARE_SERVICE

052) "MSSQL$SONY_MEDIAMGR" - MSSQL$SONY_MEDIAMGR

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR

---> TYPE = OWN_SERVICE

053) "MSSQLServerADHelper" - MSSQLServerADHelper

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

---> TYPE = OWN_SERVICE

054) "NetDDE" - Network DDE

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\netdde.exe

---> TYPE = SHARE_SERVICE

055) "NetDDEdsdm" - Network DDE DSDM

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\netdde.exe

---> TYPE = SHARE_SERVICE

056) "Netlogon" - Net Logon

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

057) "Netman" - Network Connections

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

058) "Nla" - Network Location Awareness (NLA)

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

059) "NtLmSsp" - NT LM Security Support Provider

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

060) "NtmsSvc" - Removable Storage

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

061) "NVSvc" - NVIDIA Display Driver Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\nvsvc32.exe

---> TYPE = OWN_SERVICE

062) "ose" - Office Source Engine

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE---> TYPE = OWN_SERVICE

063) "PlugPlay" - Plug and Play

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\services.exe

---> TYPE = SHARE_SERVICE

064) "Pml Driver HPZ12" - Pml Driver HPZ12

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\HPZipm12.exe

---> TYPE = OWN_SERVICE

065) "PolicyAgent" - IPSEC Services

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

066) "ProtectedStorage" - Protected Storage

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

067) "RasAuto" - Remote Access Auto Connection Manager

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

068) "RasMan" - Remote Access Connection Manager

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

069) "RDSessMgr" - Remote Desktop Help Session Manager

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\sessmgr.exe

---> TYPE = OWN_SERVICE

070) "RemoteAccess" - Routing and Remote Access

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

071) "RemoteRegistry" - Remote Registry

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

072) "RpcLocator" - Remote Procedure Call (RPC) Locator

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\locator.exe

---> TYPE = OWN_SERVICE

073) "RpcSs" - Remote Procedure Call (RPC)

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost -k rpcss

---> TYPE = SHARE_SERVICE

074) "RSVP" - QoS RSVP

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\rsvp.exe

---> TYPE = OWN_SERVICE

075) "SamSs" - Security Accounts Manager

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

076) "SCardSvr" - Smart Card

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\SCardSvr.exe

---> TYPE = SHARE_SERVICE

077) "Schedule" - Task Scheduler

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

078) "seclogon" - Secondary Logon

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

079) "SENS" - System Event Notification

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

080) "SharedAccess" - Windows Firewall/Internet Connection Sharing (ICS)

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

081) "ShellHWDetection" - Shell Hardware Detection

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

082) "SolidWorks Licensing Service" - SolidWorks Licensing Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe---> TYPE = OWN_SERVICE

083) "Spooler" - Print Spooler

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\spoolsv.exe

---> TYPE = OWN_SERVICE

084) "SQLAgent$SONY_MEDIAMGR" - SQLAgent$SONY_MEDIAMGR

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR

---> TYPE = OWN_SERVICE

085) "srservice" - System Restore Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

086) "SSDPSRV" - SSDP Discovery Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = OWN_SERVICE

087) "stisvc" - Windows Image Acquisition (WIA)

---> STAT = (NOT RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc

---> TYPE = SHARE_SERVICE

088) "SwPrv" - MS Software Shadow Copy Provider

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{4E439ED1-CA06-47F3-94EC-B3989802029D}

---> TYPE = OWN_SERVICE

089) "Symantec Core LC" - Symantec Core LC

---> STAT = (RUNNING) Started automatically

---> FILE = \C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe---> TYPE = OWN_SERVICE

090) "SysmonLog" - Performance Logs and Alerts

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\smlogsvc.exe

---> TYPE = OWN_SERVICE

091) "TapiSrv" - Telephony

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

092) "TermService" - Terminal Services

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

---> TYPE = SHARE_SERVICE

093) "Themes" - Themes

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

094) "TlntSvr" - Telnet

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\tlntsvr.exe

---> TYPE = OWN_SERVICE

095) "TrkWks" - Distributed Link Tracking Client

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

096) "upnphost" - Universal Plug and Play Device Host

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

097) "UPS" - Uninterruptible Power Supply

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\ups.exe

---> TYPE = OWN_SERVICE

098) "usnjsvc" - Messenger Sharing Folders USN Journal Reader Service

---> STAT = (NOT RUNNING) Started manually

---> TYPE = OWN_SERVICE

099) "VSS" - Volume Shadow Copy

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\vssvc.exe

---> TYPE = OWN_SERVICE

100) "W32Time" - Windows Time

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

101) "WebClient" - WebClient

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

102) "winmgmt" - Windows Management Instrumentation

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

103) "Winsock"

---> STAT = (RUNNING) Started manually

---> TYPE = ADAPTER

104) "WLSetupSvc" - Windows Live Setup Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program Files\Windows Live\installer\WLSetupSvc.exe---> TYPE = OWN_SERVICE

105) "WmdmPmSN" - Portable Media Serial Number Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

106) "Wmi" - Windows Management Instrumentation Driver Extensions

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

107) "WmiApSrv" - WMI Performance Adapter

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe

---> TYPE = OWN_SERVICE

108) "WMPNetworkSvc" - Windows Media Player Network Sharing Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program Files\Windows Media Player\WMPNetwk.exe---> TYPE = OWN_SERVICE

109) "wscsvc" - Security Center

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

110) "wuauserv" - Automatiska uppdateringar

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

111) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

---> TYPE = SHARE_SERVICE

112) "WUSB300NSvc" - WUSB300NSvc

---> STAT = (RUNNING) Started automatically

---> FILE = \C:\Program Files\Linksys\WUSB300N\WLService.exe\ \WUSB300N.exe---> TYPE = OWN_SERVICE

113) "WZCSVC" - Wireless Zero Configuration

---> STAT = (NOT RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

114) "xmlprov" - Network Provisioning Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

===================== LOADED MODULES =====================

*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan

Already known legit dlls are not shown

------------------------------------------------------------------------------

System pid: 4

Command line: <no command line>

------------------------------------------------------------------------------

smss.exe pid: 808

Command line: \SystemRoot\System32\smss.exe

Base Size Version Path

0x48580000 0xf000 \SystemRoot\System32\smss.exe

------------------------------------------------------------------------------

csrss.exe pid: 860

Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path

0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe

0x75b40000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll

0x75b50000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll

0x75b60000 0x4b000 5.01.2600.3103 C:\WINDOWS\system32\winsrv.dll

0x629c0000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\LPK.DLL

0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll

------------------------------------------------------------------------------

winlogon.exe pid: 888

Command line: winlogon.exe

Base Size Version Path

0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe

0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x629c0000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\LPK.DLL

0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll

0x10000000 0x39000 C:\WINDOWS\system32\nvrsul32.dll

0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

0x755c0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime

0x01880000 0x49000 1.00.0000.1046 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

0x00cb0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x78000000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll

*** Loaded C:\WINDOWS\system32\__c00675A2.dat differs from file image:

*** File timestamp: Thu Jan 01 01:00:00 1970

*** Loaded image timestamp: Sat Aug 16 12:40:06 2008

*** 0x013a0000 0xa96e 1.00.0000.0001 C:\WINDOWS\system32\__c00675A2.dat

0x76f20000 0x27000 5.01.2600.3394 C:\WINDOWS\system32\DNSAPI.dll

0x722b0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll

0x71a50000 0x3f000 5.01.2600.3394 C:\WINDOWS\System32\mswsock.dll

0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll

0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

0x76980000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll

0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x75e60000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll

0x16080000 0x19000 1.00.0003.0001 C:\Program Files\Bonjour\mdnsNSP.dll

0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll

0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll

0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll

0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll

0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll

0x73080000 0x1c000 5.01.2600.0000 C:\WINDOWS\system32\rsvpsp.dll

------------------------------------------------------------------------------

services.exe pid: 944

Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path

0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe

0x758e0000 0x50000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll

0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x7dba0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll

0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll

0x47260000 0xf000 5.01.2600.3008 C:\WINDOWS\AppPatch\AcAdProc.dll

0x629c0000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\LPK.DLL

0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll

0x77b70000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll

------------------------------------------------------------------------------

lsass.exe pid: 956

Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path

0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe

0x75730000 0xb4000 5.01.2600.3249 C:\WINDOWS\system32\LSASRV.dll

0x767a0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll

0x76f20000 0x27000 5.01.2600.3394 C:\WINDOWS\system32\DNSAPI.dll

0x74440000 0x6a000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll

0x76790000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll

0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll

0x629c0000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\LPK.DLL

0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll

0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

0x71e50000 0x15000 6.00.0000.7755 C:\WINDOWS\system32\msapsspc.dll

0x78080000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\MSVCRT40.dll

0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll

0x71cf0000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll

0x744b0000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll

0x767c0000 0x2c000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll

0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x767f0000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll

0x74380000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll

0x74410000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll

0x743e0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll

0x776c0000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x75d90000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL

0x74370000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL

0x743a0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll

0x743c0000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll

0x71a50000 0x3f000 5.01.2600.3394 C:\WINDOWS\system32\mswsock.dll

0x662b0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll

0x71a90000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll

------------------------------------------------------------------------------

svchost.exe pid: 1120

Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path

0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe

0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll

0x629c0000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\LPK.DLL

0x74d90000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll

0x773d0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------

svchost.exe pid: 1236

Command line: C:\WINDOWS\system32\svchost -k rpcss