Virus Problems

by: jvuzPosted on 2007-09-21 at 01:03:18ID: 19933932

Fix the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll

by: jvuzPosted on 2007-09-21 at 01:05:31ID: 19933944

Also do a scan with www.superantispyware.com

by: DMDzPosted on 2007-09-21 at 01:35:26ID: 19934051

Sorry, wrong logfile; this is the proper one (winxp 64):

***Hijackthis log removed by rpggamergirl, Zone Advisor***

by: DMDzPosted on 2007-09-21 at 01:38:50ID: 19934061

Dont know why that clipped; here we go again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:19 PM, on 9/21/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe
C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN
E:\Mr riyadh\Mr riyadh.exe
E:\water-front\water-front.exe
E:\water-front\water-front.exe
C:\PROGRA~2\Google\GOOGLE~1\SketchUp.exe
E:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe SCVHOST.exe
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar2.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SCVHOST.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189954857000
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (64-bit) (mi-raysat_3dsmax9_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 5857 bytes

by: rpggamergirlPosted on 2007-09-21 at 01:47:33ID: 19934078

Variant of IRCBot is showing in your logfile.

Run SDFix.
Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* Open the extracted folder and double click "RunThis.bat" to start the script.
* Type "Y" to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back

Post a fresh hijackthis log afterwards please.

by: rpggamergirlPosted on 2007-09-21 at 01:49:38ID: 19934085

@ jvuz,
I know this entry is from a wrong hijackthis log, but the entry below is actually legit, that's the user's autologin.

O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll

by: rpggamergirlPosted on 2007-09-21 at 02:07:37ID: 19934124

Fix this 07 entry before running SDFix:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

And also these below,
F2 - REG:system.ini: Shell=Explorer.exe SCVHOST.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SCVHOST.exe

Can you show us the SDFix log also?

And if problem persists afterwards; run combofix and show us the log.
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

by: DMDzPosted on 2007-09-21 at 03:51:39ID: 19934451

The document name you requested (/RemovalTools/SDFix.zip) could not be found on this server. However, we found documents with names similar to the one you requested.
Available documents:

/RemovalTools/SDFix.exe (common basename)

The .exe file does not have any Y option?

by: rpggamergirlPosted on 2007-09-21 at 04:52:40ID: 19934756

Yeah, I just saw it doesn't have that option now,
download the /RemovalTools/SDFix.exe (common basename)
it will then install in the C:\ and then reboot to Safe mode(it will only run in safe mode) and since there's no "Y" option, just press Enter/OK button on your keyboard.

by: DMDzPosted on 2007-09-22 at 09:49:10ID: 19941974

Hey Guys, tried to run SDFix in safemode but the screen just appears and dissapears again. Ive run Avast and its remove a few bits and pieces, although I still cant press ctrl+alt+del, and any flashdisk I put in seems to be messed with (whenever I put in another computer, the "open with" dialogue box comes up, as if its not recognized as a drive).

Attached logfiles from SDfix and new hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:19 PM, on 9/21/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe
C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN
E:\Mr riyadh\Mr riyadh.exe
E:\water-front\water-front.exe
E:\water-front\water-front.exe
C:\PROGRA~2\Google\GOOGLE~1\SketchUp.exe
E:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe SCVHOST.exe
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar2.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SCVHOST.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189954857000
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (64-bit) (mi-raysat_3dsmax9_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 5857 bytes

System Report
*************

Run on Sat 09/22/2007 at 08:51 PM

Microsoft Windows [Version 5.2.3790]

Runtime error 204 at 0x004043AE
0x004043AE
0x004026A4
0x004011C6
0x0040142C
0x00402665

Running Processes:

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [832]
C:\Program Files\Alwil Software\Avast4\ashServ.exe [888]
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [1280]
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe [1432]
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2012]
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [120]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2380]
C:\WINDOWS\SysWOW64\ctfmon.exe [2396]
C:\Program Files\Messenger\msmsgs.exe [2408]
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe [2488]
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN [2496]
C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe [2540]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2712]
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe [1740]

Files Created/Modified 2007:

C:\

09/22/2007 08:47 PM 2,145,386,496 pagefile.sys
09/16/2007 10:47 PM 297,072 ntldr
09/15/2007 10:54 PM 197 csb.log
09/15/2007 10:30 PM 0 CONFIG.SYS
09/15/2007 10:30 PM 0 IO.SYS
09/15/2007 10:30 PM 0 MSDOS.SYS
09/15/2007 10:30 PM 0 AUTOEXEC.BAT
09/15/2007 10:24 PM 213 boot.ini

C:\WINDOWS\

09/22/2007 08:47 PM 0 0.log
09/22/2007 08:47 PM 600,650 WindowsUpdate.log
09/22/2007 08:47 PM 2,048 bootstat.dat
09/22/2007 08:43 PM 217,926 ntbtlog.txt
09/21/2007 12:43 PM 671,291 setupapi.log
09/19/2007 09:37 AM 15,476 PFRO.log
09/19/2007 06:48 AM 119,470 DirectX.log
09/18/2007 11:16 PM 22,336 gdrv.sys
09/17/2007 04:03 PM 378 wmsetup10.log
09/17/2007 04:03 PM 2,892 wmsetup.log
09/17/2007 12:24 AM 108,565 FaxSetup.log
09/17/2007 12:24 AM 35,327 ntdtcsetup.log
09/17/2007 12:24 AM 81,142 iis6.log
09/17/2007 12:24 AM 56,242 comsetup.log
09/17/2007 12:24 AM 49,757 tsoc.log
09/17/2007 12:24 AM 970 imsins.log
09/17/2007 12:24 AM 7,088 ocmsn.log
09/17/2007 12:24 AM 45,311 ocgen.log
09/17/2007 12:24 AM 6,403 msgsocm.log
09/17/2007 12:24 AM 59,260 msmqinst.log
09/16/2007 11:33 PM 27,231 spupdsvc.log
09/16/2007 11:30 PM 970 imsins.BAK
09/16/2007 11:30 PM 78,415 KB936021.log
09/16/2007 11:30 PM 124,136 updspapi.log
09/16/2007 11:30 PM 87,876 KB933360.log
09/16/2007 11:30 PM 77,559 KB938127.log
09/16/2007 11:29 PM 77,284 KB936782.log
09/16/2007 11:29 PM 77,433 KB921503.log
09/16/2007 11:29 PM 76,950 KB932596.log
09/16/2007 11:29 PM 76,445 KB936357.log
09/16/2007 11:29 PM 79,558 KB925398.log
09/16/2007 11:29 PM 76,521 KB935839.log
09/16/2007 11:29 PM 75,566 KB935840.log
09/16/2007 11:29 PM 75,152 KB929123.log
09/16/2007 11:29 PM 76,019 KB933566.log
09/16/2007 11:29 PM 71,254 KB924667-v2.log
09/16/2007 11:29 PM 73,893 KB927891.log
09/16/2007 11:29 PM 73,155 KB932168.log
09/16/2007 11:29 PM 15,155 ie7_main.log
09/16/2007 11:29 PM 77,530 ie7.log
09/16/2007 11:28 PM 12,029 IDNMitigationAPIs.log
09/16/2007 11:28 PM 11,348 NLSDownlevelMapping.log
09/16/2007 11:28 PM 659 KB914783.log
09/16/2007 11:26 PM 10,191 KB931261.log
09/16/2007 11:26 PM 9,471 KB930178.log
09/16/2007 11:26 PM 9,995 KB925902.log
09/16/2007 10:55 PM 1,672 OEWABLog.txt
09/16/2007 10:55 PM 1,484 DtcInstall.log
09/16/2007 10:49 PM 386,400 svcpack.log
09/16/2007 10:49 PM 373 cmsetacl.log
09/16/2007 06:20 PM 805,431 setuplog.txt
09/16/2007 06:20 PM 8,192 REGLOCS.OLD
09/16/2007 02:21 AM 1,134 regopt.log
09/16/2007 02:21 AM 150 system.ini
09/16/2007 12:43 AM 706 DIFx.log
09/15/2007 10:33 PM 189,714 setupact.log
09/15/2007 10:33 PM 258 setuperr.log
09/15/2007 10:30 PM 0 control.ini
09/15/2007 10:30 PM 401 win.ini
09/15/2007 10:30 PM 316,640 WMSysPr9.prx
09/15/2007 10:30 PM 4,161 ODBCINST.INI
09/15/2007 10:29 PM 749 WindowsShell.Manifest
09/15/2007 10:27 PM 849 sessmgr.setup.log
09/15/2007 10:27 PM 36 vb.ini
09/15/2007 10:27 PM 37 vbaddin.ini
02/18/2007 10:59 AM 224,768 regedit.exe
02/18/2007 10:46 AM 1,099,264 adfs.msp
02/17/2007 12:55 AM 38,400 splwow64.exe
02/17/2007 12:28 AM 12,288 hh.exe
02/17/2007 12:20 AM 1,364,480 explorer.exe

C:\WINDOWS\system32\

09/22/2007 08:47 PM 13,646 wpa.dbl
09/22/2007 01:00 AM 469,616 perfh009.dat
09/22/2007 01:00 AM 82,326 perfc009.dat
09/22/2007 01:00 AM 562,890 PerfStringBackup.INI
09/19/2007 09:37 AM 237,552 FNTCACHE.DAT
09/17/2007 04:44 PM 8 nvModes.dat
09/17/2007 01:51 PM 127,254 nvapps.xml
09/16/2007 11:30 PM 129,078 TZLog.log
09/16/2007 06:20 PM 13,646 wpa.bak
09/16/2007 02:24 AM 0 h323log.txt
09/15/2007 10:33 PM 861 $winnt$.inf
09/15/2007 10:28 PM 749 nwc.cpl.manifest
09/15/2007 10:28 PM 749 ncpa.cpl.manifest
09/15/2007 10:28 PM 749 cdplayer.exe.manifest
09/15/2007 10:28 PM 749 wuaucpl.cpl.manifest
09/15/2007 10:28 PM 749 sapi.cpl.manifest
09/15/2007 10:27 PM 22,588 emptyregdb.dat
09/06/2007 02:00 PM 95,608 AvastSS.scr
07/30/2007 07:20 PM 18,264 wuaucpl.cpl.mui
07/30/2007 07:20 PM 18,264 wuapi.dll.mui
07/30/2007 07:19 PM 2,164,568 wuaueng.dll
07/30/2007 07:19 PM 665,944 wuapi.dll
07/30/2007 07:19 PM 360,792 wucltui.dll
07/30/2007 07:19 PM 225,112 wuaucpl.cpl
07/30/2007 07:19 PM 121,688 wuweb.dll
07/30/2007 07:19 PM 100,696 cdm.dll
07/30/2007 07:19 PM 55,128 wuauclt.exe
07/30/2007 07:19 PM 43,352 wups2.dll
07/30/2007 07:18 PM 34,648 wups.dll
07/30/2007 07:18 PM 24,920 wucltui.dll.mui
07/30/2007 07:18 PM 19,800 wuaueng.dll.mui
07/17/2007 04:48 PM 84,992 tzchange.exe
06/29/2007 02:11 AM 372,736 NVUNINST.EXE
06/29/2007 12:43 AM 403,456 nvcpl.cpl
06/29/2007 12:43 AM 40,960 nvcpl32.exe
06/29/2007 12:43 AM 174,080 nvcolor.exe
06/29/2007 12:43 AM 1,064,448 nvcpluir.dll
06/29/2007 12:43 AM 17,463 nvdisp.nvu
06/29/2007 12:43 AM 44,032 nvcodins.dll
06/29/2007 12:43 AM 6,539,264 nvdisps.dll
06/29/2007 12:43 AM 5,445,632 nvdispsr.dll
06/29/2007 12:43 AM 381,952 nvexpbar.dll
06/29/2007 12:43 AM 44,032 nvcod.dll
06/29/2007 12:43 AM 476,160 nvappbar.exe
06/29/2007 12:43 AM 515,072 nvapi64.dll
06/29/2007 12:43 AM 4,940,800 nvgames.dll
06/29/2007 12:43 AM 1,679,360 nwiz.exe
06/29/2007 12:43 AM 8,148,736 nv4_disp.dll
06/29/2007 12:43 AM 2,405,376 nvwssr.dll
06/29/2007 12:43 AM 3,062,784 nvgamesr.dll
06/29/2007 12:43 AM 2,835,456 nvwss.dll
06/29/2007 12:43 AM 1,010,176 nvwimg64.dll
06/29/2007 12:43 AM 1,251,328 nview64.dll
06/29/2007 12:43 AM 1,802,240 nvwdmcpl.dll
06/29/2007 12:43 AM 425,984 keystone.exe
06/29/2007 12:43 AM 80,384 nvwddi64.dll
06/29/2007 12:43 AM 3,590,656 nvvitvsr.dll
06/29/2007 12:43 AM 4,030,976 nvvitvs.dll
06/29/2007 12:43 AM 2,065,920 nvcplui.exe
06/29/2007 12:43 AM 372,736 nvudisp.exe
06/29/2007 12:43 AM 1,018,772 nvucode.bin
06/29/2007 12:43 AM 59,392 nvtuicpl.cpl
06/29/2007 12:43 AM 153,088 nvsvc64.exe
06/29/2007 12:43 AM 395,776 nvshell.dll
06/29/2007 12:43 AM 9,688,064 nvoglnt.dll
06/29/2007 12:43 AM 293,376 nvnt4cpl.dll
06/29/2007 12:43 AM 10,685,440 nvcpl.dll
06/29/2007 12:43 AM 2,846,208 nvmoblsr.dll
06/29/2007 12:43 AM 1,505,280 nvmobls.dll
06/29/2007 12:43 AM 74,752 nvmctray.dll
06/29/2007 12:43 AM 448,512 nvmccssr.dll
06/29/2007 12:43 AM 283,136 nvmccss.dll
06/29/2007 12:43 AM 35,328 nvmccsrs.dll
06/29/2007 12:43 AM 258,560 nvmccs.dll
06/25/2007 03:41 AM 25,904 spupdsvc.exe
06/13/2007 01:29 PM 1,121,280 oleaut32.dll
05/31/2007 01:32 PM 15,152 spmsg.dll
05/31/2007 01:26 PM 2,125,312 msxml3.dll
05/03/2007 01:46 PM 2,438,144 shdocvw.dll
05/03/2007 10:23 AM 1,179,136 inetcomm.dll
04/25/2007 02:45 PM 253,952 schannel.dll
04/18/2007 10:27 AM 1,503,744 kernel32.dll
03/23/2007 08:35 PM 4,491,264 msi.dll
03/23/2007 02:10 AM 4,568,576 ntoskrnl.exe
03/21/2007 08:18 AM 454,144 w03a2409.dll
03/21/2007 12:05 AM 512,512 winsrv.dll
03/02/2007 01:54 AM 4,530,176 win32k.sys
03/02/2007 01:54 AM 619,520 gdi32.dll
03/02/2007 01:54 AM 95,744 mf3216.dll
03/02/2007 01:54 AM 1,086,464 user32.dll
02/18/2007 11:03 AM 94,720 vdsutil.dll
02/18/2007 11:03 AM 29,696 vdsldr.exe
02/18/2007 11:03 AM 456,704 vdsdyndr.dll
02/18/2007 11:03 AM 254,976 vdsbas.dll
02/18/2007 11:03 AM 613,376 vds.exe
02/18/2007 11:03 AM 41,472 vds_ps.dll
02/18/2007 11:02 AM 103,936 telnet.exe
02/18/2007 11:01 AM 1,204,224 storagemgmt.dll
02/18/2007 11:00 AM 179,577 schema.ini
02/18/2007 10:58 AM 72,704 pidgen.dll
02/18/2007 10:58 AM 55,296 ntsd.exe
02/18/2007 10:57 AM 1,254,400 ntdll.dll
02/18/2007 10:55 AM 90,112 mmcshext.dll
02/18/2007 10:55 AM 55,296 mmcperf.exe
02/18/2007 10:55 AM 3,963,392 mmcndmgr.dll
02/18/2007 10:55 AM 397,312 mmcex.dll
02/18/2007 10:55 AM 106,496 mmcfxcommon.dll
02/18/2007 10:55 AM 3,177,984 mmc.exe
02/18/2007 10:55 AM 282,112 mmcbase.dll
02/18/2007 10:54 AM 184,320 microsoft.managementconsole.dll
02/18/2007 10:53 AM 58,880 imagehlp.dll
02/18/2007 10:52 AM 578,560 diskraid.exe
02/18/2007 10:51 AM 1,643,520 dbgeng.dll
02/18/2007 10:50 AM 220,160 cic.dll
02/18/2007 10:50 AM 141,824 cabinet.dll
02/18/2007 10:50 AM 55 pid.inf
02/18/2007 10:50 AM 800,256 autofmt.exe
02/18/2007 10:50 AM 817,664 autochk.exe
02/18/2007 10:41 AM 98,304 fsmsnap.dll
02/18/2007 10:41 AM 36,864 srmlib.dll
02/18/2007 10:41 AM 155,648 microsoft.storage.vds.dll
02/18/2007 10:41 AM 720,896 dfsobjectmodel.dll
02/18/2007 10:41 AM 2,949,120 dfsmgmt.dll
02/18/2007 10:41 AM 229,376 cfscommonuifx.dll
02/17/2007 11:39 PM 336,728 sccbase.dll
02/17/2007 11:39 PM 592,728 slbcsp.dll
02/17/2007 11:39 PM 306,008 rsaenh.dll
02/17/2007 11:39 PM 236,888 dssenh.dll
02/17/2007 01:49 AM 1,079,808 mstscax.dll
02/17/2007 01:49 AM 481,280 mstsc.exe
02/17/2007 01:05 AM 460,288 zipfldr.dll
02/17/2007 01:05 AM 2,899,456 xpsp2res.dll
02/17/2007 01:05 AM 10,752 xolehlp.dll
02/17/2007 01:05 AM 326,144 xmlprov.dll
02/17/2007 01:05 AM 440,320 xpob2res.dll
02/17/2007 01:05 AM 137,728 xactsrv.dll
02/17/2007 01:05 AM 223,744 xmllite.dll
02/17/2007 01:05 AM 659,968 wzcsvc.dll
02/17/2007 01:05 AM 947,712 wzcdlg.dll
02/17/2007 01:05 AM 51,712 wzcsapi.dll
02/17/2007 01:05 AM 29,696 wtsapi32.dll
02/17/2007 01:05 AM 401,920 wssbrand.dll
02/17/2007 01:04 AM 69,120 wsnmp32.dll
02/17/2007 01:04 AM 29,696 wshtcpip.dll
02/17/2007 01:04 AM 22,528 wship6.dll
02/17/2007 01:04 AM 124,416 wshom.ocx
02/17/2007 01:04 AM 81,920 wshext.dll
02/17/2007 01:04 AM 960,512 wsecedit.dll
02/17/2007 01:04 AM 247,296 wscui.cpl
02/17/2007 01:04 AM 152,576 wscript.exe
02/17/2007 01:04 AM 178,688 ws2_32.dll
02/17/2007 01:04 AM 74,752 wscsvc.dll
02/17/2007 01:04 AM 813,056 ws03res.dll
02/17/2007 01:04 AM 286,720 wow64win.dll
02/17/2007 01:04 AM 250,368 wow64.dll
02/17/2007 01:03 AM 147,968 wmpshell.dll
02/17/2007 01:03 AM 313,344 wlsnp.dll
02/17/2007 01:03 AM 47,104 wlstore.dll
02/17/2007 01:03 AM 152,064 wlnotify.dll
02/17/2007 01:03 AM 399,872 wldap32.dll
02/17/2007 01:03 AM 226,304 wkssvc.dll
02/17/2007 01:03 AM 521,216 wlanmon.dll
02/17/2007 01:03 AM 304,640 wintrust.dll
02/17/2007 01:03 AM 91,136 winsta.dll
02/17/2007 01:03 AM 252,928 winspool.drv
02/17/2007 01:03 AM 235,008 winscard.dll
02/17/2007 01:03 AM 30,720 winrnr.dll
02/17/2007 01:02 AM 310,784 winmm.dll
02/17/2007 01:02 AM 944,128 winlogon.exe
02/17/2007 01:02 AM 53,760 winipsec.dll
02/17/2007 01:02 AM 171,008 win32spl.dll
02/17/2007 01:02 AM 248,832 wiavusd.dll
02/17/2007 01:02 AM 184,832 wiavideo.dll
02/17/2007 01:02 AM 792,064 wiashext.dll
02/17/2007 01:02 AM 73,216 wiasf.ax
02/17/2007 01:02 AM 549,888 wiaservc.dll
02/17/2007 01:02 AM 58,368 wiarpc.dll
02/17/2007 01:02 AM 169,472 wiadss.dll
02/17/2007 01:02 AM 712,704 wiaacmgr.exe
02/17/2007 01:02 AM 658,944 wiadefui.dll
02/17/2007 01:02 AM 246,272 webvw.dll
02/17/2007 01:02 AM 110,080 webclnt.dll
02/17/2007 01:02 AM 134,144 wdigest.dll
02/17/2007 01:01 AM 300,032 wavemsp.dll
02/17/2007 01:01 AM 407,552 w32time.dll
02/17/2007 01:01 AM 2,062,336 vssvc.exe
02/17/2007 01:01 AM 1,320,960 vssapi.dll
02/17/2007 01:01 AM 25,600 vss_ps.dll
02/17/2007 01:01 AM 245,248 vssadmin.exe
02/17/2007 01:01 AM 40,448 verclsid.exe
02/17/2007 01:01 AM 506,368 uxtheme.dll
02/17/2007 01:01 AM 64,000 utilman.exe
02/17/2007 01:00 AM 37,888 utildll.dll
02/17/2007 01:00 AM 543,744 usp10.dll
02/17/2007 01:00 AM 39,424 userinit.exe
02/17/2007 01:00 AM 1,071,104 userenv.dll
02/17/2007 01:00 AM 29,184 usbmon.dll
02/17/2007 01:00 AM 221,184 upnp.dll
02/17/2007 01:00 AM 467,968 untfs.dll
02/17/2007 01:00 AM 18,944 uniplat.dll
02/17/2007 01:00 AM 309,248 unimdm.tsp
02/17/2007 01:00 AM 101,376 unimdmat.dll
02/17/2007 01:00 AM 209,920 umpnpmgr.dll
02/17/2007 01:00 AM 351,232 ulib.dll
02/17/2007 01:00 AM 48,128 umandlg.dll
02/17/2007 01:00 AM 180,224 txflog.dll
02/17/2007 01:00 AM 112,640 twext.dll
02/17/2007 01:00 AM 169,472 tscfgwmi.dll
02/17/2007 01:00 AM 105,472 tsappcmp.dll
02/17/2007 01:00 AM 181,760 trkwks.dll
02/17/2007 01:00 AM 496,128 tracerpt.exe
02/17/2007 12:59 AM 113,152 tlntsvr.exe
02/17/2007 12:59 AM 125,440 tlntsess.exe
02/17/2007 12:59 AM 200,704 thawbrkr.dll
02/17/2007 12:59 AM 120,832 timedate.cpl
02/17/2007 12:59 AM 544,256 themeui.dll
02/17/2007 12:59 AM 364,032 termsrv.dll
02/17/2007 12:59 AM 603,648 termmgr.dll
02/17/2007 12:59 AM 92,672 tcpmon.dll
02/17/2007 12:59 AM 25,600 tcpmib.dll
02/17/2007 12:59 AM 63,488 tcpmonui.dll
02/17/2007 12:59 AM 237,056 taskmgr.exe
02/17/2007 12:59 AM 137,728 taskkill.exe
02/17/2007 12:59 AM 407,552 tapisrv.dll
02/17/2007 12:59 AM 340,480 tapi32.dll
02/17/2007 12:59 AM 1,169,920 tapi3.dll
02/17/2007 12:59 AM 208,896 t2embed.dll
02/17/2007 12:59 AM 1,298,944 syssetup.dll
02/17/2007 12:59 AM 401,920 sysmon.ocx
02/17/2007 12:59 AM 362,496 sysdm.cpl
02/17/2007 12:59 AM 1,977,856 sxs.dll
02/17/2007 12:59 AM 656,896 swprv.dll
02/17/2007 12:59 AM 25,600 svchost.exe
02/17/2007 12:57 AM 145,920 stobject.dll
02/17/2007 12:57 AM 167,936 sti_ci.dll
02/17/2007 12:57 AM 171,008 sti.dll
02/17/2007 12:57 AM 101,888 stclient.dll
02/17/2007 12:57 AM 16,896 stdole2.tlb
02/17/2007 12:56 AM 123,392 ssdpsrv.dll
02/17/2007 12:56 AM 160,256 srvsvc.dll
02/17/2007 12:56 AM 310,784 srrstr.dll
02/17/2007 12:56 AM 231,424 srsvc.dll
02/17/2007 12:56 AM 93,184 srclient.dll
02/17/2007 12:56 AM 671,744 sqlsrv32.dll
02/17/2007 12:55 AM 110,080 spoolsv.exe
02/17/2007 12:55 AM 167,936 spoolss.dll
02/17/2007 12:55 AM 23,550 sorttbls.nls
02/17/2007 12:55 AM 320,512 snmpsnap.dll
02/17/2007 12:55 AM 75,264 smss.exe
02/17/2007 12:55 AM 133,120 smlogsvc.exe
02/17/2007 12:55 AM 728,576 smlogcfg.dll
02/17/2007 12:55 AM 159,744 slbiop.dll
02/17/2007 12:55 AM 30,720 slayerxp.dll
02/17/2007 12:55 AM 142,848 shrpubw.exe
02/17/2007 12:55 AM 26,112 sisbkup.dll
02/17/2007 12:55 AM 198,656 shsvcs.dll
02/17/2007 12:55 AM 43,008 shutdown.exe
02/17/2007 12:55 AM 67,072 shmedia.dll
02/17/2007 12:55 AM 621,568 shlwapi.dll
02/17/2007 12:55 AM 633,856 shimgvw.dll
02/17/2007 12:55 AM 59,392 shimeng.dll
02/17/2007 12:55 AM 94,720 shgina.dll
02/17/2007 12:55 AM 10,505,728 shell32.dll
02/17/2007 12:54 AM 187,904 sfc_os.dll
02/17/2007 12:54 AM 2,323,968 sfcfiles.dll
02/17/2007 12:54 AM 1,524,224 setupapi.dll
02/17/2007 12:54 AM 42,496 sethc.exe
02/17/2007 12:54 AM 212,480 sessmgr.exe
02/17/2007 12:54 AM 86,016 servdeps.dll
02/17/2007 12:54 AM 10,752 sensapi.dll
02/17/2007 12:54 AM 65,024 sens.dll
02/17/2007 12:54 AM 224,256 services.exe
02/17/2007 12:54 AM 65,536 sendmail.dll
02/17/2007 12:54 AM 41,472 sendcmsg.dll
02/17/2007 12:54 AM 28,160 seclogon.dll
02/17/2007 12:54 AM 122,880 secur32.dll
02/17/2007 12:54 AM 44,544 sdbinst.exe
02/17/2007 12:54 AM 269,312 scrrun.dll
02/17/2007 12:54 AM 278,016 scrobj.dll
02/17/2007 12:54 AM 39,424 scredir.dll
02/17/2007 12:54 AM 315,392 schedsvc.dll
02/17/2007 12:54 AM 315,392 scecli.dll
02/17/2007 12:54 AM 271,872 sccsccp.dll
02/17/2007 12:54 AM 609,280 scesrv.dll
02/17/2007 12:53 AM 166,400 scardsvr.exe
02/17/2007 12:53 AM 1,059,328 samsrv.dll
02/17/2007 12:53 AM 71,168 samlib.dll
02/17/2007 12:53 AM 27,648 runonce.exe
02/17/2007 12:52 AM 171,008 rtm.dll
02/17/2007 12:52 AM 103,424 rsopprov.exe
02/17/2007 12:52 AM 32,768 rsmsink.exe
02/17/2007 12:52 AM 60,928 rshx32.dll
02/17/2007 12:52 AM 18,432 rsh.exe
02/17/2007 12:51 AM 838,656 rpcss.dll
02/17/2007 12:51 AM 1,653,248 rpcrt4.dll
02/17/2007 12:51 AM 1,160,192 riched20.dll
02/17/2007 12:51 AM 16,896 rexec.exe
02/17/2007 12:51 AM 155,648 regsvc.dll
02/17/2007 12:51 AM 122,880 reg.exe
02/17/2007 12:51 AM 111,104 regapi.dll
02/17/2007 12:51 AM 174,216 rdpwsx.dll
02/17/2007 12:51 AM 101,376 rdpclip.exe
02/17/2007 12:51 AM 221,696 rdchost.dll
02/17/2007 12:51 AM 197,632 rcbdyctl.dll
02/17/2007 12:51 AM 34,816 rasrad.dll
02/17/2007 12:51 AM 244,224 rastls.dll
02/17/2007 12:51 AM 85,504 rastapi.dll
02/17/2007 12:51 AM 304,128 rasppp.dll
02/17/2007 12:51 AM 325,632 rasmontr.dll
02/17/2007 12:51 AM 287,744 rasmans.dll
02/17/2007 12:51 AM 71,680 rasphone.exe
02/17/2007 12:51 AM 97,792 rasman.dll
02/17/2007 12:51 AM 880,128 rasdlg.dll
02/17/2007 12:51 AM 19,456 rasdial.exe
02/17/2007 12:51 AM 419,840 rasapi32.dll
02/17/2007 12:51 AM 144,384 raschap.dll
02/17/2007 12:51 AM 121,856 rasauto.dll
02/17/2007 12:51 AM 12,288 rasadhlp.dll
02/17/2007 12:51 AM 2,684,416 query.dll
02/17/2007 12:50 AM 2,189,824 quartz.dll
02/17/2007 12:50 AM 706,560 qmgr.dll
02/17/2007 12:50 AM 24,576 qmgrprxy.dll
02/17/2007 12:50 AM 848,896 qedit.dll
02/17/2007 12:50 AM 472,064 qdvd.dll
02/17/2007 12:50 AM 274,432 qdv.dll
02/17/2007 12:50 AM 83,968 qasf.dll
02/17/2007 12:50 AM 252,416 qcap.dll
02/17/2007 12:50 AM 36,864 pstorsvc.dll
02/17/2007 12:50 AM 49,152 pstorec.dll
02/17/2007 12:50 AM 29,696 psapi.dll
02/17/2007 12:50 AM 126,976 psbase.dll
02/17/2007 12:50 AM 71,680 proquota.exe
02/17/2007 12:50 AM 110,080 progman.exe
02/17/2007 12:50 AM 36,864 profmap.dll
02/17/2007 12:50 AM 950,272 printui.dll
02/17/2007 12:44 AM 97,280 powercfg.exe
02/17/2007 12:44 AM 262,144 polstore.dll
02/17/2007 12:44 AM 247,808 photowiz.dll
02/17/2007 12:44 AM 52,224 perfctrs.dll
02/17/2007 12:44 AM 16,896 perfts.dll
02/17/2007 12:44 AM 24,064 perfnet.dll
02/17/2007 12:44 AM 32,256 perfos.dll
02/17/2007 12:44 AM 43,008 perfproc.dll
02/17/2007 12:44 AM 576,512 pdh.dll
02/17/2007 12:44 AM 35,328 perfdisk.dll
02/17/2007 12:44 AM 113,664 pautoenr.dll
02/17/2007 12:44 AM 282,624 osk.exe
02/17/2007 12:42 AM 1,150,976 opengl32.dll
02/17/2007 12:42 AM 155,648 oleprn.dll
02/17/2007 12:42 AM 193,024 oledlg.dll
02/17/2007 12:42 AM 56,832 olecnv32.dll
02/17/2007 12:42 AM 131,584 olecli32.dll
02/17/2007 12:42 AM 383,488 oleacc.dll
02/17/2007 12:42 AM 2,622,976 ole32.dll
02/17/2007 12:41 AM 339,968 offfilt.dll
02/17/2007 12:41 AM 204,800 odbctrac.dll
02/17/2007 12:41 AM 147,456 odbccp32.dll
02/17/2007 12:41 AM 196,608 odbcconf.dll
02/17/2007 12:41 AM 36,864 odbcad32.exe
02/17/2007 12:41 AM 417,792 odbc32.dll
02/17/2007 12:41 AM 32,768 odbcbcp.dll
02/17/2007 12:41 AM 98,816 ocmanage.dll
02/17/2007 12:41 AM 394,240 oakley.dll
02/17/2007 12:41 AM 277,504 nusrmgr.cpl
02/17/2007 12:41 AM 191,488 nwprovau.dll
02/17/2007 12:41 AM 188,416 ntshrui.dll
02/17/2007 12:41 AM 158,720 ntprint.dll
02/17/2007 12:41 AM 794,112 ntmssvc.dll
02/17/2007 12:41 AM 934,400 ntmsmgr.dll
02/17/2007 12:41 AM 358,400 ntmsdba.dll
02/17/2007 12:41 AM 227,840 ntmarta.dll
02/17/2007 12:41 AM 73,728 ntlanman.dll
02/17/2007 12:41 AM 92,672 ntmsapi.dll
02/17/2007 12:41 AM 44,544 ntdsbcli.dll
02/17/2007 12:41 AM 130,560 ntdsapi.dll
02/17/2007 12:40 AM 6,307,840 ntds.dit
02/17/2007 12:40 AM 1,966,592 ntbackup.exe
02/17/2007 12:40 AM 113,664 nslookup.exe
02/17/2007 12:40 AM 587,776 nshipsec.dll
02/17/2007 12:40 AM 183,296 nlhtml.dll
02/17/2007 12:40 AM 284,160 newdev.dll
02/17/2007 12:40 AM 555,008 netui2.dll
02/17/2007 12:40 AM 47,616 netstat.exe
02/17/2007 12:40 AM 2,438,656 netshell.dll
02/17/2007 12:40 AM 69,120 netset03.exe
02/17/2007 12:40 AM 115,200 netsh.exe
02/17/2007 12:40 AM 961,024 netplwiz.dll
02/17/2007 12:40 AM 465,408 netman.dll
02/17/2007 12:40 AM 681,472 netlogon.dll
02/17/2007 12:40 AM 160,768 netdde.exe
02/17/2007 12:40 AM 244,736 netid.dll
02/17/2007 12:40 AM 1,354,752 netcfgx.dll
02/17/2007 12:40 AM 603,136 netapi32.dll
02/17/2007 12:39 AM 219,648 net1.exe
02/17/2007 12:39 AM 25,600 nddenb32.dll
02/17/2007 12:39 AM 25,600 nddeapi.dll
02/17/2007 12:39 AM 59,904 ncpa.cpl
02/17/2007 12:39 AM 79,360 ncobjapi.dll
02/17/2007 12:39 AM 65,024 narrator.exe
02/17/2007 12:39 AM 175,104 mtxoci.dll
02/17/2007 12:39 AM 5,632 mtxex.dll
02/17/2007 12:39 AM 103,424 mydocs.dll
02/17/2007 12:39 AM 145,408 mtxclu.dll
02/17/2007 12:39 AM 30,208 mtxdm.dll
02/17/2007 12:39 AM 492,032 mswsock.dll
02/17/2007 12:39 AM 2,660,352 msvidctl.dll
02/17/2007 12:39 AM 259,072 msv1_0.dll
02/17/2007 12:39 AM 520,192 msvcrt.dll
02/17/2007 12:39 AM 340,992 msutb.dll
02/17/2007 12:39 AM 192,512 mstlsapi.dll
02/17/2007 12:39 AM 420,352 mstask.dll
02/17/2007 12:39 AM 36,352 mspmsnsv.dll
02/17/2007 12:39 AM 163,328 msoert2.dll
02/17/2007 12:39 AM 357,888 msoeacct.dll
02/17/2007 12:39 AM 36,864 mslbui.dll
02/17/2007 12:39 AM 389,632 msimtf.dll
02/17/2007 12:39 AM 460,800 msihnd.dll
02/17/2007 12:38 AM 165,376 msiexec.exe
02/17/2007 12:38 AM 377,856 msieftp.dll
02/17/2007 12:38 AM 1,193,472 msgina.dll
02/17/2007 12:38 AM 57,344 msgsvc.dll
02/17/2007 12:38 AM 995,840 msftedit.dll
02/17/2007 12:38 AM 290,816 msdtcuiu.dll
02/17/2007 12:38 AM 2,089,984 msdtctm.dll
02/17/2007 12:38 AM 833,536 msdtcprx.dll
02/17/2007 12:38 AM 142,848 msdtclog.dll
02/17/2007 12:38 AM 6,656 msdtc.exe
02/17/2007 12:38 AM 163,840 msdart.dll
02/17/2007 12:38 AM 361,472 msctfime.ime
02/17/2007 12:38 AM 632,320 msctf.dll
02/17/2007 12:37 AM 174,592 mscms.dll
02/17/2007 12:37 AM 156,160 msasn1.dll
02/17/2007 12:37 AM 114,688 msacm32.dll
02/17/2007 12:37 AM 95,744 mqupgrd.dll
02/17/2007 12:37 AM 422,912 mqutil.dll
02/17/2007 12:37 AM 180,224 mqtgsvc.exe
02/17/2007 12:37 AM 281,088 mqtrig.dll
02/17/2007 12:37 AM 8,192 mqsvc.exe
02/17/2007 12:37 AM 945,664 mqsnap.dll
02/17/2007 12:37 AM 209,408 mqrtdep.dll
02/17/2007 12:37 AM 259,584 mqsec.dll
02/17/2007 12:37 AM 1,724,416 mqqm.dll
02/17/2007 12:37 AM 314,880 mqrt.dll
02/17/2007 12:37 AM 19,456 mqperf.dll
02/17/2007 12:37 AM 43,008 mqise.dll
02/17/2007 12:37 AM 127,488 mqlogmgr.dll
02/17/2007 12:37 AM 363,008 mqoa.dll
02/17/2007 12:37 AM 73,216 mqgentr.dll
02/17/2007 12:37 AM 76,288 mqdscli.dll
02/17/2007 12:37 AM 47,616 mqbkup.exe
02/17/2007 12:37 AM 13,824 mqcertui.dll
02/17/2007 12:37 AM 372,736 mqad.dll
02/17/2007 12:37 AM 91,648 mprdim.dll
02/17/2007 12:37 AM 117,760 mpr.dll
02/17/2007 12:37 AM 116,224 mprddm.dll
02/17/2007 12:37 AM 158,208 mprapi.dll
02/17/2007 12:37 AM 118,784 mpeg2data.ax
02/17/2007 12:37 AM 189,440 mplay32.exe
02/17/2007 12:37 AM 272,384 mpg2splt.ax
02/17/2007 12:37 AM 260,608 mobsync.dll
02/17/2007 12:37 AM 190,976 mobsync.exe
02/17/2007 12:37 AM 766,976 mmsys.cpl
02/17/2007 12:36 AM 702,464 mlang.dll
02/17/2007 12:36 AM 45,056 mimefilt.dll
02/17/2007 12:36 AM 108,032 miglibnt.dll
02/17/2007 12:36 AM 49,664 mfcsubs.dll
02/17/2007 12:36 AM 23,040 mgmtapi.dll
02/17/2007 12:36 AM 1,460,992 mfc42u.dll
02/17/2007 12:36 AM 1,462,272 mfc42.dll
02/17/2007 12:36 AM 141,312 mdminst.dll
02/17/2007 12:36 AM 19,968 mcd32.dll
02/17/2007 12:36 AM 50,688 mciqtz32.dll
02/17/2007 12:36 AM 208,896 main.cpl
02/17/2007 12:36 AM 102,912 magnify.exe
02/17/2007 12:36 AM 1,566,720 lsasrv.dll
02/17/2007 12:36 AM 35,840 lpk.dll
02/17/2007 12:35 AM 704,512 logon.scr
02/17/2007 12:35 AM 662,016 logonui.exe
02/17/2007 12:35 AM 750,080 localspl.dll
02/17/2007 12:35 AM 549,376 localsec.dll
02/17/2007 12:35 AM 662,528 lmrt.dll
02/17/2007 12:35 AM 262,846 locale.nls
02/17/2007 12:35 AM 33,792 lmhsvc.dll
02/17/2007 12:35 AM 31,744 linkinfo.dll
02/17/2007 12:35 AM 93,184 licwmi.dll
02/17/2007 12:35 AM 757,760 licdll.dll
02/17/2007 12:34 AM 722,944 kerberos.dll
02/17/2007 12:34 AM 7,168 kbdpash.dll
02/17/2007 12:34 AM 7,680 kbdbhc.dll
02/17/2007 12:34 AM 8,192 kbdukx.dll
02/17/2007 12:34 AM 6,656 kbdmaori.dll
02/17/2007 12:34 AM 7,680 kbdmlt48.dll
02/17/2007 12:34 AM 7,680 kbdiultn.dll
02/17/2007 12:34 AM 7,168 kbdnepr.dll
02/17/2007 12:34 AM 8,192 kbdfi1.dll
02/17/2007 12:34 AM 8,704 kbdsmsfi.dll
02/17/2007 12:34 AM 7,680 kbdmlt47.dll
02/17/2007 12:34 AM 8,192 kbdno1.dll
02/17/2007 12:34 AM 8,704 kbdsmsno.dll
02/17/2007 12:32 AM 68,096 joy.cpl
02/17/2007 12:32 AM 612,352 jet500.dll
02/17/2007 12:32 AM 84,480 ixsso.dll
02/17/2007 12:32 AM 264,192 itircl.dll
02/17/2007 12:32 AM 213,504 itss.dll
02/17/2007 12:31 AM 98,816 isign32.dll
02/17/2007 12:31 AM 394,752 irprops.cpl
02/17/2007 12:31 AM 755,200 ipsmsnap.dll
02/17/2007 12:31 AM 370,176 ipsecsvc.dll
02/17/2007 12:31 AM 616,960 ipsecsnp.dll
02/17/2007 12:31 AM 551,424 ipnathlp.dll
02/17/2007 12:31 AM 402,944 ippromon.dll
02/17/2007 12:31 AM 182,784 iphlpapi.dll
02/17/2007 12:30 AM 85,504 ipconfig.exe
02/17/2007 12:30 AM 134,656 initpki.dll
02/17/2007 12:30 AM 152,064 inetpp.dll
02/17/2007 12:30 AM 212,992 imm32.dll
02/17/2007 12:30 AM 265,728 imapi.exe
02/17/2007 12:30 AM 123,392 ifsutil.dll
02/17/2007 12:29 AM 175,616 ifmon.dll
02/17/2007 12:29 AM 202,240 idq.dll
02/17/2007 12:29 AM 50,688 icacls.exe
02/17/2007 12:29 AM 292,352 icm32.dll
02/17/2007 12:28 AM 393,216 iassdo.dll
02/17/2007 12:28 AM 91,136 iassvcs.dll
02/17/2007 12:28 AM 212,992 iassam.dll
02/17/2007 12:28 AM 123,904 iasnap.dll
02/17/2007 12:28 AM 552,448 hypertrm.dll
02/17/2007 12:28 AM 37,376 httpapi.dll
02/17/2007 12:28 AM 392,192 hnetwiz.dll
02/17/2007 12:28 AM 581,632 hnetcfg.dll
02/17/2007 12:28 AM 156,160 hlink.dll
02/17/2007 12:28 AM 79,872 hhsetup.dll
02/17/2007 12:28 AM 33,792 hid.dll
02/17/2007 12:28 AM 859,136 hhctrl.ocx
02/17/2007 12:24 AM 61,440 hbaapi.dll
02/17/2007 12:24 AM 279,040 hal.dll
02/17/2007 12:24 AM 956,416 h323msp.dll
02/17/2007 12:24 AM 434,176 h323.tsp
02/17/2007 12:24 AM 63,488 grpconv.exe
02/17/2007 12:24 AM 327,168 gptext.dll
02/17/2007 12:24 AM 206,848 gpresult.exe
02/17/2007 12:24 AM 733,696 gpedit.dll
02/17/2007 12:24 AM 206,848 glu32.dll
02/17/2007 12:22 AM 94,208 gcdef.dll
02/17/2007 12:22 AM 114,176 fwcfg.dll
02/17/2007 12:22 AM 83,968 fsutil.exe
02/17/2007 12:22 AM 65,536 ftp.exe
02/17/2007 12:22 AM 124,928 fsusd.dll
02/17/2007 12:22 AM 62,976 fsmmsg.dll
02/17/2007 12:21 AM 135,680 fontsub.dll
02/17/2007 12:21 AM 28,672 fmifs.dll
02/17/2007 12:21 AM 511,488 fontext.dll
02/17/2007 12:21 AM 137,728 firewall.cpl
02/17/2007 12:21 AM 101,888 fldrclnr.dll
02/17/2007 12:20 AM 114,176 fdeploy.dll
02/17/2007 12:20 AM 190,464 fde.dll
02/17/2007 12:20 AM 176,128 eventtriggers.exe
02/17/2007 12:20 AM 46,080 eventcls.dll
02/17/2007 12:20 AM 130,560 eventlog.dll
02/17/2007 12:20 AM 350,208 eudcedit.exe
02/17/2007 12:20 AM 2,367,488 esent.dll
02/17/2007 12:18 AM 365,568 es.dll
02/17/2007 12:18 AM 334,336 els.dll
02/17/2007 12:18 AM 2,031,616 dxdiagn.dll
02/17/2007 12:18 AM 455,680 duser.dll
02/17/2007 12:18 AM 556,544 dwwin.exe
02/17/2007 12:18 AM 149,504 dsuiext.dll
02/17/2007 12:18 AM 311,808 dsquery.dll
02/17/2007 12:18 AM 218,112 dsprop.dll
02/17/2007 12:18 AM 651,264 dsound.dll
02/17/2007 12:17 AM 151,552 dskquota.dll
02/17/2007 12:17 AM 246,272 dskquoui.dll
02/17/2007 12:17 AM 43,008 dsauth.dll
02/17/2007 12:17 AM 77,312 drwtsn32.exe
02/17/2007 12:17 AM 121,856 driverquery.exe
02/17/2007 12:17 AM 214,016 dpvvox.dll
02/17/2007 12:17 AM 115,712 dpvsetup.exe
02/17/2007 12:17 AM 34,816 dpvacm.dll
02/17/2007 12:17 AM 29,184 dpnsvr.exe
02/17/2007 12:17 AM 313,856 dpvoice.dll
02/17/2007 12:17 AM 94,720 dpnhupnp.dll
02/17/2007 12:17 AM 5,120 dpnhpast.dll
02/17/2007 12:17 AM 3,584 dpnlobby.dll
02/17/2007 12:17 AM 638,464 dpnet.dll
02/17/2007 12:17 AM 3,584 dpnaddr.dll
02/17/2007 12:17 AM 80,384 dnsrslvr.dll
02/17/2007 12:17 AM 81,920 docprop2.dll
02/17/2007 12:17 AM 305,664 dnsapi.dll
02/17/2007 12:17 AM 176,128 dmvdsitf.dll
02/17/2007 12:17 AM 37,376 dmserver.dll
02/17/2007 12:17 AM 358,400 dmdskmgr.dll
02/17/2007 12:17 AM 439,808 dmdlgs.dll
02/17/2007 12:17 AM 558,592 dmconfig.dll
02/17/2007 12:17 AM 399,872 dmadmin.exe
02/17/2007 12:17 AM 6,656 dllhost.exe
02/17/2007 12:17 AM 16,896 dispex.dll
02/17/2007 12:17 AM 263,680 diskpart.exe
02/17/2007 12:17 AM 6,656 dllhst3g.exe
02/17/2007 12:17 AM 1,507,840 diskcopy.dll
02/17/2007 12:17 AM 243,200 dinput.dll
02/17/2007 12:17 AM 64,512 dimsroam.dll
02/17/2007 12:17 AM 28,672 dimsntfy.dll
02/17/2007 12:17 AM 97,792 digest.dll
02/17/2007 12:17 AM 501,248 diactfrm.dll
02/17/2007 12:17 AM 475,136 dhcpmon.dll
02/17/2007 12:16 AM 225,792 dhcpcsvc.dll
02/17/2007 12:16 AM 165,888 dfrgntfs.exe
02/17/2007 12:16 AM 190,976 dfrgui.dll
02/17/2007 12:16 AM 52,736 dfrgsnap.dll
02/17/2007 12:16 AM 117,760 dfrgfat.exe
02/17/2007 12:16 AM 116,736 dfrgifc.exe
02/17/2007 12:16 AM 466,432 devmgr.dll
02/17/2007 12:16 AM 87,552 devenum.dll
02/17/2007 12:16 AM 25,088 deskperf.dll
02/17/2007 12:16 AM 148,480 desk.cpl
02/17/2007 12:16 AM 35,840 defrag.exe
02/17/2007 12:10 AM 139,264 dbnetlib.dll
02/17/2007 12:10 AM 36,864 dbnmpntw.dll
02/17/2007 12:10 AM 40,448 davclnt.dll
02/17/2007 12:10 AM 277,504 datime.dll
02/17/2007 12:10 AM 1,989,120 danim.dll
02/17/2007 12:10 AM 2,098,176 d3d9.dll
02/17/2007 12:10 AM 451,584 cscui.dll
02/17/2007 12:10 AM 130,560 cscript.exe
02/17/2007 12:10 AM 155,136 cscdll.dll
02/17/2007 12:09 AM 722,432 cryptui.dll
02/17/2007 12:09 AM 111,104 cryptnet.dll
02/17/2007 12:09 AM 116,736 cryptsvc.dll
02/17/2007 12:09 AM 48,128 cryptdll.dll
02/17/2007 12:09 AM 1,429,504 crypt32.dll
02/17/2007 12:09 AM 71,680 cryptext.dll
02/17/2007 12:09 AM 206,848 credui.dll
02/17/2007 12:09 AM 51,712 corpol.dll
02/17/2007 12:09 AM 519,168 confmsp.dll
02/17/2007 12:09 AM 1,478,144 comuid.dll
02/17/2007 12:09 AM 2,234,880 comsvcs.dll
02/17/2007 12:09 AM 798,208 comres.dll
02/17/2007 12:09 AM 188,928 comrepl.dll
02/17/2007 12:09 AM 401,408 compatui.dll
02/17/2007 12:09 AM 457,728 comdlg32.dll
02/17/2007 12:09 AM 957,440 comctl32.dll
02/17/2007 12:09 AM 97,280 colbact.dll
02/17/2007 12:09 AM 49,664 comaddin.dll
02/17/2007 12:09 AM 320,512 cmprops.dll
02/17/2007 12:09 AM 550,912 cmd.exe
02/17/2007 12:09 AM 470,528 cmdial32.dll
02/17/2007 12:08 AM 130,048 clusapi.dll
02/17/2007 12:08 AM 74,752 cleanmgr.exe
02/17/2007 12:08 AM 883,200 clbcatq.dll
02/17/2007 12:08 AM 176,640 clbcatex.dll
02/17/2007 12:08 AM 116,736 ciodm.dll
02/17/2007 12:08 AM 70,144 cipher.exe
02/17/2007 12:08 AM 243,712 ciadmin.dll
02/17/2007 12:06 AM 30,208 chkdsk.exe
02/17/2007 12:05 AM 752,640 certmgr.dll
02/17/2007 12:05 AM 380,416 certcli.dll
02/17/2007 12:05 AM 2,636,288 cdosys.dll
02/17/2007 12:05 AM 220,672 cdfview.dll
02/17/2007 12:05 AM 1,085,440 catsrvut.dll
02/17/2007 12:05 AM 79,872 camocx.dll
02/17/2007 12:05 AM 26,624 catsrvps.dll
02/17/2007 12:05 AM 421,376 catsrv.dll
02/17/2007 12:05 AM 34,304 cacls.exe
02/17/2007 12:05 AM 79,872 btpanui.dll
02/17/2007 12:05 AM 183,296 bthprops.cpl
02/17/2007 12:05 AM 98,816 cabview.dll
02/17/2007 12:05 AM 1,605,120 browseui.dll
02/17/2007 12:05 AM 128,512 browser.dll
02/17/2007 12:04 AM 215,040 bootcfg.exe
02/17/2007 12:03 AM 9,728 bitsprx3.dll
02/17/2007 12:03 AM 10,240 bitsprx2.dll
02/17/2007 12:03 AM 75,776 basesrv.dll
02/17/2007 12:03 AM 42,496 batmeter.dll
02/17/2007 12:03 AM 417,792 azroles.dll
02/17/2007 12:03 AM 577,024 azroleui.dll
02/17/2007 12:03 AM 840,192 autoconv.exe
02/17/2007 12:03 AM 175,104 authz.dll
02/17/2007 12:03 AM 448,512 atmfd.dll
02/17/2007 12:03 AM 107,520 asycfilt.dll
02/17/2007 12:03 AM 44,032 asr_fmt.exe
02/17/2007 12:03 AM 27,648 arp.exe
02/17/2007 12:03 AM 693,760 appwiz.cpl
02/17/2007 12:03 AM 511,488 appmgr.dll
02/17/2007 12:03 AM 246,784 apphelp.dll
02/17/2007 12:03 AM 285,184 appmgmts.dll
02/17/2007 12:03 AM 122,880 amstream.dll
02/17/2007 12:03 AM 186,880 apcups.dll
02/17/2007 12:03 AM 1,051,648 advapi32.dll
02/17/2007 12:03 AM 105,472 adsmsext.dll
02/17/2007 12:03 AM 548,352 adsnt.dll
02/17/2007 12:03 AM 246,272 adsldpc.dll
02/17/2007 12:03 AM 342,016 adsldp.dll
02/17/2007 12:02 AM 356,864 activeds.dll
02/17/2007 12:02 AM 225,792 actxprxy.dll
02/17/2007 12:02 AM 5,632 actmovie.exe
02/17/2007 12:02 AM 194,048 acledit.dll
02/17/2007 12:02 AM 80,384 access.cpl
02/17/2007 12:02 AM 180,736 aclui.dll
02/17/2007 12:02 AM 124,416 6to4svc.dll
02/17/2007 12:02 AM 154,624 dpcdll.dll
02/08/2007 08:51 AM 322,048 upnphost.dll

C:\WINDOWS\system32\drivers\

09/06/2007 02:05 PM 75,856 aswmon2.sys
09/06/2007 02:03 PM 27,216 aswRdr.sys
09/06/2007 02:02 PM 48,720 aswTdi.sys
09/06/2007 02:01 PM 24,656 aavmker4.sys
06/29/2007 12:43 AM 8,429,696 nv4_mini.sys
05/30/2007 12:06 AM 152,576 update.sys
03/01/2007 12:06 PM 135,680 Rtenic64.sys
02/18/2007 10:57 AM 1,041,920 ntfs.sys
02/18/2007 10:54 AM 187,392 ksecdd.sys
02/17/2007 01:01 AM 55,296 wanarp.sys
02/17/2007 01:01 AM 288,768 volsnap.sys
02/17/2007 01:01 AM 117,760 videoprt.sys
02/17/2007 01:00 AM 48,128 usbstor.sys
02/17/2007 01:00 AM 32,512 usbuhci.sys
02/17/2007 01:00 AM 102,400 usbhub.sys
02/17/2007 01:00 AM 212,480 usbport.sys
02/17/2007 01:00 AM 44,160 usbehci.sys
02/17/2007 01:00 AM 24,064 usb8023.sys
02/17/2007 01:00 AM 43,264 usbcamd2.sys
02/17/2007 01:00 AM 107,520 udfs.sys
02/17/2007 12:59 AM 20,616 tdpipe.sys
02/17/2007 12:59 AM 69,768 termdd.sys
02/17/2007 12:59 AM 37,512 tdtcp.sys
02/17/2007 12:59 AM 33,792 tdi.sys
02/17/2007 12:59 AM 375,296 tcpip6.sys
02/17/2007 12:59 AM 768,000 tcpip.sys
02/17/2007 12:59 AM 30,720 tape.sys
02/17/2007 12:59 AM 5,120 swenum.sys
02/17/2007 12:57 AM 84,736 stream.sys
02/17/2007 12:57 AM 173,056 storport.sys
02/17/2007 12:56 AM 646,656 srv.sys
02/17/2007 12:55 AM 39,680 sonydcam.sys
02/17/2007 12:55 AM 99,328 smb.sys
02/17/2007 12:54 AM 16,896 sffdisk.sys
02/17/2007 12:54 AM 17,408 sffp_sd.sys
02/17/2007 12:54 AM 119,296 sdbus.sys
02/17/2007 12:54 AM 171,008 scsiport.sys
02/17/2007 12:51 AM 51,200 rndismp.sys
02/17/2007 12:51 AM 181,248 rmcast.sys
02/17/2007 12:51 AM 230,536 rdpwd.sys
02/17/2007 12:51 AM 333,824 rdpdr.sys
02/17/2007 12:51 AM 309,248 rdbss.sys
02/17/2007 12:51 AM 69,120 raspppoe.sys
02/17/2007 12:51 AM 120,320 raspptp.sys
02/17/2007 12:51 AM 135,168 rasl2tp.sys
02/17/2007 12:50 AM 106,496 psched.sys
02/17/2007 12:45 AM 29,696 ppa.sys
02/17/2007 12:45 AM 28,672 ppa3.sys
02/17/2007 12:44 AM 115,200 pci.sys
02/17/2007 12:44 AM 40,448 pciidex.sys
02/17/2007 12:44 AM 188,416 pcmcia.sys
02/17/2007 12:44 AM 135,680 parport.sys
02/17/2007 12:44 AM 45,056 partmgr.sys
02/17/2007 12:42 AM 93,440 ohci1394.sys
02/17/2007 12:41 AM 138,752 nwlnkipx.sys
02/17/2007 12:41 AM 87,552 nwlnkspx.sys
02/17/2007 12:40 AM 56,832 npfs.sys
02/17/2007 12:40 AM 71,168 nmnt.sys
02/17/2007 12:40 AM 53,760 netbios.sys
02/17/2007 12:40 AM 347,136 netbt.sys
02/17/2007 12:39 AM 65,024 ndproxy.sys
02/17/2007 12:39 AM 161,280 ndiswan.sys
02/17/2007 12:39 AM 28,160 ndisuio.sys
02/17/2007 12:39 AM 361,984 ndis.sys
02/17/2007 12:39 AM 178,688 mup.sys
02/17/2007 12:39 AM 29,696 mssmbios.sys
02/17/2007 12:38 AM 71,168 msgpc.sys
02/17/2007 12:37 AM 786,944 mrxsmb.sys
02/17/2007 12:37 AM 273,408 mrxdav.sys
02/17/2007 12:37 AM 154,624 mqac.sys
02/17/2007 12:37 AM 72,192 mountmgr.sys
02/17/2007 12:37 AM 49,664 modem.sys
02/17/2007 12:36 AM 94,208 mf.sys
02/17/2007 12:36 AM 20,992 mcd.sys
02/17/2007 12:35 AM 24,192 ksthunk.sys
02/17/2007 12:35 AM 279,552 ks.sys
02/17/2007 12:34 AM 36,864 kbdclass.sys
02/17/2007 12:31 AM 14,336 isapnp.sys
02/17/2007 12:31 AM 19,456 irenum.sys
02/17/2007 12:31 AM 156,672 ipsec.sys
02/17/2007 12:31 AM 180,736 ipnat.sys
02/17/2007 12:30 AM 49,664 ipfltdrv.sys
02/17/2007 12:30 AM 57,856 ip6fw.sys
02/17/2007 12:28 AM 93,184 i8042prt.sys
02/17/2007 12:28 AM 560,640 http.sys
02/17/2007 12:28 AM 41,472 hidparse.sys
02/17/2007 12:22 AM 240,128 ftdisk.sys
02/17/2007 12:21 AM 227,328 fltmgr.sys
02/17/2007 12:21 AM 50,176 fips.sys
02/17/2007 12:20 AM 36,352 fdc.sys
02/17/2007 12:20 AM 247,808 fastfat.sys
02/17/2007 12:18 AM 137,216 dxg.sys
02/17/2007 12:17 AM 244,224 dmio.sys
02/17/2007 12:17 AM 415,232 dmboot.sys
02/17/2007 12:17 AM 24,064 diskdump.sys
02/17/2007 12:17 AM 63,488 disk.sys
02/17/2007 12:08 AM 88,576 classpnp.sys
02/17/2007 12:05 AM 113,152 cdfs.sys
02/17/2007 12:05 AM 116,224 bridge.sys
02/17/2007 12:03 AM 91,648 atmlane.sys
02/17/2007 12:03 AM 569,856 atmuni.sys
02/17/2007 12:03 AM 106,496 atmarpc.sys
02/17/2007 12:03 AM 150,016 atapi.sys
02/17/2007 12:03 AM 111,104 arp1394.sys
02/17/2007 12:03 AM 291,840 afd.sys
02/17/2007 12:02 AM 322,560 acpi.sys
02/17/2007 12:02 AM 80,384 1394bus.sys
02/16/2007 06:27 AM 68,096 jraid.sys

C:\WINDOWS\system32\dllcache\

07/30/2007 07:19 PM 203,096 wwuweb.dll
07/30/2007 07:19 PM 2,164,568 wuaueng.dll
07/30/2007 07:19 PM 1,712,984 wwuaueng.dll
07/30/2007 07:19 PM 665,944 wuapi.dll
07/30/2007 07:19 PM 549,720 wwuapi.dll
07/30/2007 07:19 PM 360,792 wucltui.dll
07/30/2007 07:19 PM 225,112 wuaucpl.cpl
07/30/2007 07:19 PM 216,408 wwuaucpl.cpl
07/30/2007 07:19 PM 121,688 wuweb.dll
07/30/2007 07:19 PM 100,696 cdm.dll
07/30/2007 07:19 PM 55,128 wuauclt.exe
07/30/2007 07:19 PM 43,352 wups2.dll
07/30/2007 07:19 PM 43,352 wwups2.dll
07/30/2007 07:18 PM 34,648 wups.dll
07/30/2007 07:18 PM 33,624 wwups.dll
06/29/2007 12:43 AM 8,429,696 nv4_mini.sys
06/29/2007 12:43 AM 8,148,736 nv4_disp.dll
06/25/2007 03:35 AM 6,049,792 wwmp.dll
06/13/2007 01:29 PM 552,960 woleaut32.dll
06/13/2007 01:29 PM 1,121,280 oleaut32.dll
05/31/2007 01:26 PM 1,119,232 wmsxml3.dll
05/31/2007 01:26 PM 2,125,312 msxml3.dll
05/30/2007 12:06 AM 152,576 update.sys
05/03/2007 01:46 PM 1,508,352 wshdocvw.dll
05/03/2007 01:46 PM 2,438,144 shdocvw.dll
05/03/2007 10:23 AM 510,976 wwab32.dll
05/03/2007 10:23 AM 694,784 winetcomm.dll
05/03/2007 10:23 AM 833,536 wab32.dll
05/03/2007 10:23 AM 1,179,136 inetcomm.dll
05/01/2007 06:13 AM 927,504 wmfc40u.dll
05/01/2007 06:13 AM 1,163,776 wmfc42u.dll
04/25/2007 02:45 PM 146,944 wschannel.dll
04/25/2007 02:45 PM 253,952 schannel.dll
04/18/2007 10:27 AM 1,009,664 wkernel32.dll
04/18/2007 10:27 AM 1,503,744 kernel32.dll
03/23/2007 08:35 PM 2,854,400 wmsi.dll
03/23/2007 08:35 PM 4,491,264 msi.dll
03/23/2007 02:10 AM 4,499,968 ntoskrnl.exe
03/23/2007 02:10 AM 4,568,576 ntkrnlmp.exe
03/21/2007 08:18 AM 58,880 wagentdpv.dll
03/21/2007 08:18 AM 454,144 w03a2409.dll
03/21/2007 08:18 AM 96,768 agentdpv.dll
03/21/2007 12:05 AM 512,512 winsrv.dll
03/02/2007 01:54 AM 40,960 wmf3216.dll
03/02/2007 01:54 AM 290,816 wgdi32.dll
03/02/2007 01:54 AM 602,624 wuser32.dll
03/02/2007 01:54 AM 4,530,176 win32k.sys
03/02/2007 01:54 AM 95,744 mf3216.dll
03/02/2007 01:54 AM 1,086,464 user32.dll
03/02/2007 01:54 AM 619,520 gdi32.dll
02/18/2007 11:06 AM 234,496 wimjputyc.dll
02/18/2007 11:06 AM 64,512 wsoftkey.dll
02/18/2007 11:06 AM 179,712 wimjputy.exe
02/18/2007 11:06 AM 695,808 wimjp81k.dll
02/18/2007 11:06 AM 647,168 wimjpcus.dll
02/18/2007 11:06 AM 20,992 wimjpdct.dll
02/18/2007 11:06 AM 109,056 wimekrcic.dll
02/18/2007 11:06 AM 96,768 wimekr61.ime
02/18/2007 11:06 AM 331,264 wimjp81.ime
02/18/2007 11:06 AM 342,016 wimjpcic.dll
02/18/2007 11:06 AM 107,520 wimjpmig.exe
02/18/2007 11:06 AM 210,944 wimepadsv.exe
02/18/2007 11:06 AM 26,624 wcplexe.exe
02/18/2007 11:06 AM 198,144 wimjpdct.exe
02/18/2007 11:06 AM 55,296 wimjpinst.exe
02/18/2007 11:06 AM 113,152 wimjprw.exe
02/18/2007 10:58 AM 72,704 pidgen.dll
02/18/2007 10:49 AM 15,360 wdssrv.dll.mui
02/18/2007 10:49 AM 13,312 wdspxe.dll.mui
02/18/2007 10:49 AM 251,392 wdsutil.exe.mui
02/18/2007 10:49 AM 840,704 wdsmmc.dll.mui
02/18/2007 10:49 AM 19,968 wdsmgmt.dll.mui
02/18/2007 10:49 AM 6,656 wdsimgsrv.dll.mui
02/18/2007 10:49 AM 83,456 wdsimgsrv.dll
02/18/2007 10:49 AM 4,608 wdsimage.dll.mui
02/18/2007 10:49 AM 99,328 risetup.exe.mui
02/18/2007 10:49 AM 43,008 imadmui.dll.mui
02/18/2007 10:48 AM 47,104 binlsvc.dll.mui
02/17/2007 12:35 AM 94,720 softkey.dll
02/17/2007 12:35 AM 327,168 imjputyc.dll
02/17/2007 12:35 AM 274,944 imjputy.exe
02/17/2007 12:35 AM 174,592 imjprw.exe
02/17/2007 12:35 AM 167,424 imjpmig.exe
02/17/2007 12:35 AM 79,872 imjpinst.exe
02/17/2007 12:35 AM 324,608 imjpdct.exe
02/17/2007 12:35 AM 32,256 imjpdct.dll
02/17/2007 12:35 AM 732,160 imjpcus.dll
02/17/2007 12:35 AM 576,000 imjpcic.dll
02/17/2007 12:35 AM 581,120 imjp81.ime
02/17/2007 12:35 AM 1,106,944 imjp81k.dll
02/17/2007 12:35 AM 153,600 imekrcic.dll
02/17/2007 12:35 AM 323,072 imepadsv.exe
02/17/2007 12:35 AM 40,448 cplexe.exe
02/17/2007 12:35 AM 139,264 imekr61.ime
02/17/2007 12:02 AM 154,624 dpcdll.dll
02/08/2007 08:51 AM 189,952 wupnphost.dll
02/08/2007 08:51 AM 322,048 upnphost.dll

C:\Documents and Settings\Administrator\

09/22/2007 08:50 PM 1,024 ntuser.dat.LOG
09/22/2007 08:45 PM 178 ntuser.ini
09/22/2007 08:45 PM 2,359,296 NTUSER.DAT
09/16/2007 02:24 AM 0 Sti_Trace.log
09/16/2007 02:24 AM 162 wiadebug.log

Program Folders:

C:\Program Files\

Alwil Software
Autodesk
Common Files
ComPlus Applications
Internet Explorer
Messenger
MSBuild
Online Services
Outlook Express
Reference Assemblies
Uninstall Information
Windows NT

C:\Program Files\Common Files\

Microsoft Shared
ODBC
Services
SpeechEngines
System

Add/Remove Programs:

AGEIA PhysX v2.5.1
avast! Antivirus
FBX Plugin 2006.08 for Max 9.0 64
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 2.0 (x64) (KB918842)
Microsoft .NET Framework 3.0
Macromedia Flash Player 8
Google SketchUp Pro 6
Google Toolbar for Internet Explorer
i-Cool
Java(TM) 6 Update 2
Gigabyte Raid Configurer
Backburner
3ds max 7 Architectural Materials
Autodesk Building Systems 2007
3ds max 7 Additional Maps and Materials
3dsmax ancillary install
OpenOffice.org 2.3
Google SketchUp 6
Autodesk DWF Viewer 7
Microsoft .NET Framework 3.0
SketchUp 5
Google SketchUp LayOut 6
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Microsoft .NET Framework 1.1
3ds max 7 Reference Files
Google SketchUp 6 Exporters
WinFast(R) Display Driver
3ds max 7

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"JMB36X IDE Setup"="C:\\WINDOWS\\JM\\JMInsIDE.exe"
"36X Raid Configurer"="C:\\WINDOWS\\SysWOW64\\JMRaidSetup.exe boot"
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo Messengger"="C:\\WINDOWS\\system32\\SCVHOST.exe"

Drivers:

Services:

SERVICE_NAME: AeLookupSvc
Process application compatibility lookup requests for applications as they are launched.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Application Experience Lookup Service

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 4 DISABLED
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
      DISPLAY_NAME        : Alerter

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
      DISPLAY_NAME        : Application Layer Gateway Service

SERVICE_NAME: AppMgmt
Processes installation, removal, and enumeration requests for Active Directory IntelliMirror group policy programs. If the service is disabled, users will be unable to install, remove, or enumerate any IntelliMirror programs. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Application Management

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
      DISPLAY_NAME        : ASP.NET State Service

SERVICE_NAME: aswUpdSv
Provides automatic updating for the avast! antivirus.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
      DISPLAY_NAME        : avast! iAVS4 Control Service

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Windows Audio

SERVICE_NAME: Autodesk Licensing Service
Anchor service for Autodesk products licensed with SafeCast
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
      DISPLAY_NAME        : Autodesk Licensing Service

SERVICE_NAME: avast! Antivirus
Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
      DISPLAY_NAME        : avast! Antivirus

SERVICE_NAME: avast! Mail Scanner
Implements mail scanning for avast! antivirus.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
      DISPLAY_NAME        : avast! Mail Scanner

SERVICE_NAME: avast! Web Scanner
Implements web (HTTP) scanning for avast! antivirus.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
      DISPLAY_NAME        : avast! Web Scanner

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Background Intelligent Transfer Service

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Computer Browser

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
      START_TYPE        : 4 DISABLED
      BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
      DISPLAY_NAME        : Indexing Service

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
      DISPLAY_NAME        : ClipBook

SERVICE_NAME: clr_optimization_v2.0.50727_32
Microsoft .NET Framework NGEN
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      DISPLAY_NAME        : .NET Runtime Optimization Service v2.0.50727_X86

SERVICE_NAME: clr_optimization_v2.0.50727_64
Microsoft .NET Framework NGEN
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
      DISPLAY_NAME        : .NET Runtime Optimization Service v2.0.50727_x64

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
      DISPLAY_NAME        : COM+ System Application

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Cryptographic Services

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k DcomLaunch
      DISPLAY_NAME        : DCOM Server Process Launcher

SERVICE_NAME: Dhcp
Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
      DISPLAY_NAME        : DHCP Client

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
      DISPLAY_NAME        : Logical Disk Manager Administrative Service

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Logical Disk Manager

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
      DISPLAY_NAME        : DNS Client

SERVICE_NAME: ERSvc
Collects, stores, and reports unexpected application crashes to Microsoft. If this service is stopped, then Error Reporting will occur only for kernel faults and some types of user mode faults. If this service is disabled, any services that explicitly depend on it will not start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k WinErr
      DISPLAY_NAME        : Error Reporting Service

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
      DISPLAY_NAME        : Event Log

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : COM+ Event System

SERVICE_NAME: FontCache3.0.0.0
Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
      DISPLAY_NAME        : Windows Presentation Foundation Font Cache 3.0.0.0

SERVICE_NAME: gusvc
(null)
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
      DISPLAY_NAME        : Google Updater Service

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Help and Support

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 4 DISABLED
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Human Interface Device Access

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
      DISPLAY_NAME        : HTTP SSL

SERVICE_NAME: IASJet
Configures Internet Authentication Service (IAS). If this service is stopped, remote network access that requires user authentication will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\SysWOW64\svchost.exe -k iasjet
      DISPLAY_NAME        : IAS Jet Database Access

SERVICE_NAME: idsvc
Securely enables the creation, management, and disclosure of digital identities.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : "C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
      DISPLAY_NAME        : Windows CardSpace

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\imapi.exe
      DISPLAY_NAME        : IMAPI CD-Burning COM Service

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Server

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Workstation

SERVICE_NAME: LmHosts
Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
      DISPLAY_NAME        : TCP/IP NetBIOS Helper

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 4 DISABLED
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Messenger

SERVICE_NAME: mi-raysat_3dsmax9_64
mental ray 3.5 Satellite (64-bit)
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : "C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe"
      DISPLAY_NAME        : mental ray 3.5 Satellite (64-bit)

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\mnmsrvc.exe
      DISPLAY_NAME        : NetMeeting Remote Desktop Sharing

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\msdtc.exe
      DISPLAY_NAME        : Distributed Transaction Coordinator

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V
      DISPLAY_NAME        : Windows Installer

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
      DISPLAY_NAME        : Network DDE

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
      DISPLAY_NAME        : Network DDE DSDM

SERVICE_NAME: Netlogon
Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
      DISPLAY_NAME        : Net Logon

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. If this service is disabled, you will not be able to view local area network and remote connections and any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Network Connections

SERVICE_NAME: NetTcpPortSharing
Provides ability to share TCP ports over the net.tcp protocol.
      START_TYPE        : 4 DISABLED
      BINARY_PATH_NAME : "C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
      DISPLAY_NAME        : Net.Tcp Port Sharing Service

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Network Location Awareness (NLA)

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
      DISPLAY_NAME        : NT LM Security Support Provider

SERVICE_NAME: NtmsSvc
Manages and catalogs removable media and operates automated removable media devices. If this service is stopped, programs that are dependent on Removable Storage, such as Backup and Remote Storage, will operate more slowly. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Removable Storage

SERVICE_NAME: NVSvc
Provides system and desktop level support to the NVIDIA display driver
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\nvsvc64.exe
      DISPLAY_NAME        : NVIDIA Display Driver Service

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
      DISPLAY_NAME        : Plug and Play

SERVICE_NAME: PolicyAgent
Provides end-to-end security between clients and servers on TCP/IP networks. If this service is stopped, TCP/IP security between clients and servers on the network will be impaired. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
      DISPLAY_NAME        : IPSEC Services

SERVICE_NAME: ProtectedStorage
Protects storage of sensitive information, such as private keys, and prevents access by unauthorized services, processes, or users. If this service is stopped, protected storage will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
      DISPLAY_NAME        : Protected Storage

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Remote Access Auto Connection Manager

SERVICE_NAME: RasMan
Creates a network connection.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Remote Access Connection Manager

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
      DISPLAY_NAME        : Remote Desktop Help Session Manager

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
      START_TYPE        : 4 DISABLED
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Routing and Remote Access

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
      DISPLAY_NAME        : Remote Registry

SERVICE_NAME: RpcLocator
Enables remote procedure call (RPC) clients using the RpcNs* family of APIs to locate RPC servers. If this service is stopped or disabled, RPC clients using RpcNs* APIs may be unable to locate servers or fail to start. RpcNs* APIs are not used internally in Windows.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\locator.exe
      DISPLAY_NAME        : Remote Procedure Call (RPC) Locator

SERVICE_NAME: RpcSs
Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss
      DISPLAY_NAME        : Remote Procedure Call (RPC)

SERVICE_NAME: SamSs
The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
      DISPLAY_NAME        : Security Accounts Manager

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
      DISPLAY_NAME        : Smart Card

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Task Scheduler

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Secondary Logon

SERVICE_NAME: SENS
Monitors system events and notifies subscribers to COM+ Event System of these events. If this service is stopped, COM+ Event System subscribers will not receive system event notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : System Event Notification

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Windows Firewall/Internet Connection Sharing (ICS)

SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Shell Hardware Detection

SERVICE_NAME: Spooler
Manages all local and network print queues and controls all printing jobs. If this service is stopped, printing on the local machine will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
      DISPLAY_NAME        : Print Spooler

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : System Restore Service

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
      DISPLAY_NAME        : SSDP Discovery Service

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc
      DISPLAY_NAME        : Windows Image Acquisition (WIA)

SERVICE_NAME: swprv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k swprv
      DISPLAY_NAME        : Microsoft Software Shadow Copy Provider

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
      DISPLAY_NAME        : Performance Logs and Alerts

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for clients using programs that control telephony devices and IP-based voice connections. If this service is stopped, the function of all dependent programs will be impaired. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Telephony

SERVICE_NAME: TermService
Allows users to connect interactively to a remote computer. Remote Desktop, Fast User Switching, Remote Assistance, and Terminal Server depend on this service - stopping or disabling this service may make your computer unreliable. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Terminal Services

SERVICE_NAME: Themes
Provides user experience theme management.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Themes

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 4 DISABLED
      BINARY_PATH_NAME : C:\WINDOWS\system32\tlntsvr.exe
      DISPLAY_NAME        : Telnet

SERVICE_NAME: TrkWks
Enables client programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. If this service is stopped, the links on this computer will not be maintained or tracked. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Distributed Link Tracking Client

SERVICE_NAME: UMWdf
Enables Windows user mode drivers.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe
      DISPLAY_NAME        : Windows User Mode Driver Framework

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
      DISPLAY_NAME        : Universal Plug and Play Device Host

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
      DISPLAY_NAME        : Uninterruptible Power Supply

SERVICE_NAME: vds
Provides software volume and hardware volume management service.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\vds.exe
      DISPLAY_NAME        : Virtual Disk Service

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
      DISPLAY_NAME        : Volume Shadow Copy

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
      DISPLAY_NAME        : Windows Time

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
      DISPLAY_NAME        : WebClient

SERVICE_NAME: WinHttpAutoProxySvc
Implements the Web Proxy Auto-Discovery (WPAD) protocol for Windows HTTP Services (WinHTTP). WPAD is a protocol to enable an HTTP client to automatically discover a proxy configuration. If this service is stopped or disabled, the WPAD protocol will be executed within the HTTP client's process instead of an external service process; there would be no loss of functionality as a result.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
      DISPLAY_NAME        : WinHTTP Web Proxy Auto-Discovery Service

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Windows Management Instrumentation

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Portable Media Serial Number Service

SERVICE_NAME: Wmi
Monitors all drivers and event trace providers that are configured to publish Windows Management Instrumentation (WMI) or event trace information. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Windows Management Instrumentation Driver Extensions

SERVICE_NAME: WmiApSrv
Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\wbem\wmiapsrv.exe
      DISPLAY_NAME        : WMI Performance Adapter

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Security Center

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Automatic Updates

SERVICE_NAME: WZCSVC
Enables automatic configuration for IEEE 802.11 adapters. If this service is stopped, automatic configuration will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
      START_TYPE        : 2 AUTO_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Wireless Configuration

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
      START_TYPE        : 3 DEMAND_START
      BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
      DISPLAY_NAME        : Network Provisioning Service

ShellExecuteHooks:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972}      REG_SZ

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec      REG_EXPAND_SZ      %SystemRoot%\system32\cmd.exe
Path      REG_EXPAND_SZ      %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Autodesk Shared\;C:\Program Files (x86)\backburner 2\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\
windir      REG_EXPAND_SZ      %SystemRoot%
OS      REG_SZ       Windows_NT
PATHEXT      REG_SZ       .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP      REG_EXPAND_SZ      %SystemRoot%\TEMP
TMP      REG_EXPAND_SZ      %SystemRoot%\TEMP

IFEO Debugger values:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\your image file name here without a path
Debugger      REG_SZ       ntsd -d
GlobalFlag      REG_SZ       0x000010F0

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders      REG_SZ       msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages      REG_MULTI_SZ       msv1_0\0\0

Non-Default Installed Component Values:

Non-Default Safeboot Minimal:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\vds
<NO NAME>      REG_SZ       Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wd.sys
<NO NAME>      REG_SZ       Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{533c5b84-ec70-11d2-9505-00c04f79deaf}
<NO NAME>      REG_SZ       Volume shadow copy

Finished!

by: rpggamergirlPosted on 2007-09-22 at 15:42:40ID: 19942866

I haven't checked the system log you posted above.
but you said SDFix just flashes and disappeared, the nasties are still showing in your logfile.

Please do this:
Go to Start Menu > Run > then copy and paste the following line:

%systemdrive%\SDFix\apps\FixPath.exe /Q

Reboot and then run SDFix again

by: DMDzPosted on 2007-09-22 at 23:09:41ID: 19943622

Does the same thing after copying and pasting that line... diddnt want to boot into safe mode at first (infact it reset and booted into windows), but got it in safemode eventually. Did the same thing again though (came up for a split second and dissapeared). could it be because its 64bit windows?

by: rpggamergirlPosted on 2007-09-23 at 18:32:50ID: 19945981

Oh I see, that could be why SDFix doesn't run.

the culprit that is showing in your logfile is this one below.
F2 - REG:system.ini: Shell=Explorer.exe SCVHOST.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SCVHOST.exe

C:\WINDOWS\system32\SCVHOST.exe <-- if you just manually get rid of this nasty and then fix those entries in hijackthis, fix the entries before you reboot, if the bad file is gone and you reboot without fixing the F2 entry, there's a chance that you'll lose your explorer.

Then just use other scanners like;
Kaspersky free trial:
http://www.kaspersky.com/trials.html

Download and install DrWebCureit:
http://download.drweb.com/drweb+cureit/

MS malicious software removal tool:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Sorry, haven't checked if the above tools runs in 64 bit.

by: rpggamergirlPosted on 2007-09-27 at 20:40:24ID: 19976383

How's the pc going?
I assume problem is solved?

Thanks for the points!

by: DMDzPosted on 2007-09-28 at 00:33:33ID: 19976954

PC was resolved before I realised it, confused SVChost.exe with SCVhost.exe. You educated me on the differances in another post on EE :)

Part of the problem was that taskmanager and regedit were blocked. Regedit was unblocked using hijack this, and once I was able to get into regedit I was able to unblock the task manager (by searching for taskmgr and setting 1 to 0 when it came up with the right key).

Excelent piece of software, HiJackthis. Is it hte complete solution or do I have to use other bits of software for nastier pieces? Can you reccomend the "toolchest" I need to use? Also, where can I go to educate myself on the processes I should be looking out for?

by: jvuzPosted on 2007-09-28 at 01:21:02ID: 19977102

www.superantispyware.com is good.

by: DMDzPosted on 2007-09-28 at 01:22:54ID: 19977114

Forgot to add remain blocked even after the virus was removed, hence confusing scvhost.exe and svchost.exe

Question

Virus Problems

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

Anti-Virus

Server Anti-Virus

Anti-Virus Applications

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Need individual assistance?

Our experts are ready to help.

Want to learn from the best?

Read articles from industry experts.

Working on a long term project?

Store your work and research.

What Makes Experts Exchange Unique?

Trusted by the world's most respected brands.

Faithfully serving IT professionals since 1996.

Related Solutions

Free Tech Articles

Cloud Class Webinars

Join the Community

Give a Little. Get a Lot.

Answers

3 Ways to Join

The Experts

The Experts

Testimonials

Testimonials

Testimonials

Business Clients

Business Clients

In the Press

In the Press

In the Press