Inactive [InActive] Missing Windows Apps - See same title under Window XP forum

Logfile of random's system information tool 1.04 (written by random/random)
Run by me at 2008-11-18 11:38:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (15%) free of 23 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:24 AM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files\Secunia\PSI (RC4)\psi.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AcceleRun\ACCELE~2.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sandboxie\SandboxieServer.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\IEPro\MiniDM.exe
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Task Catcher] C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\RunOnce: [SpeedStartup] C:\Program Files\Speed Startup\speedstartup.exe runonce
O4 - HKCU\..\Run: [SpeedStartup] C:\Program Files\Speed Startup\speedstartup.exe bootup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKUS\S-1-5-19\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [SpeedStartup] C:\Program Files\Speed Startup\speedstartup.exe bootup (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SpeedStartup] C:\Program Files\Speed Startup\speedstartup.exe bootup (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
O4 - Startup: Secunia PSI (RC4).lnk = C:\Program Files\Secunia\PSI (RC4)\psi.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/features/dictionary/quickDictionary.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download1.answers.com/pub/AnswersSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152315866578
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Sandboxie Service (SandboxU) - tzuk - C:\Program Files\Sandboxie\SandboxieServer.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13700 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-09-28 5759816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAD3A971-6A23-4246-8691-C9244E858967}]
OToolbarHelper Class - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [2007-12-03 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-23 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-09-28 5759816]
{7754C418-F62E-44aa-B169-E719E718BCFD} - 1-Click Answers - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll [2007-12-12 464632]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-23 262144]
{DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - PayPal Plug-In - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [2007-12-03 2703360]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Task Catcher "=C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe [2005-11-14 136760]
"ZoneAlarm Client "=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"ThreatFire "=C:\Program Files\ThreatFire\TFTray.exe [2008-10-24 263456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpeedStartup "=C:\Program Files\Speed Startup\speedstartup.exe [2007-02-22 2236160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedStartup "=C:\Program Files\Speed Startup\speedstartup.exe [2007-02-22 2236160]
"EasyLinkAdvisor "=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"TVPlanet "= []
"RadioPlanet "= []

C:\Documents and Settings\me\Start Menu\Programs\Startup
HDDlife.lnk - C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
Secunia PSI (RC4).lnk - C:\Program Files\Secunia\PSI (RC4)\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2007-05-01 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetFolders "=
"NoFind "=
"NoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe "= "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\IEPro\MiniDM.exe "= "C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM "
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe "= "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service "
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\RpcSandraSrv.exe "= "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======File associations======

.txt - open - "C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe" "%1 "

======List of files/folders created in the last 3 months======

2008-11-18 11:33:52 ----D---- C:\Program Files\trend micro
2008-11-18 11:33:50 ----D---- C:\rsit
2008-11-14 18:33:33 ----D---- C:\Documents and Settings\me\Application Data\Crossword Compiler 8
2008-11-01 13:01:44 ----D---- C:\Program Files\textBEAST
2008-10-30 05:56:15 ----D---- C:\Program Files\Secunia
2008-10-23 20:54:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 13:13:59 ----D---- C:\FDB
2008-10-22 14:29:57 ----D---- C:\Documents and Settings\me\Application Data\PixelMetrics
2008-10-08 19:16:20 ----D---- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2008-10-02 16:32:38 ----A---- C:\WINDOWS\TaxACT08.ini
2008-09-24 14:53:48 ----A---- C:\WINDOWS\wweb32.dll
2008-09-14 11:35:16 ----D---- C:\Program Files\ScreenshotCaptor
2008-09-12 13:29:16 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-09-12 13:21:39 ----D---- C:\Program Files\3B Software
2008-09-12 13:19:45 ----D---- C:\TempDTV4PC
2008-09-12 13:19:41 ----SHD---- C:\WINDOWS\ftpcache
2008-09-10 09:27:06 ----D---- C:\Program Files\Maxthon
2008-09-10 09:24:06 ----D---- C:\Documents and Settings\me\Application Data\MxBoost
2008-09-10 09:23:37 ----D---- C:\Program Files\Maxthon2
2008-09-03 08:49:18 ----A---- C:\WINDOWS\system32\ijl11.dll
2008-09-03 08:49:17 ----D---- C:\textBEASTdata
2008-08-28 11:53:25 ----D---- C:\Documents and Settings\me\Application Data\M8 Software
2008-08-28 11:51:41 ----A---- C:\WINDOWS\system32\Apigid32.dll
2008-08-20 14:39:17 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-20 14:39:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-20 14:39:17 ----A---- C:\WINDOWS\system32\java.exe
2008-08-20 06:25:23 ----D---- C:\Program Files\PrimoPDF

======List of files/folders modified in the last 3 months======

2008-11-18 11:38:10 ----D---- C:\WINDOWS\Internet Logs
2008-11-18 11:38:03 ----D---- C:\WINDOWS\Temp
2008-11-18 11:34:18 ----D---- C:\WINDOWS\Prefetch
2008-11-18 11:33:52 ----D---- C:\Program Files
2008-11-18 11:31:35 ----D---- C:\Downloads
2008-11-18 11:30:55 ----D---- C:\WINDOWS\Help
2008-11-18 10:12:50 ----D---- C:\Documents and Settings\me\Application Data\SiteAdvisor
2008-11-18 08:58:20 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 08:56:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 08:55:53 ----D---- C:\Program Files\Sandboxie
2008-11-18 08:55:23 ----D---- C:\WINDOWS\system32\drivers
2008-11-18 08:55:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-18 08:55:07 ----A---- C:\WINDOWS\win.ini
2008-11-18 08:55:07 ----A---- C:\WINDOWS\system.ini
2008-11-17 22:15:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-17 16:44:29 ----D---- C:\WINDOWS\security
2008-11-17 07:48:12 ----D---- C:\WINDOWS
2008-11-14 15:36:34 ----D---- C:\Program Files\Quicken
2008-11-13 09:36:15 ----D---- C:\WINDOWS\system32
2008-11-12 08:57:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-07 07:51:25 ----D---- C:\WINDOWS\Minidump
2008-11-03 14:39:05 ----D---- C:\Program Files\iDailyDiary
2008-11-02 08:34:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 09:37:46 ----D---- C:\Program Files\ThreatFire
2008-10-26 15:49:53 ----D---- C:\Program Files\DcUpdater
2008-10-25 21:12:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-25 09:25:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-23 20:54:58 ----HD---- C:\WINDOWS\inf
2008-10-23 20:54:53 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-23 20:54:00 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 13:49:41 ----D---- C:\Program Files\CaptureWiz
2008-10-23 13:16:48 ----SD---- C:\Documents and Settings\me\Application Data\Microsoft
2008-10-22 14:08:04 ----D---- C:\WINDOWS\system32\ebay
2008-10-19 09:21:45 ----D---- C:\Program Files\FindAndRunRobot
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 08:38:01 ----D---- C:\Program Files\NoteTab Light
2008-10-12 08:27:22 ----D---- C:\Program Files\DocPad
2008-10-10 14:13:56 ----D---- C:\Program Files\Siber Systems
2008-10-10 14:12:13 ----D---- C:\Documents and Settings\me\Application Data\GoodSync
2008-10-08 19:16:50 ----D---- C:\Program Files\Karen's Power Tools
2008-10-06 16:16:58 ----D---- C:\Program Files\Titan Backup
2008-10-04 11:15:39 ----D---- C:\Program Files\Google
2008-10-04 11:10:42 ----D---- C:\Program Files\ZipItFree
2008-10-04 11:05:50 ----SHD---- C:\WINDOWS\Installer
2008-10-04 11:05:50 ----D---- C:\WINDOWS\WinSxS
2008-10-04 11:05:09 ----RSD---- C:\WINDOWS\assembly
2008-10-04 10:45:32 ----D---- C:\Program Files\Mythicsoft
2008-10-03 14:33:35 ----D---- C:\Program Files\Common Files\System-G
2008-10-02 16:32:33 ----D---- C:\Program Files\2nd Story Software
2008-09-26 16:44:57 ----D---- C:\Program Files\Opera
2008-09-20 11:14:02 ----D---- C:\Program Files\Camtech
2008-09-20 11:13:24 ----D---- C:\Program Files\Ashampoo
2008-09-20 11:12:10 ----D---- C:\WINDOWS\Media
2008-09-11 12:43:33 ----D---- C:\Program Files\KC Softwares
2008-09-11 12:43:23 ----D---- C:\Documents and Settings\me\Application Data\KC Softwares
2008-08-30 17:40:48 ----SD---- C:\WINDOWS\Tasks
2008-08-30 17:40:43 ----D---- C:\Program Files\Apple Software Update
2008-08-28 06:18:09 ----D---- C:\Program Files\SoftMaker Office 2008
2008-08-20 14:39:16 ----D---- C:\Program Files\Java
2008-08-20 06:25:26 ----A---- C:\WINDOWS\primopdf.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-12 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-12 110160]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-12 50656]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver]; \??\C:\WINDOWS\system32\drivers\SLEE13.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-12 94032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 hidedir;hidedir; \??\C:\WINDOWS\system32\drivers\hidedir.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pnarp;Network Magic Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2007-02-08 25792]
R2 purendis;Network Magic Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2007-02-08 26944]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-03-08 44384]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-12 23152]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR CDRom Filter; \??\C:\WINDOWS\system32\DRIVERS\GEARASPIWDM.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-10-27 7808]
R3 Sandbox;Sandbox; \??\C:\Program Files\Sandboxie\Sandbox.sys []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vdisk;Virtual Disk Driver; C:\WINDOWS\system32\DRIVERS\vdisk.sys [2007-06-29 23152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\Sandra.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-09-14 427288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-12 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-12 155160]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-07-04 312880]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\system32\GEARSEC.EXE [2003-10-20 53248]
R2 HDDlife HDD Access service;HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2006-10-31 321088]
R2 SandboxU;Sandboxie Service; C:\Program Files\Sandboxie\SandboxieServer.exe [2006-10-10 25088]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe [2008-04-23 98488]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2008-10-24 70944]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-12 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-12 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-01 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2006-10-14 12800]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.04 2008-11-18 11:34:17

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1-Click Answers-->C:\Program Files\1-Click Answers\Answers.exe /Un
A1Click Ultra PC Cleaner 1.01 (Registered Version)--> "C:\Program Files\A1Click Ultra PC Cleaner\unins000.exe "
AcceleRun 1.9 pro--> "C:\Program Files\AcceleRun\unins000.exe "
Acronis*True*Image*Home-->MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AI RoboForm (All Users)--> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe "
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 7.21--> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe "
Ashampoo Burning Studio 8.03--> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe "
Ashampoo Magical Snap 2.00--> "C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins000.exe "
Ashampoo Magical Snap 2.30--> "C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins001.exe "
Ashampoo Office 2006 (C:\Program Files\Ashampoo\Ashampoo Office 2006)-->C:\Documents and Settings\me\Application Data\SoftMaker\smun3250.exe sm-un1.u32
Ashampoo Photo Commander 5--> "C:\Program Files\Ashampoo\Ashampoo Photo Commander 5\Uninstall\0718_Uninstall.EXE "
Ashampoo Photo Commander 6.20--> "C:\Program Files\Ashampoo\Ashampoo Photo Commander 6\unins000.exe "
Ashampoo Photo Optimizer 1.20--> "C:\Program Files\Ashampoo\Ashampoo Photo Optimizer\unins000.exe "
Ashampoo Photo Optimizer 2.01--> "C:\Program Files\Ashampoo\Ashampoo Photo Optimizer 2\unins000.exe "
Ashampoo PowerUp 3.21--> "C:\Program Files\Ashampoo\Ashampoo PowerUp 3\unins000.exe "
Ashampoo StartUp Tuner 2.00--> "C:\Program Files\Ashampoo\Ashampoo StartUp Tuner 2\unins000.exe "
Ashampoo UnInstaller 3.05--> "C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\unins000.exe "
Ashampoo UnInstaller Platinum 2--> "C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\Uninstall\UIP_Uninstall.exe "
Ashampoo WinOptimizer 5.05--> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 5\unins000.exe "
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup(2).exe /Uninstall
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Bruce's Unusual Typing Wizard, Version 1.5.0--> "C:\Program Files\Bruce's Unusual Typing Wizard\uninstall\unins000.exe "
CaptureWizPro 3.B0-->C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe uninstal
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDBurnerXP--> "C:\Program Files\CDBurnerXP\unins000.exe "
CinepPlayer 30 Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}\setup.exe" -l0x9 -L0x9 /SMAINT
Clipboard Help+Spell 1.19.02--> "C:\Program Files\Clipboard Help+Spell\unins000.exe "
ClipGuru -->C:\Program Files\ClipGuru\uninst.exe
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
DBXpress-->MsiExec.exe /I{A600B935-50DC-476E-9432-95A13F416302}
DcUpdater 1.23.01--> "C:\Program Files\DcUpdater\unins000.exe "
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Desktop Doctor--> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor? "
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
DocPad-->C:\Program Files\DocPad\Uninstall\Uninstall.EXE /u: "DocPad "
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DriverAgent Plugin for Netscape by TouchStone Software-->RunDll32.exe advpack.dll, LaunchINFSection driveragent_np.inf,TVICHW32Remove
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DTV4PC 1.6.3--> "C:\Program Files\3B Software\DTV4PC\unins000.exe "
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Eraser--> "C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Faith Database 2008-08--> "c:\FDB\unins000.exe "
Family Lawyer-->C:\Program Files\Broderbund\Family Lawyer\uninst.exe
FeedDemon--> "C:\Program Files\FeedDemon\unins000.exe "
FeedStation--> "C:\Program Files\FeedStation\unins000.exe "
filehippo.com Update Checker--> "C:\Program Files\filehippo.com\uninstall.exe "
FileLocator Pro Version 4.5--> "C:\Program Files\Mythicsoft\FileLocator Pro\unins000.exe "
Find+Run Robot 2.30.01--> "C:\Program Files\FindAndRunRobot\unins000.exe "
Foxit PDF IFilter-->MsiExec.exe /I{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Gammadyne Spell Checking Module-->C:\Program Files\Common Files\System-G\Speller\Uninstall\Uninstall.EXE /u: "Gammadyne Spell Checking Module "
GEAR Drivers--> "C:\WINDOWS\GEARDriversInstall.exe" -Uninstall
GoodSync--> "C:\Program Files\Siber Systems\GoodSync\uninstall.exe "
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
HDDlife Pro 3.1-->MsiExec.exe /X{E81D9FF6-B45F-4DD4-9673-86B08AF6F705}
Hidden Utilities XP-->MsiExec.exe /I{E4E3B247-9A66-45B0-A624-278A0606B896}
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
hp LaserJet 1000-->zuninst.exe
iDailyDiary Professional 3.51--> "C:\Program Files\iDailyDiary\unins000.exe "
IE7Pro-->C:\Program Files\IEPro\uninst.exe
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
ioIsland.com ClearTweak-->C:\PROGRA~1\ioIsland\CLEART~1\UNWISE.EXE C:\PROGRA~1\ioIsland\CLEART~1\ClearTweak.LOG
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
IZArc 3.81--> "C:\Program Files\IZArc\unins000.exe "
Jarte Plus--> "C:\Program Files\Jarte\unins000.exe "
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Just Great Software EditPad Lite 6.4.3-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\EditPadLite\Deploy.log "
jv16 PowerTools 2007--> "C:\Program Files\jv16 PowerTools 2006\unins000.exe "
jv16 PowerTools 2008--> "C:\Program Files\jv16 PowerTools 2008\unins000.exe "
Karen's Version Browser-->C:\Program Files\Karen's Power Tools\Version Browser\uninst.exe
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_5b62553\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Linksys EasyLink Advisor 1.6 (0033)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Living Scenes Jigsaw Puzzles 2.3--> "C:\Program Files\Living Scenes Jigsaw Puzzles\unins000.exe "
Mark's Adding Machine v1.30 (BETA)-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Mark Ganson\MAM\Uninst.isu "
Maxthon Browser (remove only)-->C:\Program Files\Maxthon\MaxthonUINST.exe
Maxthon2 Browser (remove only)-->C:\Program Files\Maxthon2\MaxthonUINST.exe
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
MSN Encarta Right-Click Dictionary-->MsiExec.exe /I{39A7E646-D7D1-4855-833A-2DEAC9ABD5ED}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
My IPs-->C:\PROGRA~1\Camtech\MYIPS~1\UNWISE.EXE C:\PROGRA~1\Camtech\MYIPS~1\INSTALL.LOG
MyLife Organized 2.0.0-->C:\Program Files\MyLifeOrganized.net\MLO\uninst.exe
NetVisualize Favorites Organizer 1.5.0--> "C:\Program Files\NetVisualize\unins000.exe "
Network Magic-->MsiExec.exe /X{CC964932-75AE-4C79-8EBF-865C799C3D35}
Norton PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NotePad SX 1.2--> "C:\Program Files\NotePad SX\unins000.exe "
NoteTab Light (Remove only)--> "C:\Program Files\NoteTab Light\unins000.exe "
NoteTab Light 5 (Remove only)--> "C:\Program Files\NoteTab Light\unins001.exe "
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Panda NanoScan-->C:\WINDOWS\system32\Panda Software\NanoScan\nanounst.exe
PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PrimoPDF--> "C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml "
Process Tamer 2.09.01--> "C:\Program Files\ProcessTamer\unins000.exe "
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Recuva (remove only)--> "C:\Program Files\Recuva\uninst.exe "
RegEditX-->C:\PROGRA~1\RegEditX\UNWISE.EXE C:\PROGRA~1\RegEditX\INSTALL.LOG
RegVac Registry Cleaner 4.02 (Registered Version)--> "C:\Program Files\RegVac Registry Cleaner\unins001.exe "
RegVac Registry Cleaner 4.02 (Trial Version)--> "C:\Program Files\RegVac Registry Cleaner\unins000.exe "
Revo Uninstaller 1.71-->C:\Program Files\Revo Uninstaller\uninst.exe
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SafeBit-->C:\PROGRA~1\SafeBit\UNWISE.EXE C:\PROGRA~1\SafeBit\INSTALL.LOG
Sandboxie version 2.64-->C:\WINDOWS\Installer\SandboxieInstall.exe
Screenshot Captor 2.42.01--> "C:\Program Files\ScreenshotCaptor\unins000.exe "
Secunia PSI (RC4)--> "C:\Program Files\Secunia\PSI (RC4)\uninstall.exe "
Security Task Manager 1.7f-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager "
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB929969)--> "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
SESType-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Square Eyes Software\SESType\Uninst.isu "
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SiSoftware Sandra Professional Home XII.SP2c--> "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\unins000.exe "
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SnagIt 9-->MsiExec.exe /I{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}
SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008)-->C:\Documents and Settings\me\Application Data\SoftMaker\smun3250.exe sm-un2.u32
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Speed Startup 1.03 (Registered Version)--> "C:\Program Files\Speed Startup\unins000.exe "
Spybot - Search & Destroy 1.5.2.20--> "C:\WINDOWS\unins000.exe "
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins001.exe "
SpywareBlaster 4.1--> "C:\Program Files\SpywareBlaster\unins000.exe "
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Steganos Safe 8 (8.0.13)-->MsiExec.exe /I{00000000-5736-4205-1000-A0892E6CB168}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Task Catcher-->C:\WINDOWS\uninst.exe -f "C:\Program Files\BillP Studios\Task Catcher\DeIsL1.isu" -c "C:\Program Files\BillP Studios\Task Catcher\_ISREG32.DLL "
TaxACT 2000-->C:\PROGRA~1\2NDSTO~1\TAXACT~3\Unta00.exe C:\PROGRA~1\2NDSTO~1\TAXACT~3\Install.log
TaxACT 2001-->C:\PROGRA~1\2NDSTO~1\TAXACT~2\Unta01.exe C:\PROGRA~1\2NDSTO~1\TAXACT~2\Install.log
TaxACT 2002-->C:\PROGRA~1\2NDSTO~1\TAXACT~4\Unta02.exe C:\PROGRA~1\2NDSTO~1\TAXACT~4\Install.log
TaxACT 2003-->C:\PROGRA~1\2NDSTO~1\TA6BD6~1\Unta03.exe C:\PROGRA~1\2NDSTO~1\TA6BD6~1\Install.log
TaxACT 2004-->C:\PROGRA~1\2NDSTO~1\TA6BE6~1\Unta04.exe C:\PROGRA~1\2NDSTO~1\TA6BE6~1\Install.log
TaxACT 2005-->C:\PROGRA~1\2NDSTO~1\TA6BF6~1\Unta05.exe C:\PROGRA~1\2NDSTO~1\TA6BF6~1\Install.log
TaxACT 2006-->C:\PROGRA~1\2NDSTO~1\TA6B07~1\Unta06.exe C:\PROGRA~1\2NDSTO~1\TA6B07~1\Install.log
TaxACT 2007-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta07.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
TaxACT 2008-->C:\PROGRA~1\2NDSTO~1\TA6B27~1\Unta08.exe C:\PROGRA~1\2NDSTO~1\TA6B27~1\Install.log
textBEAST PRO CLIPBOARD+ 1.9.17--> "C:\Program Files\textBEAST\unins000.exe "
TextMaker Viewer-->C:\WINDOWS\untmv.exe
The Ultimate Troubleshooter-->C:\PROGRA~1\ANSWER~1\TROUBL~1\UNWISE.EXE C:\PROGRA~1\ANSWER~1\TROUBL~1\INSTALL.LOG
ThreatFire 3.5--> "C:\Program Files\ThreatFire\unins000.exe "
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TypeFaster Typing Tutor--> "C:\Program Files\TypeFaster\uninstall.exe "
Undelete Plus 2.94--> "C:\Program Files\UndeletePlus\unins000.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell--> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4 "
Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (02/08/2007 4.1.7039.0)-->rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_FACF9A084BDF0845CE91C7F87C9E1A569DD2DC5E\pnarp.inf
Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (02/08/2007 4.1.7039.0)-->rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_B44C44A0F3F9608E3241CD86C035F4AF1CE54D81\purendis.inf
Windows Imaging Component--> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Vista Upgrade Advisor-->MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinPatrol 2007 Restore/Remove First-->C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe -remove
WinPatrol 2007 Step 2-->MsiExec.exe /X{736CE9DD-F589-485B-ACFF-78C235A57066}
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinPatrol-->MsiExec.exe /I{3205A978-4A7A-403B-A4B9-D48E6BAFB73B}
WinRescue XP--> "C:\Program Files\WinRescueXP\unins000.exe "
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordWeb Pro-->C:\Program Files\WordWeb\uninst.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZSoft Uninstaller 2.4.1-->C:\Program Files\ZSoft Uninstaller\uninst.exe

======Security center information======

AV: ThreatFire
AV: avast! antivirus 4.8.1282 [VPS 081118-0]
AV: McAfee VirusScan
FW: (disabled)
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ZipGenius 6\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Executive Software\DiskeeperLite\
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION "=0403
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"SonicCentral "=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"DiskeeperIcon "=C:\Program Files\Executive Software\DiskeeperLite\
"tvdumpflags "=8
"SAN_DIR "=C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c

-----------------EOF-----------------

 

Don't see anything in the log that suggests malware, nor did any policy restrictions show up. Lets check one other thing. Please copy and paste the contents of the code box below into a command window and post the resulting text file.

Code:

reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot>safe.txt
reg query  "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ">>safe.txt
reg query HKCU\Environment>>safe.txt
start notepad safe.txt
exit
cls

Did this problem begin around the time you installed ThreatFire?

 

No to ThreatFire question, installed months ago.

Text of code box query:


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
AlternateShell REG_SZ cmd.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ZipGenius 6\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Executive Software\DiskeeperLite\
windir REG_EXPAND_SZ %SystemRoot%
FP_NO_HOST_CHECK REG_SZ NO
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 15
PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_REVISION REG_SZ 0403
NUMBER_OF_PROCESSORS REG_SZ 2
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SonicCentral REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
DiskeeperIcon REG_SZ C:\Program Files\Executive Software\DiskeeperLite\
tvdumpflags REG_SZ 8
SAN_DIR REG_SZ C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Environment
TEMP REG_EXPAND_SZ %USERPROFILE%\Local Settings\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\Local Settings\Temp


Thanks for your help

 

As expected, that export is fine too.
When did this problem start?
What was installed around that time?
Are there any other user accounts, and if so, are they the same way? Safe mode Administrator account?

 

I don't know when it started because I use either search or run infrequently, but I know I used search not long ago. I installed a large program from a CD recently, 500MB religious data base, search tools, mostly text and some graphics, bible scenes but nothing complicated and no unusual configuration required. A few small programs from reputable sources. I have a program called FileLocator Pro I can use for searches.

I am sole user of the computer so I have never dealt with Administrator restrictions. When booting to safe mode I'm given the choice of "me ", which is also the administrator, or "quest ", which is disabled.

Under Documents and Settings there is an Administrator folder with mostly empty subfolders and with latest activity dates in 2004 or 2006. It is a sub folder where the "me" folder resides as a sister subfolder.

Without the run app I put a shortcut of the msconfig file on the desktop and open it there. Command prompt won't open it, right?, at least not on my rig.
The start up column in msconfig does not look right and I'm trying to work my way through some programs to capture and paste it here, or where every you tell me to put it. There are very few programs listed, and two have blanks in the name or title column but show the reg key .......Current Version\Run. Something is wrong there.

Need to spend some time on these areas because not savvy and can't devote unlimited time to the problems, but am eager to solve this problem and learn some stuff if you or the forum topic where you think this belongs will be patient.

Thanks

 

I'm thinking that if an installed program is the culprit here, it would likely be a security program. Since it appears that you're using all freeware that can easily be re-installed, it might be worth the effort and time to try uninstalling them and see if it has any effect.

The following will remove those blank entries from msconfig.

Highlight and copy the contents of the code box below.

Code:

reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v TVPlanet /f
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v RadioPlanet /f
exit
cls

Open a command window, right click in the window and select paste.
The command window will close on it's own.


Did you logon to the Administrator account in safe mode to see if the problem exsisted there?

 

Blank items in Start up still there after applying your fix, after reboot to Safe mode and also full reboot. Each item is checked in the left hand box, make any difference?

I had checked safe mode before, having signed in as "me ", which so far as I can determine, is the same as administrator. Checked again signing in on the Admin link, but no change in run or search appearing.

Will look into security programs. I have not installed any for some time but there have been updates and upgrades so something could have gone awry there.

 

Try copying that code box and pasting in command window again. I made a slight adjustment.

 

That did it, thanks

 

Just so you know, I'm more than willing to keep working towards resolution, though I do feel that eliminating security apps as culprit is a must do before proceeding. I also have another request.

Delete c:\windows\ntbtlog.txt if it exists.
Restart the computer and begin tapping the F8 key on startup to enable the Advanced Start Menu.
Select Enable Boot Logging from the list.
Once you've logged on, navigate to and open the c:\windows\ntbtlog.txt file then post it's contents here.

 

Will much appreciate your continued support. I'm sure you know what you're doing but I am not anywhere near your level so gotta go slow. For example, assuming I'm successful in eliminating all security programs, am I not exposed to attack? I will list all I recognize as security and maybe you can advise me on the plan. Do I uninstall all at once or one at a time for effect and then reinstall that one and do the next?

The file c:\windows\ntbtlog.txt is readily accessible without the rebooting sequence, which I have never done in that manner. The file is 256K and lists as I recall all loaded and not loaded drivers plus some other things. Do I delete that file before doing the rebooting steps and/or if I delete it before the reboot how can I list the content? I don't know what Enable Boot Logging means. After choosing that Advanced Start Menu, does that simply open Windows?

In the mean time I will at least do the F8 and reach Advance Start Menu, but will back off until I hear back on what I hope are clearly enough stated concerns I'm working under.

 

You can do the security apps in whatever manner you like. As noted, you are more vulnerable while connected to the internet without them, so keep that to a minimum. The idea is to uninstall just to see if it corrects the problem, then re-install.

Yes, delete the ntbtlog.txt file. It will be created again when you select Enable Boot Logging at the Advanced Start Menu. That option simply means the system will log the state of drivers loading while the system boots, and the results will be in ntbtlog.txt
The actual startup process will appear normal after making the selection.

 

ntbtlog.txt after delete and reboot with Enable Boot Logging




Service Pack 311 23 2008 21:55:24.359
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver DRVMCDB.SYS
Loaded driver TfSysMon.sys
Loaded driver TfFsMon.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver timntr.sys
Loaded driver tdrpman.sys
Loaded driver srescan.sys
Loaded driver snapman.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_DP.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\Drivers\DLACDBHM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \??\C:\WINDOWS\system32\DRIVERS\GEARASPIWDM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\vdisk.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\drivers\sthda.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Loaded driver \SystemRoot\system32\DRIVERS\klif.sys
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\Drivers\DLARTL_N.SYS
Loaded driver \SystemRoot\System32\DRIVERS\AvgAsCln.sys
Did not load driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\Drivers\aswTdi.SYS
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\Drivers\TfKbMon.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\System32\vsdatant.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\serial.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\SLEE13.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\Drivers\PQNTDrv.SYS
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\BANTExt.sys
Loaded driver \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Loaded driver \SystemRoot\System32\Drivers\aswSP.SYS
Loaded driver \SystemRoot\System32\Drivers\Aavmker4.SYS
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\aswFsBlk.sys
Loaded driver \SystemRoot\System32\Drivers\DRVNDDM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\tifsfilt.sys
Loaded driver \SystemRoot\System32\DLA\DLADResN.SYS
Loaded driver \SystemRoot\System32\DLA\DLAIFS_M.SYS
Loaded driver \SystemRoot\System32\DLA\DLAOPIOM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAPoolM.SYS
Loaded driver \SystemRoot\System32\DLA\DLABOIOM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAUDFAM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAUDF_M.SYS
Loaded driver \SystemRoot\system32\DRIVERS\elagopro.sys
Loaded driver \SystemRoot\system32\DRIVERS\pnarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\purendis.sys
Loaded driver \SystemRoot\System32\Drivers\aswMon2.SYS
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\system32\DRIVERS\elaunidr.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\hidedir.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \??\C:\Program Files\Sandboxie\Sandbox.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\TfNetMon.sys
Loaded driver \SystemRoot\System32\Drivers\aswRdr.SYS
Loaded driver \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\psi_mf.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys

 

See if you can locate these two files.

C:\Windows\system32\drivers\hidedir.sys
C:\Windows\system32\Drivers\mchInjDrv.sys

If so, please upload them to my submission channel for analysis. Leave a link back to this topic.

Thanks!

 

sent, I think, hidedir.sys, but do not have mchInjDrv.sys. Note says to notify that file was successfully sent. Had some trouble logging in because system says my email was already in system and login name already taken. Used different login name and system took the email, so ???????????

 

Assume you received my latest post re uploading file hidedir.sys to your submission channel.

I have completely removed ThreatFire and Spybot-Search and Destroy. How, besides reboot and eyeball start menu, do I determine effect of removing these on my problem?

Is it OK to re-install these apps before un-installing the next security app?

 

Hi shylo,

Yes, I received the file. Do you have any sort of application to hide folders?
Does this mean anything to you?

d:\Gabi\Lucru\neobyte\SafeBit\sources\hook2kxp\Release\hook2kxp.pdb

It is a string found within the file.

I'm surprized you did not find the mchInjDrv.sys file. The bootlog shows is loading, which means it is there. Lets use another tool which should show those two file's service keys.

Download driver_service_info, a tool I wrote to gather information about drivers and services.
Save it to your desktop then double click to run it.
First select the Driver option, then select both Active and Inactive.
When prompted for LoadOrderGroup information, select No.
A log named drivers.txt will open.
Please post it's contents here.

Run the tool again this time selecting the Services option.
Again, select both Active and Inactive.
Select No to ServiceGroup and LoadOrderGroup.
Services.txt will open.
Post it's contents here in another post.

 

I have a program called SafeBit which is a "safe" with password but nothing goes in automatically and it had only one file, a pdf doc. I don't get anything else out of the string except to question the d: and presume that does not indicate the D drive.

In looking for the mchInjDrv.sys file, I alphabetized the column for ease but no dice, also searched for the file in FileLoc Pro, a search app which found the first file but not the second. That app searched not just the Windows folder. Is that file case sensitive? Although I did copy and paste to the search app so that shouldn't matter unless somehow the file is misnamed. I'll keep looking for it.


~~~ Driver Information report ~~~

Microsoft Windows XP Professional
Service Pack 3
5.1.2600

11/25/2008 4:38:52 PM


~~~Active Drivers~~~

Name: Aavmker4
Displayed: avast! Asynchronous Virus Monitor
Path: C:\WINDOWS\system32\drivers\Aavmker4.sys
Type: Kernel Driver
StartMode: System

Name: ACPI
Displayed: Microsoft ACPI Driver
Path: C:\WINDOWS\system32\DRIVERS\ACPI.sys
Type: Kernel Driver
StartMode: Boot

Name: AFD
Displayed: AFD
Path: C:\WINDOWS\system32\drivers\afd.sys
Type: Kernel Driver
StartMode: System

Name: aswFsBlk
Displayed: aswFsBlk
Path: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Type: File System Driver
StartMode: Auto

Name: aswMon2
Displayed: avast! Standard Shield Support
Path: C:\WINDOWS\system32\drivers\aswMon2.sys
Type: File System Driver
StartMode: Auto

Name: aswRdr
Displayed: aswRdr
Path: C:\WINDOWS\system32\drivers\aswRdr.sys
Type: Kernel Driver
StartMode: Manual

Name: aswSP
Displayed: avast! Self Protection
Path: C:\WINDOWS\system32\drivers\aswSP.sys
Type: Kernel Driver
StartMode: System

Name: aswTdi
Displayed: avast! Network Shield Support
Path: C:\WINDOWS\system32\drivers\aswTdi.sys
Type: Kernel Driver
StartMode: System

Name: atapi
Displayed: Standard IDE/ESDI Hard Disk Controller
Path: C:\WINDOWS\system32\DRIVERS\atapi.sys
Type: Kernel Driver
StartMode: Boot

Name: audstub
Displayed: Audio Stub Driver
Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Type: Kernel Driver
StartMode: Manual

Name: AVG Anti-Spyware Driver
Displayed: AVG Anti-Spyware Driver
Path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Type: Kernel Driver
StartMode: System

Name: AvgAsCln
Displayed: AVG Anti-Spyware Clean Driver
Path: C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
Type: Kernel Driver
StartMode: System

Name: BANTExt
Displayed: Belarc SMBios Access
Path: C:\WINDOWS\system32\Drivers\BANTExt.sys
Type: Kernel Driver
StartMode: System

Name: Beep
Displayed: Beep
Path: C:\WINDOWS\system32\drivers\Beep.sys
Type: Kernel Driver
StartMode: System

Name: Cdfs
Displayed: Cdfs
Path: C:\WINDOWS\system32\drivers\Cdfs.sys
Type: File System Driver
StartMode: Disabled

Name: Cdrom
Displayed: CD-ROM Driver
Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Type: Kernel Driver
StartMode: System

Name: Disk
Displayed: Disk Driver
Path: C:\WINDOWS\system32\DRIVERS\disk.sys
Type: Kernel Driver
StartMode: Boot

Name: DLABOIOM
Displayed: DLABOIOM
Path: C:\WINDOWS\system32\DLA\DLABOIOM.SYS
Type: File System Driver
StartMode: Auto

Name: DLACDBHM
Displayed: DLACDBHM
Path: C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
Type: File System Driver
StartMode: System

Name: DLADResN
Displayed: DLADResN
Path: C:\WINDOWS\system32\DLA\DLADResN.SYS
Type: File System Driver
StartMode: Auto

Name: DLAIFS_M
Displayed: DLAIFS_M
Path: C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
Type: File System Driver
StartMode: Auto

Name: DLAOPIOM
Displayed: DLAOPIOM
Path: C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
Type: File System Driver
StartMode: Auto

Name: DLAPoolM
Displayed: DLAPoolM
Path: C:\WINDOWS\system32\DLA\DLAPoolM.SYS
Type: File System Driver
StartMode: Auto

Name: DLARTL_N
Displayed: DLARTL_N
Path: C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
Type: File System Driver
StartMode: System

Name: DLAUDFAM
Displayed: DLAUDFAM
Path: C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
Type: File System Driver
StartMode: Auto

Name: DLAUDF_M
Displayed: DLAUDF_M
Path: C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
Type: File System Driver
StartMode: Auto

Name: dmio
Displayed: Logical Disk Manager Driver
Path: C:\WINDOWS\system32\drivers\dmio.sys
Type: Kernel Driver
StartMode: Boot

Name: dmload
Displayed: dmload
Path: C:\WINDOWS\system32\drivers\dmload.sys
Type: Kernel Driver
StartMode: Boot

Name: DRVMCDB
Displayed: DRVMCDB
Path: C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
Type: Kernel Driver
StartMode: Boot

Name: DRVNDDM
Displayed: DRVNDDM
Path: C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
Type: File System Driver
StartMode: Auto

Name: E100B
Displayed: Intel(R) PRO Network Connection Driver
Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Type: Kernel Driver
StartMode: Manual

Name: elagopro
Displayed: GoProto Protocol Driver for LELA
Path: C:\WINDOWS\system32\DRIVERS\elagopro.sys
Type: Kernel Driver
StartMode: Auto

Name: elaunidr
Displayed: UniDriver for LELA
Path: C:\WINDOWS\system32\DRIVERS\elaunidr.sys
Type: Kernel Driver
StartMode: Auto

Name: Fastfat
Displayed: Fastfat
Path: C:\WINDOWS\system32\drivers\Fastfat.sys
Type: File System Driver
StartMode: Disabled

Name: Fdc
Displayed: Floppy Disk Controller Driver
Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Type: Kernel Driver
StartMode: Manual

Name: Fips
Displayed: Fips
Path: C:\WINDOWS\system32\drivers\Fips.sys
Type: Kernel Driver
StartMode: System

Name: Flpydisk
Displayed: Floppy Disk Driver
Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Type: Kernel Driver
StartMode: Manual

Name: FltMgr
Displayed: FltMgr
Path: C:\WINDOWS\system32\drivers\fltmgr.sys
Type: File System Driver
StartMode: Boot

Name: Ftdisk
Displayed: Volume Manager Driver
Path: C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Type: Kernel Driver
StartMode: Boot

Name: GEARAspiWDM
Displayed: GEAR CDRom Filter
Path: \??\C:\WINDOWS\system32\DRIVERS\GEARASPIWDM.SYS
Type: Kernel Driver
StartMode: Manual

Name: Gpc
Displayed: Generic Packet Classifier
Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Type: Kernel Driver
StartMode: Manual

Name: HDAudBus
Displayed: Microsoft UAA Bus Driver for High Definition Audio
Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Type: Kernel Driver
StartMode: Manual

Name: hidedir
Displayed: hidedir
Path: \??\C:\WINDOWS\system32\drivers\hidedir.sys
Type: Kernel Driver
StartMode: Auto

Name: HidUsb
Displayed: Microsoft HID Class Driver
Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Type: Kernel Driver
StartMode: Manual

Name: HSFHWBS2
Displayed: HSFHWBS2
Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Type: Kernel Driver
StartMode: Manual

Name: HSF_DP
Displayed: HSF_DP
Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Type: Kernel Driver
StartMode: Manual

Name: HTTP
Displayed: HTTP
Path: C:\WINDOWS\system32\Drivers\HTTP.sys
Type: Kernel Driver
StartMode: Manual

Name: i2omgmt
Displayed: i2omgmt
Path: C:\WINDOWS\system32\drivers\i2omgmt.sys
Type: Kernel Driver
StartMode: System

Name: ialm
Displayed: ialm
Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Type: Kernel Driver
StartMode: Manual

Name: Imapi
Displayed: CD-Burning Filter Driver
Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Type: Kernel Driver
StartMode: System

Name: IntelIde
Displayed: IntelIde
Path: C:\WINDOWS\system32\DRIVERS\intelide.sys
Type: Kernel Driver
StartMode: Boot

Name: intelppm
Displayed: Intel Processor Driver
Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Type: Kernel Driver
StartMode: System

Name: IpNat
Displayed: IP Network Address Translator
Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Type: Kernel Driver
StartMode: Manual

Name: IPSec
Displayed: IPSEC driver
Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Type: Kernel Driver
StartMode: System

Name: isapnp
Displayed: PnP ISA/EISA Bus Driver
Path: C:\WINDOWS\system32\DRIVERS\isapnp.sys
Type: Kernel Driver
StartMode: Boot

Name: Kbdclass
Displayed: Keyboard Class Driver
Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Type: Kernel Driver
StartMode: System

Name: kbdhid
Displayed: Keyboard HID Driver
Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Type: Kernel Driver
StartMode: System

Name: KLIF
Displayed: KLIF
Path: C:\WINDOWS\system32\DRIVERS\klif.sys
Type: File System Driver
StartMode: System

Name: kmixer
Displayed: Microsoft Kernel Wave Audio Mixer
Path: C:\WINDOWS\system32\drivers\kmixer.sys
Type: Kernel Driver
StartMode: Manual

Name: KSecDD
Displayed: KSecDD
Path: C:\WINDOWS\system32\drivers\KSecDD.sys
Type: Kernel Driver
StartMode: Boot

Name: mdmxsdk
Displayed: mdmxsdk
Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Type: Kernel Driver
StartMode: Auto

Name: mnmdd
Displayed: mnmdd
Path: C:\WINDOWS\system32\drivers\mnmdd.sys
Type: Kernel Driver
StartMode: System

Name: Modem
Displayed: Modem
Path: C:\WINDOWS\system32\drivers\Modem.sys
Type: Kernel Driver
StartMode: Manual

Name: MODEMCSA
Displayed: Unimodem Streaming Filter Device
Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Type: Kernel Driver
StartMode: Manual

Name: Mouclass
Displayed: Mouse Class Driver
Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Type: Kernel Driver
StartMode: System

Name: mouhid
Displayed: Mouse HID Driver
Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Type: Kernel Driver
StartMode: Manual

Name: MountMgr
Displayed: Mount Point Manager
Path: C:\WINDOWS\system32\drivers\MountMgr.sys
Type: Kernel Driver
StartMode: Boot

Name: MRxDAV
Displayed: WebDav Client Redirector
Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Type: File System Driver
StartMode: Manual

Name: MRxSmb
Displayed: MRXSMB
Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Type: File System Driver
StartMode: System

Name: Msfs
Displayed: Msfs
Path: C:\WINDOWS\system32\drivers\Msfs.sys
Type: File System Driver
StartMode: System

Name: mssmbios
Displayed: Microsoft System Management BIOS Driver
Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Type: Kernel Driver
StartMode: Manual

Name: Mup
Displayed: Mup
Path: C:\WINDOWS\system32\drivers\Mup.sys
Type: File System Driver
StartMode: Boot

Name: NDIS
Displayed: NDIS System Driver
Path: C:\WINDOWS\system32\drivers\NDIS.sys
Type: Kernel Driver
StartMode: Boot

Name: NdisTapi
Displayed: Remote Access NDIS TAPI Driver
Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Type: Kernel Driver
StartMode: Manual

Name: NdisWan
Displayed: Remote Access NDIS WAN Driver
Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Type: Kernel Driver
StartMode: Manual

Name: NDProxy
Displayed: NDIS Proxy
Path: C:\WINDOWS\system32\drivers\NDProxy.sys
Type: Kernel Driver
StartMode: Manual

Name: NetBIOS
Displayed: NetBIOS Interface
Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Type: File System Driver
StartMode: System

Name: NetBT
Displayed: NetBios over Tcpip
Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Type: Kernel Driver
StartMode: System

Name: Npfs
Displayed: Npfs
Path: C:\WINDOWS\system32\drivers\Npfs.sys
Type: File System Driver
StartMode: System

Name: Ntfs
Displayed: Ntfs
Path: C:\WINDOWS\system32\drivers\Ntfs.sys
Type: File System Driver
StartMode: Disabled

Name: Null
Displayed: Null
Path: C:\WINDOWS\system32\drivers\Null.sys
Type: Kernel Driver
StartMode: System

Name: PartMgr
Displayed: Partition Manager
Path: C:\WINDOWS\system32\drivers\PartMgr.sys
Type: Kernel Driver
StartMode: Boot

Name: PCI
Displayed: PCI Bus Driver
Path: C:\WINDOWS\system32\DRIVERS\pci.sys
Type: Kernel Driver
StartMode: Boot

Name: PCIIde
Displayed: PCIIde
Path: C:\WINDOWS\system32\DRIVERS\pciide.sys
Type: Kernel Driver
StartMode: Boot

Name: pnarp
Displayed: Network Magic Device Discovery Driver
Path: C:\WINDOWS\system32\DRIVERS\pnarp.sys
Type: Kernel Driver
StartMode: Auto

Name: PptpMiniport
Displayed: WAN Miniport (PPTP)
Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Type: Kernel Driver
StartMode: Manual

Name: PQNTDrv
Displayed: PQNTDrv
Path: C:\WINDOWS\system32\drivers\PQNTDrv.sys
Type: Kernel Driver
StartMode: System

Name: PSched
Displayed: QoS Packet Scheduler
Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Type: Kernel Driver
StartMode: Manual

Name: PSI
Displayed: PSI
Path: C:\WINDOWS\system32\DRIVERS\psi_mf.sys
Type: File System Driver
StartMode: Manual

Name: Ptilink
Displayed: Direct Parallel Link Driver
Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Type: Kernel Driver
StartMode: Manual

Name: purendis
Displayed: Network Magic Wireless Driver
Path: C:\WINDOWS\system32\DRIVERS\purendis.sys
Type: Kernel Driver
StartMode: Auto

Name: PxHelp20
Displayed: PxHelp20
Path: C:\WINDOWS\system32\Drivers\PxHelp20.sys
Type: Kernel Driver
StartMode: Boot

Name: RasAcd
Displayed: Remote Access Auto Connection Driver
Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Type: Kernel Driver
StartMode: System

Name: Rasl2tp
Displayed: WAN Miniport (L2TP)
Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Type: Kernel Driver
StartMode: Manual

Name: RasPppoe
Displayed: Remote Access PPPOE Driver
Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Type: Kernel Driver
StartMode: Manual

Name: Raspti
Displayed: Direct Parallel
Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Type: Kernel Driver
StartMode: Manual

Name: Rdbss
Displayed: Rdbss
Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Type: File System Driver
StartMode: System

Name: RDPCDD
Displayed: RDPCDD
Path: C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Type: Kernel Driver
StartMode: System

Name: rdpdr
Displayed: Terminal Server Device Redirector Driver
Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Type: Kernel Driver
StartMode: Manual

Name: redbook
Displayed: Digital CD Audio Playback Filter Driver
Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Type: Kernel Driver
StartMode: System

Name: Sandbox
Displayed: Sandbox
Path: \??\C:\Program Files\Sandboxie\Sandbox.sys
Type: Kernel Driver
StartMode: Manual

Name: SASDIFSV
Displayed: SASDIFSV
Path: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Type: Kernel Driver
StartMode: System

Name: SASKUTIL
Displayed: SASKUTIL
Path: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Type: Kernel Driver
StartMode: System

Name: SLEE_13_DRIVER
Displayed: Steganos Live Encryption Engine 13 [Driver]
Path: \??\C:\WINDOWS\system32\drivers\SLEE13.sys
Type: Kernel Driver
StartMode: System

Name: snapman
Displayed: Acronis Snapshots Manager
Path: C:\WINDOWS\system32\DRIVERS\snapman.sys
Type: Kernel Driver
StartMode: Boot

Name: sr
Displayed: System Restore Filter Driver
Path: C:\WINDOWS\system32\DRIVERS\sr.sys
Type: File System Driver
StartMode: Boot

Name: srescan
Displayed: srescan
Path: C:\WINDOWS\system32\ZoneLabs\srescan.sys
Type: Kernel Driver
StartMode: Boot

Name: Srv
Displayed: Srv
Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Type: File System Driver
StartMode: Manual

Name: STHDA
Displayed: SigmaTel High Definition Audio CODEC
Path: C:\WINDOWS\system32\drivers\sthda.sys
Type: Kernel Driver
StartMode: Manual

Name: swenum
Displayed: Software Bus Driver
Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Type: Kernel Driver
StartMode: Manual

Name: sysaudio
Displayed: Microsoft Kernel System Audio Device
Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Type: Kernel Driver
StartMode: Manual

Name: Tcpip
Displayed: TCP/IP Protocol Driver
Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Type: Kernel Driver
StartMode: System

Name: tdrpman
Displayed: Acronis Try&Decide and Restore Points filter
Path: C:\WINDOWS\system32\DRIVERS\tdrpman.sys
Type: Kernel Driver
StartMode: Boot

Name: TermDD
Displayed: Terminal Device Driver
Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Type: Kernel Driver
StartMode: System

Name: tifsfilter
Displayed: Acronis True Image FS Filter
Path: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
Type: File System Driver
StartMode: Auto

Name: timounter
Displayed: Acronis True Image Backup Archive Explorer
Path: C:\WINDOWS\system32\DRIVERS\timntr.sys
Type: Kernel Driver
StartMode: Boot

Name: Update
Displayed: Microcode Update Driver
Path: C:\WINDOWS\system32\DRIVERS\update.sys
Type: Kernel Driver
StartMode: Manual

Name: usbehci
Displayed: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Type: Kernel Driver
StartMode: Manual

Name: usbhub
Displayed: USB2 Enabled Hub
Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Type: Kernel Driver
StartMode: Manual

Name: usbprint
Displayed: Microsoft USB PRINTER Class
Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Type: Kernel Driver
StartMode: Manual

Name: USBSTOR
Displayed: USB Mass Storage Driver
Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Type: Kernel Driver
StartMode: Manual

Name: usbuhci
Displayed: Microsoft USB Universal Host Controller Miniport Driver
Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Type: Kernel Driver
StartMode: Manual

Name: vdisk
Displayed: Virtual Disk Driver
Path: C:\WINDOWS\system32\DRIVERS\vdisk.sys
Type: Kernel Driver
StartMode: Manual

Name: VgaSave
Displayed: VGA Display Controller.
Path: C:\WINDOWS\system32\drivers\vga.sys
Type: Kernel Driver
StartMode: System

Name: VolSnap
Displayed: VolSnap
Path: C:\WINDOWS\system32\drivers\VolSnap.sys
Type: Kernel Driver
StartMode: Boot

Name: vsdatant
Displayed: vsdatant
Path: C:\WINDOWS\system32\vsdatant.sys
Type: Kernel Driver
StartMode: System

Name: Wanarp
Displayed: Remote Access IP ARP Driver
Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Type: Kernel Driver
StartMode: Manual

Name: wdmaud
Displayed: Microsoft WINMM WDM Audio Compatibility Driver
Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Type: Kernel Driver
StartMode: Manual

Name: winachsf
Displayed: winachsf
Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Type: Kernel Driver
StartMode: Manual


~~~Inactive Drivers~~~

Name: Abiosdsk
Displayed: Abiosdsk
Path:
Type: Kernel Driver
StartMode: Disabled

Name: abp480n5
Displayed: abp480n5
Path: C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
Type: Kernel Driver
StartMode: Disabled

Name: ACPIEC
Displayed: ACPIEC
Path: C:\WINDOWS\system32\drivers\ACPIEC.sys
Type: Kernel Driver
StartMode: Disabled

Name: adpu160m
Displayed: adpu160m
Path: C:\WINDOWS\system32\DRIVERS\adpu160m.sys
Type: Kernel Driver
StartMode: Disabled

Name: aec
Displayed: Microsoft Kernel Acoustic Echo Canceller
Path: C:\WINDOWS\system32\drivers\aec.sys
Type: Kernel Driver
StartMode: Manual

Name: agp440
Displayed: Intel AGP Bus Filter
Path: C:\WINDOWS\system32\DRIVERS\agp440.sys
Type: Kernel Driver
StartMode: Disabled

Name: agpCPQ
Displayed: Compaq AGP Bus Filter
Path: C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
Type: Kernel Driver
StartMode: Disabled

Name: Aha154x
Displayed: Aha154x
Path: C:\WINDOWS\system32\DRIVERS\aha154x.sys
Type: Kernel Driver
StartMode: Disabled

Name: aic78u2
Displayed: aic78u2
Path: C:\WINDOWS\system32\DRIVERS\aic78u2.sys
Type: Kernel Driver
StartMode: Disabled

Name: aic78xx
Displayed: aic78xx
Path: C:\WINDOWS\system32\DRIVERS\aic78xx.sys
Type: Kernel Driver
StartMode: Disabled

Name: AliIde
Displayed: AliIde
Path: C:\WINDOWS\system32\DRIVERS\aliide.sys
Type: Kernel Driver
StartMode: Disabled

Name: alim1541
Displayed: ALI AGP Bus Filter
Path: C:\WINDOWS\system32\DRIVERS\alim1541.sys
Type: Kernel Driver
StartMode: Disabled

Name: amdagp
Displayed: AMD AGP Bus Filter Driver
Path: C:\WINDOWS\system32\DRIVERS\amdagp.sys
Type: Kernel Driver
StartMode: Disabled

Name: amsint
Displayed: amsint
Path: C:\WINDOWS\system32\DRIVERS\amsint.sys
Type: Kernel Driver
StartMode: Disabled

Name: asc
Displayed: asc
Path: C:\WINDOWS\system32\DRIVERS\asc.sys
Type: Kernel Driver
StartMode: Disabled

Name: asc3350p
Displayed: asc3350p
Path: C:\WINDOWS\system32\DRIVERS\asc3350p.sys
Type: Kernel Driver
StartMode: Disabled

Name: asc3550
Displayed: asc3550
Path: C:\WINDOWS\system32\DRIVERS\asc3550.sys
Type: Kernel Driver
StartMode: Disabled

Name: AsyncMac
Displayed: RAS Asynchronous Media Driver
Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Type: Kernel Driver
StartMode: Manual

Name: Atdisk
Displayed: Atdisk
Path:
Type: Kernel Driver
StartMode: Disabled

Name: Atmarpc
Displayed: ATM ARP Client Protocol
Path: C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Type: Kernel Driver
StartMode: Manual

Name: bvrp_pci
Displayed: bvrp_pci
Path:
Type: Kernel Driver
StartMode: Manual

Name: cbidf
Displayed: cbidf
Path: C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
Type: Kernel Driver
StartMode: Disabled

Name: cbidf2k
Displayed: cbidf2k
Path: C:\WINDOWS\system32\drivers\cbidf2k.sys
Type: Kernel Driver
StartMode: Disabled

Name: cd20xrnt
Displayed: cd20xrnt
Path: C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
Type: Kernel Driver
StartMode: Disabled

Name: Cdaudio
Displayed: Cdaudio
Path: C:\WINDOWS\system32\drivers\Cdaudio.sys
Type: Kernel Driver
StartMode: System

Name: Changer
Displayed: Changer
Path:
Type: Kernel Driver
StartMode: System

Name: CmdIde
Displayed: CmdIde
Path: C:\WINDOWS\system32\DRIVERS\cmdide.sys
Type: Kernel Driver
StartMode: Disabled

Name: Cpqarray
Displayed: Cpqarray
Path: C:\WINDOWS\system32\DRIVERS\cpqarray.sys
Type: Kernel Driver
StartMode: Disabled

Name: dac2w2k
Displayed: dac2w2k
Path: C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
Type: Kernel Driver
StartMode: Disabled

Name: dac960nt
Displayed: dac960nt
Path: C:\WINDOWS\system32\DRIVERS\dac960nt.sys
Type: Kernel Driver
StartMode: Disabled

Name: dmboot
Displayed: dmboot
Path: C:\WINDOWS\system32\drivers\dmboot.sys
Type: Kernel Driver
StartMode: Disabled

Name: DMusic
Displayed: Microsoft Kernel DLS Syntheiszer
Path: C:\WINDOWS\system32\drivers\DMusic.sys
Type: Kernel Driver
StartMode: Manual

Name: dpti2o
Displayed: dpti2o
Path: C:\WINDOWS\system32\DRIVERS\dpti2o.sys
Type: Kernel Driver
StartMode: Disabled

Name: drmkaud
Displayed: Microsoft Kernel DRM Audio Descrambler
Path: C:\WINDOWS\system32\drivers\drmkaud.sys
Type: Kernel Driver
StartMode: Manual

Name: hpn
Displayed: hpn
Path: C:\WINDOWS\system32\DRIVERS\hpn.sys
Type: Kernel Driver
StartMode: Disabled

Name: i2omp
Displayed: i2omp
Path: C:\WINDOWS\system32\DRIVERS\i2omp.sys
Type: Kernel Driver
StartMode: Disabled

Name: i8042prt
Displayed: i8042 Keyboard and PS/2 Mouse Port Driver
Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Type: Kernel Driver
StartMode: System

Name: ini910u
Displayed: ini910u
Path: C:\WINDOWS\system32\DRIVERS\ini910u.sys
Type: Kernel Driver
StartMode: Disabled

Name: Ip6Fw
Displayed: IPv6 Windows Firewall Driver
Path: C:\WINDOWS\system32\drivers\ip6fw.sys
Type: Kernel Driver
StartMode: Manual

Name: IpFilterDriver
Displayed: IP Traffic Filter Driver
Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Type: Kernel Driver
StartMode: Manual

Name: IpInIp
Displayed: IP in IP Tunnel Driver
Path: C:\WINDOWS\system32\DRIVERS\ipinip.sys
Type: Kernel Driver
StartMode: Manual

Name: IRENUM
Displayed: IR Enumerator Service
Path: C:\WINDOWS\system32\DRIVERS\irenum.sys
Type: Kernel Driver
StartMode: Manual

Name: lbrtfdc
Displayed: lbrtfdc
Path:
Type: Kernel Driver
StartMode: System

Name: mraid35x
Displayed: mraid35x
Path: C:\WINDOWS\system32\DRIVERS\mraid35x.sys
Type: Kernel Driver
StartMode: Disabled

Name: MSKSSRV
Displayed: Microsoft Streaming Service Proxy
Path: C:\WINDOWS\system32\drivers\MSKSSRV.sys
Type: Kernel Driver
StartMode: Manual

Name: MSPCLOCK
Displayed: Microsoft Streaming Clock Proxy
Path: C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Type: Kernel Driver
StartMode: Manual

Name: MSPQM
Displayed: Microsoft Streaming Quality Manager Proxy
Path: C:\WINDOWS\system32\drivers\MSPQM.sys
Type: Kernel Driver
StartMode: Manual

Name: Ndisuio
Displayed: NDIS Usermode I/O Protocol
Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Type: Kernel Driver
StartMode: Manual

Name: nv
Displayed: nv
Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Type: Kernel Driver
StartMode: Manual

Name: NwlnkFlt
Displayed: IPX Traffic Filter Driver
Path: C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Type: Kernel Driver
StartMode: Manual

Name: NwlnkFwd
Displayed: IPX Traffic Forwarder Driver
Path: C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Type: Kernel Driver
StartMode: Manual

Name: Parport
Displayed: Parallel port driver
Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Type: Kernel Driver
StartMode: Manual

Name: ParVdm
Displayed: ParVdm
Path: C:\WINDOWS\system32\drivers\ParVdm.sys
Type: Kernel Driver
StartMode: Disabled

Name: PCIDump
Displayed: PCIDump
Path:
Type: Kernel Driver
StartMode: System

Name: Pcmcia
Displayed: Pcmcia
Path: C:\WINDOWS\system32\drivers\Pcmcia.sys
Type: Kernel Driver
StartMode: Disabled

Name: PDCOMP
Displayed: PDCOMP
Path:
Type: Kernel Driver
StartMode: Manual

Name: PDFRAME
Displayed: PDFRAME
Path:
Type: Kernel Driver
StartMode: Manual

Name: PDRELI
Displayed: PDRELI
Path:
Type: Kernel Driver
StartMode: Manual

Name: PDRFRAME
Displayed: PDRFRAME
Path:
Type: Kernel Driver
StartMode: Manual

Name: perc2
Displayed: perc2
Path: C:\WINDOWS\system32\DRIVERS\perc2.sys
Type: Kernel Driver
StartMode: Disabled

Name: perc2hib
Displayed: perc2hib
Path: C:\WINDOWS\system32\DRIVERS\perc2hib.sys
Type: Kernel Driver
StartMode: Disabled

Name: ql1080
Displayed: ql1080
Path: C:\WINDOWS\system32\DRIVERS\ql1080.sys
Type: Kernel Driver
StartMode: Disabled

Name: Ql10wnt
Displayed: Ql10wnt
Path: C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
Type: Kernel Driver
StartMode: Disabled

Name: ql12160
Displayed: ql12160
Path: C:\WINDOWS\system32\DRIVERS\ql12160.sys
Type: Kernel Driver
StartMode: Disabled

Name: ql1240
Displayed: ql1240
Path: C:\WINDOWS\system32\DRIVERS\ql1240.sys
Type: Kernel Driver
StartMode: Disabled

Name: ql1280
Displayed: ql1280
Path: C:\WINDOWS\system32\DRIVERS\ql1280.sys
Type: Kernel Driver
StartMode: Disabled

Name: RDPWD
Displayed: RDPWD
Path: C:\WINDOWS\system32\drivers\RDPWD.sys
Type: Kernel Driver
StartMode: Manual

Name: SABProcEnum
Displayed: SABProcEnum
Path: \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys
Type: Kernel Driver
StartMode: Manual

Name: SANDRA
Displayed: SANDRA
Path: \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\Sandra.sys
Type: Kernel Driver
StartMode: Manual

Name: SASENUM
Displayed: SASENUM
Path: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Type: Kernel Driver
StartMode: Manual

Name: SDDMI2
Displayed: SDDMI2
Path: \??\C:\WINDOWS\system32\DDMI2.sys
Type: Kernel Driver
StartMode: Manual

Name: Secdrv
Displayed: Secdrv
Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Type: Kernel Driver
StartMode: Manual

Name: serenum
Displayed: Serenum Filter Driver
Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Type: Kernel Driver
StartMode: Manual

Name: Serial
Displayed: Serial port driver
Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Type: Kernel Driver
StartMode: System

Name: Sfloppy
Displayed: Sfloppy
Path: C:\WINDOWS\system32\drivers\Sfloppy.sys
Type: Kernel Driver
StartMode: System

Name: Simbad
Displayed: Simbad
Path:
Type: Kernel Driver
StartMode: Disabled

Name: sisagp
Displayed: SIS AGP Bus Filter
Path: C:\WINDOWS\system32\DRIVERS\sisagp.sys
Type: Kernel Driver
StartMode: Disabled

Name: Sparrow
Displayed: Sparrow
Path: C:\WINDOWS\system32\DRIVERS\sparrow.sys
Type: Kernel Driver
StartMode: Disabled

Name: splitter
Displayed: Microsoft Kernel Audio Splitter
Path: C:\WINDOWS\system32\drivers\splitter.sys
Type: Kernel Driver
StartMode: Manual

Name: swmidi
Displayed: Microsoft Kernel GS Wavetable Synthesizer
Path: C:\WINDOWS\system32\drivers\swmidi.sys
Type: Kernel Driver
StartMode: Manual

Name: symc810
Displayed: symc810
Path: C:\WINDOWS\system32\DRIVERS\symc810.sys
Type: Kernel Driver
StartMode: Disabled

Name: symc8xx
Displayed: symc8xx
Path: C:\WINDOWS\system32\DRIVERS\symc8xx.sys
Type: Kernel Driver
StartMode: Disabled

Name: sym_hi
Displayed: sym_hi
Path: C:\WINDOWS\system32\DRIVERS\sym_hi.sys
Type: Kernel Driver
StartMode: Disabled

Name: sym_u3
Displayed: sym_u3
Path: C:\WINDOWS\system32\DRIVERS\sym_u3.sys
Type: Kernel Driver
StartMode: Disabled

Name: TDPIPE
Displayed: TDPIPE
Path: C:\WINDOWS\system32\drivers\TDPIPE.sys
Type: Kernel Driver
StartMode: Manual

Name: TDTCP
Displayed: TDTCP
Path: C:\WINDOWS\system32\drivers\TDTCP.sys
Type: Kernel Driver
StartMode: Manual

Name: TosIde
Displayed: TosIde
Path: C:\WINDOWS\system32\DRIVERS\toside.sys
Type: Kernel Driver
StartMode: Disabled

Name: TVICHW32
Displayed: TVICHW32
Path: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
Type: Kernel Driver
StartMode: Manual

Name: Udfs
Displayed: Udfs
Path: C:\WINDOWS\system32\drivers\Udfs.sys
Type: File System Driver
StartMode: Disabled

Name: ultra
Displayed: ultra
Path: C:\WINDOWS\system32\DRIVERS\ultra.sys
Type: Kernel Driver
StartMode: Disabled

Name: usbscan
Displayed: Usbscan
Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Type: Kernel Driver
StartMode: Manual

Name: viaagp
Displayed: VIA AGP Bus Filter
Path: C:\WINDOWS\system32\DRIVERS\viaagp.sys
Type: Kernel Driver
StartMode: Disabled

Name: ViaIde
Displayed: ViaIde
Path: C:\WINDOWS\system32\DRIVERS\viaide.sys
Type: Kernel Driver
StartMode: Disabled

Name: wanatw
Displayed: WAN Miniport (ATW)
Path: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Type: Kernel Driver
StartMode: Manual

Name: WDICA
Displayed: WDICA
Path:
Type: Kernel Driver
StartMode: Manual

Name: WudfPf
Displayed: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Path: C:\WINDOWS\system32\DRIVERS\WudfPf.sys
Type: Kernel Driver
StartMode: Manual

Name: WudfRd
Displayed: Windows Driver Foundation - User-mode Driver Framework Reflector
Path: C:\WINDOWS\system32\DRIVERS\wudfrd.sys
Type: Kernel Driver
StartMode: Manual


~~~End of Report~~~


~~~ Inactive Service report ~~~

Microsoft Windows XP Professional
Service Pack 3
5.1.2600

11/25/2008 4:41:52 PM


~~~Running Processes~~~

System Idle Process
PID: 0
Path:
Parent PID: 0

System
PID: 4
Path:
Parent PID: 0

smss.exe
PID: 864
Path: C:\WINDOWS\System32\smss.exe
Parent PID: 4

csrss.exe
PID: 924
Path:
Parent PID: 864

winlogon.exe
PID: 948
Path: C:\WINDOWS\system32\winlogon.exe
Parent PID: 864

services.exe
PID: 992
Path: C:\WINDOWS\system32\services.exe
Parent PID: 948

lsass.exe
PID: 1004
Path: C:\WINDOWS\system32\lsass.exe
Parent PID: 948

svchost.exe
PID: 1204
Path: C:\WINDOWS\system32\svchost.exe
Parent PID: 992

svchost.exe
PID: 1320
Path:
Parent PID: 992

svchost.exe
PID: 1424
Path: C:\WINDOWS\System32\svchost.exe
Parent PID: 992

svchost.exe
PID: 1656
Path:
Parent PID: 992

svchost.exe
PID: 1748
Path:
Parent PID: 992

vsmon.exe
PID: 1876
Path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Parent PID: 992

explorer.exe
PID: 1908
Path: C:\WINDOWS\Explorer.EXE
Parent PID: 1884

aawservice.exe
PID: 532
Path: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
Parent PID: 992

aswUpdSv.exe
PID: 548
Path: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Parent PID: 992

ashServ.exe
PID: 648
Path: C:\Program Files\Alwil Software\Avast4\ashServ.exe
Parent PID: 992

spoolsv.exe
PID: 1232
Path: C:\WINDOWS\system32\spoolsv.exe
Parent PID: 992

schedul2.exe
PID: 1696
Path: C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
Parent PID: 992

AppleMobileDeviceService.exe
PID: 1712
Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Parent PID: 992

guard.exe
PID: 1048
Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Parent PID: 992

DKService.exe
PID: 1780
Path: C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
Parent PID: 992

GEARSEC.EXE
PID: 1816
Path: C:\WINDOWS\system32\GEARSEC.EXE
Parent PID: 992

hldasvc.exe
PID: 1852
Path: C:\Program Files\Common Files\BinarySense\hldasvc.exe
Parent PID: 992

hldasvc.exe
PID: 1764
Path: C:\Program Files\Common Files\BinarySense\hldasvc.exe
Parent PID: 1852

svchost.exe
PID: 2060
Path: C:\WINDOWS\System32\svchost.exe
Parent PID: 992

NMSAccessU.exe
PID: 2084
Path: C:\Program Files\CDBurnerXP\NMSAccessU.exe
Parent PID: 992

SandboxieServer.exe
PID: 2148
Path: C:\Program Files\Sandboxie\SandboxieServer.exe
Parent PID: 992

RpcAgentSrv.exe
PID: 2184
Path: C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
Parent PID: 992

svchost.exe
PID: 2344
Path: C:\WINDOWS\system32\svchost.exe
Parent PID: 992

TrueImageTryStartService.exe
PID: 2440
Path: C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
Parent PID: 992

uphclean.exe
PID: 2484
Path: C:\Program Files\UPHClean\uphclean.exe
Parent PID: 992

nmsrvc.exe
PID: 2508
Path: C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
Parent PID: 992

wmpnetwk.exe
PID: 2572
Path:
Parent PID: 992

ashMaiSv.exe
PID: 3128
Path: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Parent PID: 992

ashWebSv.exe
PID: 3304
Path: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Parent PID: 992

alg.exe
PID: 3472
Path:
Parent PID: 992

TaskTrap.exe
PID: 3852
Path: C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
Parent PID: 1908

zlclient.exe
PID: 3896
Path: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Parent PID: 1908

LinksysAgent.exe
PID: 3984
Path: C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
Parent PID: 1908

HDDlifePro.exe
PID: 4040
Path: C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
Parent PID: 1908

psi.exe
PID: 2008
Path: C:\Program Files\Secunia\PSI (RC4)\psi.exe
Parent PID: 1908

HDDlifePro.exe
PID: 464
Path: C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
Parent PID: 4040

ctfmon.exe
PID: 2820
Path: C:\WINDOWS\system32\ctfmon.exe
Parent PID: 2008

ashDisp.exe
PID: 2824
Path: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Parent PID: 3976

WINPAT~1.EXE
PID: 3076
Path: C:\Program Files\BillP Studios\WinPatrol\WINPAT~1.EXE
Parent PID: 3976

ACCELE~2.EXE
PID: 3276
Path: C:\Program Files\AcceleRun\ACCELE~2.EXE
Parent PID: 3976

wweb32.exe
PID: 3296
Path: C:\Program Files\WordWeb\wweb32.exe
Parent PID: 3976

NetVisualize.exe
PID: 3088
Path: C:\Program Files\NetVisualize\NetVisualize.exe
Parent PID: 1908

safebit.exe
PID: 1272
Path: C:\Program Files\SafeBit\safebit.exe
Parent PID: 1908

EditPadLite.exe
PID: 1836
Path: C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
Parent PID: 1908

firefox.exe
PID: 2868
Path: C:\Program Files\Mozilla Firefox\firefox.exe
Parent PID: 1908

notepad.exe
PID: 2268
Path: C:\WINDOWS\system32\notepad.exe
Parent PID: 4028

driver_service_info.exe
PID: 3720
Path: C:\Downloads\driver_service_info.exe
Parent PID: 1908

cmd.exe
PID: 1468
Path: C:\WINDOWS\system32\cmd.exe
Parent PID: 3720

wmiprvse.exe
PID: 3952
Path:
Parent PID: 1204

cscript.exe
PID: 1616
Path: C:\WINDOWS\system32\cscript.exe
Parent PID: 1468

findstr.exe
PID: 528
Path: C:\WINDOWS\system32\findstr.exe
Parent PID: 1468


~~~Running Services by PID~~~

PID: 532
Lavasoft Ad-Aware Service
PID: 1696
Acronis Scheduler2 Service
PID: 3472
Application Layer Gateway Service
PID: 1712
Apple Mobile Device
PID: 548
avast! iAVS4 Control Service
PID: 1424
Windows Audio
Computer Browser
Cryptographic Services
DHCP Client
Logical Disk Manager
COM+ Event System
Help and Support
Server
Workstation
Network Connections
Network Location Awareness (NLA)
Remote Access Connection Manager
Task Scheduler
Secondary Logon
System Event Notification
Windows Firewall/Internet Connection Sharing (ICS)
Shell Hardware Detection
System Restore Service
Telephony
Themes
Distributed Link Tracking Client
Windows Management Instrumentation
Security Center
PID: 648
avast! Antivirus
PID: 3128
avast! Mail Scanner
PID: 3304
avast! Web Scanner
PID: 1048
AVG Anti-Spyware Guard
PID: 1204
DCOM Server Process Launcher
PID: 1780
Diskeeper
PID: 1656
DNS Client
PID: 992
Event Log
Plug and Play
PID: 1816
GEARSecurity
PID: 1764
HDDlife HDD Access service
PID: 2060
HTTP SSL
PID: 1748
TCP/IP NetBIOS Helper
Remote Registry
SSDP Discovery Service
Universal Plug and Play Device Host
WebClient
PID: 2084
NMSAccessU
PID: 2508
Pure Networks Network Magic Service
PID: 1004
IPSEC Services
Protected Storage
Security Accounts Manager
PID: 1320
Remote Procedure Call (RPC)
PID: 2148
Sandboxie Service
PID: 2184
SiSoftware Deployment Agent Service
PID: 1232
Print Spooler
PID: 2344
Windows Image Acquisition (WIA)
PID: 2440
Acronis Try And Decide Service
PID: 2484
User Profile Hive Cleanup
PID: 1876
TrueVector Internet Monitor
PID: 2572
Windows Media Player Network Sharing Service


~~~Inactive Services Configuration~~~

Service: Alerter
Displayed: Alerter
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled

Service: AppMgmt
Displayed: Application Management
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: aspnet_state
Displayed: ASP.NET State Service
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Start Mode: Manual

Service: BITS
Displayed: Background Intelligent Transfer Service
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: CiSvc
Displayed: Indexing Service
Path: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual

Service: ClipSrv
Displayed: ClipBook
Path: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled

Service: clr_optimization_v2.0.50727_32
Displayed: .NET Runtime Optimization Service v2.0.50727_X86
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Start Mode: Manual

Service: COMSysApp
Displayed: COM+ System Application
Path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual

Service: dmadmin
Displayed: Logical Disk Manager Administrative Service
Path: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual

Service: Dot3svc
Displayed: Wired AutoConfig
Path: C:\WINDOWS\System32\svchost.exe -k dot3svc
Start Mode: Manual

Service: EapHost
Displayed: Extensible Authentication Protocol Service
Path: C:\WINDOWS\System32\svchost.exe -k eapsvcs
Start Mode: Manual

Service: ERSvc
Displayed: Error Reporting Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: FastUserSwitchingCompatibility
Displayed: Fast User Switching Compatibility
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: gusvc
Displayed: Google Updater Service
Path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "
Start Mode: Manual

Service: HidServ
Displayed: Human Interface Device Access
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: hkmsvc
Displayed: Health Key and Certificate Management Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: ImapiService
Displayed: IMAPI CD-Burning COM Service
Path: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual

Service: iPod Service
Displayed: iPod Service
Path: "C:\Program Files\iPod\bin\iPodService.exe "
Start Mode: Manual

Service: Messenger
Displayed: Messenger
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: mnmsrvc
Displayed: NetMeeting Remote Desktop Sharing
Path: C:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Disabled

Service: MSDTC
Displayed: Distributed Transaction Coordinator
Path: C:\WINDOWS\system32\msdtc.exe
Start Mode: Manual

Service: MSIServer
Displayed: Windows Installer
Path: C:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual

Service: napagent
Displayed: Network Access Protection Agent
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: NetDDE
Displayed: Network DDE
Path: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled

Service: NetDDEdsdm
Displayed: Network DDE DSDM
Path: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled

Service: Netlogon
Displayed: Net Logon
Path: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual

Service: NetSvc
Displayed: Intel NCS NetService
Path: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Start Mode: Manual

Service: nmraapache
Displayed: Pure Networks Net2Go Service
Path: "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice
Start Mode: Manual

Service: NtLmSsp
Displayed: NT LM Security Support Provider
Path: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual

Service: NtmsSvc
Displayed: Removable Storage
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: RasAuto
Displayed: Remote Access Auto Connection Manager
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: RDSessMgr
Displayed: Remote Desktop Help Session Manager
Path: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Disabled

Service: RemoteAccess
Displayed: Routing and Remote Access
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: RpcLocator
Displayed: Remote Procedure Call (RPC) Locator
Path: C:\WINDOWS\system32\locator.exe
Start Mode: Manual

Service: RSVP
Displayed: QoS RSVP
Path: C:\WINDOWS\system32\rsvp.exe
Start Mode: Disabled

Service: SCardSvr
Displayed: Smart Card
Path: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual

Service: SwPrv
Displayed: MS Software Shadow Copy Provider
Path: C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7}
Start Mode: Manual

Service: SysmonLog
Displayed: Performance Logs and Alerts
Path: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Manual

Service: TermService
Displayed: Terminal Services
Path: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Disabled

Service: TlntSvr
Displayed: Telnet
Path: C:\WINDOWS\system32\tlntsvr.exe
Start Mode: Disabled

Service: UPS
Displayed: Uninterruptible Power Supply
Path: C:\WINDOWS\System32\ups.exe
Start Mode: Manual

Service: VSS
Displayed: Volume Shadow Copy
Path: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual

Service: w32time
Displayed: Windows Time
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: WmdmPmSN
Displayed: Portable Media Serial Number Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: Wmi
Displayed: Windows Management Instrumentation Driver Extensions
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: WmiApSrv
Displayed: WMI Performance Adapter
Path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual

Service: wuauserv
Displayed: Automatic Updates
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: WudfSvc
Displayed: Windows Driver Foundation - User-mode Driver Framework
Path: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Start Mode: Manual

Service: WZCSVC
Displayed: Wireless Zero Configuration
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: xmlprov
Displayed: Network Provisioning Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual


~~~ svchost Export ~~~

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HTTPFilter REG_MULTI_SZ
HTTPFilter
LocalService REG_MULTI_SZ
Alerter
WebClient
LmHosts
RemoteRegistry
upnphost
SSDPSRV
NetworkService REG_MULTI_SZ
DnsCache
netsvcs REG_MULTI_SZ
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
DcomLaunch REG_MULTI_SZ
DcomLaunch
TermService
rpcss REG_MULTI_SZ
RpcSs
imgsvc REG_MULTI_SZ
StiSvc
termsvcs REG_MULTI_SZ
TermService
WudfServiceGroup REG_MULTI_SZ
WUDFSvc
eapsvcs REG_MULTI_SZ
eaphost
dot3svc REG_MULTI_SZ
dot3svc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8

~~~End of Report~~~

 

Highlight and copy the contents of the code box below.

Code:

cd desktop
reg save HKLM\SYSTEM\CurrentControlSet\Services services.hiv
exit
cls

Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own.

This should create a file named services.hiv on your desktop.
Please right click that file and select Send To>Compressed (zipped) Folder.
You will now see services.zip on your desktop as well.
Please upload services.zip to my submission channel for analysis. Leave a link back to this topic.