A few days ago things went haywire on my pc with regards to internet connection. At times I was able to get on but mostly I could not. After several scans I discovered and deleted a trojan virus, unsure of exact name unfortunately. Anyway since getting this virus and hopefully removing it my computer no longer seems to remember any settings.
For example when I startup and login none of my startup programs have started, and they are all set to come on at startup obviously. when i go online via internet explorer every time I open it I am asked to set automatic fishing, as if I starting the application for the first time each and evry time. Dopn’t have any problems iwth mozilla though it seems to remember all previous settings. Having to reinstall windows would present huge problems for me and I really hope there is some alternative, any suggestions???
Lets have a look see
- Click here to download HJTsetup.exe
[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Cheers very much, will try that. Sadly stuck at work at moment so will be a couple of hours before I get chance. but asap I will post it. Out of curiosity the fact that mozilla works but windows applications aren’t properly do think it could just be a case of detecting whatever and prob resolved without having to reinstall windows?
I allways live in hope and treat a re-install as a failure 8)
Here it comes, cheers.
Logfile of HijackThis v1.99.1
Scan saved at 20:07:07, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CallingID\Toolbar\CallingIDGlobal.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program
and some more
Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: CallingID for IE - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
O4 - HKLM..\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [NvMediaCenter] “RUNDLL32.EXE” C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\Comodo\Firewall\CPF.exe” /background
O4 - HKLM..\Run: [StartupDelayer] “C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe”
O4 - HKLM..\Run: [BOC-423] C:\PROGRA~1\Comodo\CBOClean\BOC423.exe
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM..\Run: [ErrorFixer] C:\Program Files\Error Fixer\ErrorFixer.exe -AutoStart
O4 - HKLM..\RunOnce: [Restore] C:\WINDOWS\system32\restore\rstrui.exe -c
O4 - Global Startup: AVG Anti-Spyware.lnk = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - Global Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: Comodo BOClean.lnk = C:\Program Files\Comodo\CBOClean\BOC423.EXE
O4 - Global Startup: COMODO Firewall Pro.lnk = C:\Program Files\Comodo\Firewall\cpf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150904764953
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37960.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4965/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip..{0D9B2F1C-41CA-4A6D-95FD-252F78F9664C}: NameServer = 192.168.0.1,195.40.1.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Control Pro (RCPServer) - Alchemy Lab - C:\Program Files\Remote Control Pro\rcpserver.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Interesting that you haven’t even got avast installed and this is a support forum for avast anti-virus, I assume support is decidedly lacking with AVG free [/sarcasm] ?
Other than these I see nothing obvious.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Do you know what this is it something you installed:
O4 - HKLM..\Run: [ErrorFixer] C:\Program Files\Error Fixer\ErrorFixer.exe -AutoStart
Nothing apparent lets go for a deeper scan
Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
I did indeed have avast installed on my computer upto a couple of days ago when this all started. While avast initally appeared to discover and delete the virus, I was still having problems after and indeed upto and beyond now. So in my desperation to get my computer fixed without loosing everyting that I had failed to backup, I tried various other spyware, adware and anti-virus programs, but sadly with no success. I have every intention of reinstalling avast once prob is resolved but for moment my uninstalling and installing effort are concentrating on resolving the issue at hand.
Will try suggested alternative at some point later, unfortunately I am stuck in hell, or as some may call work and unlikely to get early release as I’ve already used my good behaviour days. will get back to you. cheers again for help, it’s very much appreciated the wife isnae too please that I’ve buggered the computer and potentially lost all our family pictures and most importantly her sims2 collection.
The errorfixer is a program I downloaded recently to try and resolve my problem, it’s a registry fixer I believe.
Try the winpfind that should show where the problems are and I may be able to fix it,
wife isnae too please that I've buggered the computer and potentially lost all our family pictures and most importantly her sims2 collection.
Not yet time for hari kiri
Hi aguyfaescotland,
Errorfixer, which David asked you about, seems to be scamware: asking for money for doing nothing.
Get rid of it. If you want to check for registry errors, TuneUp Utilitiies has a free working trial:
It would help us to know what the original virus was and what the symptoms were and are. What are the problems you say you are still having?
If they still seem to be virus-related, it would be work running some rootkit (hidden malware) scans:
http://www.pandasoftware.com/products/antirootkit/
http://www.f-secure.com/blacklight/
http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5
hello. went home at lunch and downloaded program. in your post you mentioned something about checking some boxes, but the boxes seemed to be missing from your post. when i ran the program without checking any boxes in seemed to crash, I checked all boxes and it crashed. I then checked just a few and it started scanning, sadly I had to return to work before it completed so will have to post results later. just incase I need to do it again what boxes should I have checked.
errorfixer didnae work for me though I don’t recall it asking for any money.
My problems started a few days ago. I couldn’t access the internet and at that time I had Avast but it didn’t display any error messages. After a few days of internet problems I ran a boot scan with avast and it appeared to detect and delete a trojan, although I failed to memorise name (sorry). After this and booting my computer back up none of my startup programs were running, things like comodo and ani-virus and one or two other things failed to launch. When I attempt to access internet I can get online but internet explorer seems to forget my setting and presents me with the option of setting automatic fishing every time. I can’t update windows, when i try, I get the blocking banner at top of screen and when I click and allow install of the microsft components it just resets back and again asks to enable active x controls for site. Mozilla firefox works without any probs what so ever and still remember settings from before all this started. Very, very frustrating and I could go on.
If you had kept avast!, you could have looked at the log to see what had been deleted, and that might have given us a clue to the problem.
Also, it’s always best to quarantine any malware found just in case it is a false-positive detection of a legitimate system file. The removal of such a file can cause problems like those you describe, and having the file in quarantine, you could have re-scanned it to confirm it was malware, and replaced it if it turned out to be a false positive.
Not being able to access the internet is not necessarily the symptom of a virus, so I wonder if the Tojan detected by avast! was responsible for that problem in the first place.
I think I would be tempted to try a System Restore to a time before you started experiencing problems- assuming you can find a working restore point. As you have removed/installed several anti-malware programs since then, you may find you need to remove and reinstall programs before they work properly after a system restore.
If you do do a sytem restore, run a scan with whatever AV you decide to install, plus AVG Anti-Spyware because the system restore may reactivate malware. Be sure to make a note of any detections and to chose the quarantine option (put in chest in avast!).
Errorfixer is definitely a con-trick, so bin it.
I’ve tried system restore, and you would know this if I bothered to inform you to begin with, sorry. I tried system restore but system just crashes during restore. Also I have a system exlporer program which replaced task manager and it is now not working and I am unable to uninstall and I’m unable to check it. I have advanced windows care which is also crashing since this problem but I can access the startup menu using it and I noticed yesterday that file called something like rstrui.exe was checked to start with windows, I’ve never noticed this before and thought it could be cause of problem but when I checked the file name on internet (which I can access, internet explorer just doesn’t remember my settings) it says it’s to do with system restore so thought I should just leave. But I’ve definately never saw it in startup before is it normal for it to be there if you’ve used (or as in my case unsuccessfully tried) the restore function?
Here it comes and what a size of a document, sorry.
WinPFind3 logfile created on: 27/05/2007 13:48:59
WinPFind3U by OldTimer - Version 1.0.38 Folder = D:\Documents and Settings\Jamie\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.80% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.43% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 11.47 Gb Free Space | 38.25% Space Free
Drive D: | 241.65 Gb Total Space | 110.38 Gb Free Space | 45.68% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: XAVIER
Current User Name: Jamie
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
aolacsd.exe → %CommonProgramFiles%\AOL\ACS\AOLacsd.exe → America Online, Inc. [Ver = 2.0.20.1.UK.223 | Size = 1135728 bytes | Modified Date = 08/04/2004 08:38:26 | Attr = ]
avgamsvr.exe → %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe → GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
avgcc.exe → %ProgramFiles%\Grisoft\AVG7\avgcc.exe → GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
avgemc.exe → %ProgramFiles%\Grisoft\AVG7\avgemc.exe → GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
avgupsvc.exe → %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe → GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 23/05/2007 23:02:24 | Attr = ]
bocore.exe → %ProgramFiles%\Comodo\CBOClean\BOCore.exe → COMODO [Ver = 4.23.001 | Size = 76528 bytes | Modified Date = 17/04/2007 15:21:08 | Attr = ]
cmdagent.exe → %ProgramFiles%\Comodo\Firewall\cmdagent.exe → COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 26/02/2007 15:20:08 | Attr = ]
cpf.exe → %ProgramFiles%\Comodo\Firewall\cpf.exe → COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 26/02/2007 15:20:08 | Attr = ]
elservice.exe → %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe → Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 08/11/2005 15:51:54 | Attr = ]
googleupdaterservice.exe → %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe → Google [Ver = 2.0.767.25472.beta | Size = 136952 bytes | Modified Date = 30/03/2007 20:54:42 | Attr = ]
guard.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
iaantmon.exe → %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe → Intel Corporation [Ver = 5.5.0.1035 | Size = 86140 bytes | Modified Date = 12/10/2005 12:30:24 | Attr = ]
lexbces.exe → %System32%\LEXBCES.EXE → Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Modified Date = 26/02/2004 08:55:20 | Attr = ]
lexpps.exe → %System32%\LEXPPS.EXE → Lexmark International, Inc. [Ver = 9.37 | Size = 174592 bytes | Modified Date = 26/02/2004 08:55:50 | Attr = ]
nvsvc32.exe → %System32%\nvsvc32.exe → NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 11/08/2006 21:42:50 | Attr = ]
saservice.exe → %ProgramFiles%\SiteAdvisor\6066\SAService.exe → McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 14/04/2007 00:04:26 | Attr = ]
tablet.exe → %System32%\Tablet.exe → Wacom Technology, Corp. [Ver = 4.84-6 | Size = 729088 bytes | Modified Date = 10/01/2005 12:10:38 | Attr = ]
ulcdrsvr.exe → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 26/02/2004 09:52:00 | Attr = ]
winpfind3u.exe → D:\Documents and Settings\Jamie\Desktop\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]
x10nets.exe → %CommonProgramFiles%\X10\Common\X10nets.exe → X10 [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 12/11/2001 13:31:48 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe → Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 02/09/2006 22:05:10 | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] → %CommonProgramFiles%\AOL\ACS\AOLacsd.exe → America Online, Inc. [Ver = 2.0.20.1.UK.223 | Size = 1135728 bytes | Modified Date = 08/04/2004 08:38:26 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe → GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe → GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 23/05/2007 23:02:24 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG7\avgemc.exe → GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
(BOCore) BOCore [Win32_Own | Auto | Running] → %ProgramFiles%\Comodo\CBOClean\BOCore.exe → COMODO [Ver = 4.23.001 | Size = 76528 bytes | Modified Date = 17/04/2007 15:21:08 | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] → %ProgramFiles%\Comodo\Firewall\cmdagent.exe → COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 26/02/2007 15:20:08 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
(ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Auto | Running] → %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe → Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 08/11/2005 15:51:54 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] → %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe → Google [Ver = 2.0.767.25472.beta | Size = 136952 bytes | Modified Date = 30/03/2007 20:54:42 | Attr = ]
(IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] → %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe → Intel Corporation [Ver = 5.5.0.1035 | Size = 86140 bytes | Modified Date = 12/10/2005 12:30:24 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe → Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(KService) KService [Win32_Own | Auto | Stopped] → %ProgramFiles%\KService\KService.exe → Kontiki Inc. [Ver = 4.21.51215.0 | Size = 2007040 bytes | Modified Date = 07/08/2006 15:39:36 | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] → %System32%\LEXBCES.EXE → Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Modified Date = 26/02/2004 08:55:20 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] → %System32%\nvsvc32.exe → NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 11/08/2006 21:42:50 | Attr = ]
(RCPServer) Remote Control Pro [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Remote Control Pro\rcpserver.exe → Alchemy Lab [Ver = 2.6.0 | Size = 207872 bytes | Modified Date = 29/08/2006 10:13:40 | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] → %ProgramFiles%\SiteAdvisor\6066\SAService.exe → McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 14/04/2007 00:04:26 | Attr = ]
(TabletService) TabletService [Win32_Own | Auto | Running] → %System32%\Tablet.exe → Wacom Technology, Corp. [Ver = 4.84-6 | Size = 729088 bytes | Modified Date = 10/01/2005 12:10:38 | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 26/02/2004 09:52:00 | Attr = ]
(x10nets) X10 Device Network Service [Win32_Own | Auto | Running] → %CommonProgramFiles%\X10\Common\X10nets.exe → X10 [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 12/11/2001 13:31:48 | Attr = ]
[Driver Services - Non-Microsoft Only]
(14a17) 14a17 [Kernel | On_Demand | Stopped] → D:\DOCUME~1\Jamie\LOCALS~1\Temp\14a17.sys → File not found
(3xHybrid) 3xHybrid service [Kernel | On_Demand | Running] → %System32%\drivers\3xHybrid.sys → Philips Semiconductors GmbH [Ver = 1, 3, 2, 6 | Size = 799744 bytes | Modified Date = 27/05/2005 12:51:26 | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] → → File not found
(alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Stopped] → %System32%\drivers\alcan5wn.sys → THOMSON [Ver = 301.0.0.12 | Size = 53600 bytes | Modified Date = 08/12/2003 11:53:48 | Attr = ]
(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] → %System32%\drivers\alcaudsl.sys → THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 08/12/2003 11:53:46 | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] → %System32%\drivers\aliide.sys → Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 17/08/2001 13:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] → %System32%\drivers\AMDAGP.SYS → Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 03/08/2004 23:07:44 | Attr = ]
(asc) asc [Kernel | Boot | Running] → %System32%\drivers\asc.sys → Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 17/08/2001 13:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] → %System32%\drivers\asc3550.sys → Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 17/08/2001 13:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] → → File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys → [Ver = | Size = 4096 bytes | Modified Date = 28/09/2006 15:13:34 | Attr = ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] → %System32%\drivers\avg7core.sys → GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 23/05/2007 23:02:24 | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] → %System32%\drivers\avg7rsw.sys → GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 23/05/2007 23:02:26 | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] → %System32%\drivers\avg7rsxp.sys → GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 23/05/2007 23:02:26 | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] → %System32%\drivers\AvgAsCln.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05/09/2006 17:03:16 | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] → %System32%\drivers\avgclean.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 23/05/2007 23:02:28 | Attr = ]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] → %System32%\drivers\avgtdi.sys → GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 23/05/2007 23:02:28 | Attr = ]
(BOCDRIVE) BOClean Kernel Monitor. [Kernel | On_Demand | Running] → %ProgramFiles%\Comodo\CBOClean\BOCDRIVE.SYS → [Ver = | Size = 15376 bytes | Modified Date = 17/04/2007 15:14:10 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] → → File not found
(CmdIde) CmdIde [Kernel | Boot | Running] → %System32%\drivers\cmdide.sys → CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 17/08/2001 13:51:54 | Attr = ]
(CmdMon) Comodo Application Engine [Kernel | System | Running] → %System32%\drivers\cmdmon.sys → Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 26/02/2007 15:20:08 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] → %System32%\drivers\dac2w2k.sys → Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 17/08/2001 13:52:16 | Attr = ]
(DCamUSBDigitalCamera) Digital Camera [Kernel | On_Demand | Stopped] → %System32%\drivers\MPIXVID.SYS → [Ver = | Size = 104593 bytes | Modified Date = 26/04/2005 17:42:48 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] → %System32%\drivers\dmboot.sys → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] → %System32%\drivers\dmio.sys → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] → %System32%\drivers\dmload.sys → Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] → %System32%\drivers\e100b325.sys → Intel Corporation [Ver = 8.0.21.0 built by: WinDDK | Size = 162816 bytes | Modified Date = 13/06/2005 13:58:04 | Attr = ]
(ELacpi) ELacpi [Kernel | On_Demand | Running] → %System32%\drivers\ELacpi.sys → Intel Corporation [Ver = 1.0.0.1093 | Size = 7808 bytes | Modified Date = 08/11/2005 15:51:40 | Attr = ]
(ELhid) ELhid [Kernel | System | Running] → %System32%\drivers\ELhid.sys → Intel Corporation [Ver = 1.0.0.1093 | Size = 10112 bytes | Modified Date = 08/11/2005 15:51:18 | Attr = ]
(ELkbd) ELkbd [Kernel | System | Running] → %System32%\drivers\ELkbd.sys → Intel Corporation [Ver = 1.0.0.1093 | Size = 6912 bytes | Modified Date = 08/11/2005 15:51:22 | Attr = ]
(ELmon) ELmon [Kernel | System | Running] → %System32%\drivers\ELmon.sys → Intel Corporation [Ver = 1.0.0.1093 | Size = 7040 bytes | Modified Date = 08/11/2005 15:51:38 | Attr = ]
(ELmou) ELmou [Kernel | System | Running] → %System32%\drivers\ELmou.sys → Intel Corporation [Ver = 1.0.0.1093 | Size = 6400 bytes | Modified Date = 08/11/2005 15:51:20 | Attr = ]
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] → %System32%\drivers\Hdaudio.sys → Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 145920 bytes | Modified Date = 07/01/2005 17:07:16 | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] → %System32%\drivers\Hdaudbus.sys → Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 07/01/2005 17:07:18 | Attr = ]
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] → %System32%\drivers\iaStor.sys → Intel Corporation [Ver = 5.5.0.1035 | Size = 874240 bytes | Modified Date = 12/10/2005 12:07:12 | Attr = ]
(InCDFs) InCD File System [File_System | Disabled | Stopped] → system32\drivers\InCDFs.sys → File not found
(InCDPass) InCDPass [Kernel | System | Stopped] → system32\drivers\InCDPass.sys → File not found
(InCDRm) InCD Reader [Kernel | System | Stopped] → system32\drivers\InCDRm.sys → File not found
(Inspect) Comodo Network Engine [Kernel | Boot | Running] → %System32%\drivers\inspect.sys → COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 26/02/2007 15:20:08 | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] → %System32%\drivers\RtkHDAud.sys → Realtek Semiconductor Corp. [Ver = 5.10.00.5172 built by: WinDDK | Size = 3966976 bytes | Modified Date = 23/09/2005 18:56:28 | Attr = ]
(KLIF) KLIF [Kernel | On_Demand | Stopped] → %SystemDrive%\PROGRA~1\PCTOOL~1\KLIF.SYS → File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] → → File not found
(MotDev) Motorola Inc. USB Device [Kernel | On_Demand | Stopped] → %System32%\drivers\motodrv.sys → Motorola Inc [Ver = 2.7 |
Size = 40832 bytes | Modified Date = 14/12/2006 01:39:28 | Attr = ]
(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] → %System32%\drivers\motmodem.sys → Motorola [Ver = 1.6.0.0 built by: WinDDK | Size = 20992 bytes | Modified Date = 13/12/2006 18:52:50 | Attr = ]
(mraid35x) mraid35x [Kernel | Boot | Running] → %System32%\drivers\mraid35x.sys → American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 17/08/2001 13:52:12 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] → %System32%\drivers\nv4_mini.sys → NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 3958496 bytes | Modified Date = 11/08/2006 21:42:42 | Attr = ]
(P2k) Motorola USB Device [Kernel | On_Demand | Stopped] → system32\DRIVERS\P2k.sys → File not found
(PCIDump) PCIDump [Kernel | System | Stopped] → → File not found
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] → %System32%\drivers\pcouffin.sys → VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 16/02/2007 10:04:02 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] → → File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] → → File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] → → File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] → → File not found
(PenClass) Pen Class [Kernel | Boot | Running] → %System32%\drivers\PenClass.sys → Wacom Technology Corporation [Ver = 4.00 | Size = 8138 bytes | Modified Date = 09/04/2001 13:45:00 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] → %System32%\drivers\ptilink.sys → Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] → %System32%\drivers\pxhelp20.sys → Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 30/01/2007 06:03:36 | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] → %System32%\drivers\ql1080.sys → QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 17/08/2001 13:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] → %System32%\drivers\ql12160.sys → QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 17/08/2001 13:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] → %System32%\drivers\ql1280.sys → QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 17/08/2001 13:52:18 | Attr = ]
(Rcphook) Rcphook [Kernel | On_Demand | Running] → %System32%\drivers\rcpmini.sys → Alchemy Lab [Ver = 4,0,0,5 | Size = 2848 bytes | Modified Date = 24/08/2006 18:03:10 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] → %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys → [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 13:53:48 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] → %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS → SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 17:51:08 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] → %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS → [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 12:39:26 | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] → %System32%\drivers\scdemu.sys → PowerISO Computing, Inc. [Ver = 2, 6, 1, 1 | Size = 27171 bytes | Modified Date = 16/10/2005 02:15:42 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] → %System32%\drivers\secdrv.sys → Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.00.060 | Size = 163644 bytes | Modified Date = 16/05/2007 09:05:18 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] → → File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] → %System32%\drivers\SISAGP.SYS → Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 03/08/2004 23:07:44 | Attr = ]
(smserial) smserial [Kernel | On_Demand | Running] → %System32%\drivers\smserial.sys → Motorola Inc. [Ver = SM56 Rel. 6.10 Build 101 Preview 18 | Size = 905608 bytes | Modified Date = 18/10/2005 12:16:00 | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] → %System32%\drivers\sparrow.sys → Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 17/08/2001 14:07:44 | Attr = ]
(sptd) sptd [Kernel | Boot | Running] → %System32%\drivers\sptd.sys → [Ver = | Size = 639224 bytes | Modified Date = 02/04/2007 16:57:10 | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] → %System32%\drivers\symc810.sys → Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 17/08/2001 14:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] → %System32%\drivers\symc8xx.sys → LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 17/08/2001 14:07:36 | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] → %System32%\drivers\sym_hi.sys → LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 17/08/2001 14:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] → %System32%\drivers\sym_u3.sys → LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 17/08/2001 14:07:42 | Attr = ]
(ultra) ultra [Kernel | Boot | Running] → %System32%\drivers\ultra.sys → Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 17/08/2001 13:52:22 | Attr = ]
(vncdrv) vncdrv [Kernel | On_Demand | Stopped] → %System32%\drivers\vncdrv.sys → RDV Soft [Ver = 1.00.17 | Size = 4736 bytes | Modified Date = 26/06/2004 13:22:00 | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] → %System32%\drivers\wanatw4.sys → America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 10/01/2003 16:13:04 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] → → File not found
(X10Hid) X10 Hid Device [Kernel | On_Demand | Running] → %System32%\drivers\x10hid.sys → X10 Wireless Technology, Inc. [Ver = 3.0.0.198 | Size = 7040 bytes | Modified Date = 28/11/2005 10:45:16 | Attr = ]
(XUIF) X10 USB Wireless Transceiver [Kernel | On_Demand | Running] → %System32%\drivers\x10ufx2.sys → X10 Wireless Technology, Inc. [Ver = 3.0.0.187 | Size = 17792 bytes | Modified Date = 19/05/2005 15:52:58 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC → %ProgramFiles%\Grisoft\AVG7\avgcc.exe → GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
BOC-423 → %ProgramFiles%\Comodo\CBOClean\BOC423.EXE → COMODO [Ver = 4.23.001 | Size = 343280 bytes | Modified Date = 20/04/2007 08:28:20 | Attr = ]
COMODO Firewall Pro → %ProgramFiles%\Comodo\Firewall\cpf.exe → COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 26/02/2007 15:20:08 | Attr = ]
ErrorFixer → %ProgramFiles%\Error Fixer\ErrorFixer.exe → PIMASOFT [Ver = 3.00.0001 | Size = 4587520 bytes | Modified Date = 17/04/2005 18:12:36 | Attr = ]
NvCplDaemon → %System32%\nvcpl.dll [“RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup] → NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 11/08/2006 21:43:02 | Attr = ]
NvMediaCenter → %System32%\nvmctray.dll [“RUNDLL32.EXE” C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] → NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 11/08/2006 21:43:04 | Attr = ]
StartupDelayer → %ProgramFiles%\r2 Studios\Startup Delayer\Startup Launcher.exe → r2 studios [Ver = 2.03.0115 | Size = 25600 bytes | Modified Date = 16/03/2007 02:17:08 | Attr = ]
< Common Startup > → D:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\AVG Anti-Spyware.lnk → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 13:20:00 | Attr = ]
%AllUsersStartup%\AVG Control Center.lnk → %ProgramFiles%\Grisoft\AVG7\avgcc.exe → GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
%AllUsersStartup%\Comodo BOClean.lnk → %ProgramFiles%\Comodo\CBOClean\BOC423.EXE → COMODO [Ver = 4.23.001 | Size = 343280 bytes | Modified Date = 20/04/2007 08:28:20 | Attr = ]
%AllUsersStartup%\COMODO Firewall Pro.lnk → %ProgramFiles%\Comodo\Firewall\cpf.exe → COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 26/02/2007 15:20:08 | Attr = ]
< IFEO [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
taskmgr.exe → D:\DOCUMENTS AND SETTINGS\Jamie\Desktop\procexp.exe [Debugger] → Sysinternals [Ver = 10.21 | Size = 3623736 bytes | Modified Date = 01/11/2006 14:07:34 | Attr = ]
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG
Anti-Spyware 7.5] → Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 15:13:28 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] → %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL → SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ]
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
!SASWinLogon → %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll → SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ScanWithAntiVirus → 2 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\LinkResolveIgnoreLinkInfo → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoResolveSearch → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoCDBurning → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\InstallVisualStyle →
C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\InstallTheme →