MySystem-Search
MSS v1.7
Basic System Information
Username: User - Date: 10/10/2011 - Time: 2:52:51
Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 6 Model 13 Stepping 8, GenuineIntel
Total processors: 1
Computer Name: KCSD-8B42033CA8
Logon Server: \\KCSD-8B42033CA8
CD Emulation Drivers running?
Peer-to-Peer applications?
Security Tools Check
Malwarebytes' Anti-Malware
File associations
.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile
Running processes
PROCESS PID PRIO PATH
smss.exe 808 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 884 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 908 High C:\WINDOWS\system32\winlogon.exe
services.exe 952 Normal C:\WINDOWS\system32\services.exe
lsass.exe 964 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1120 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1200 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1240 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1276 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1424 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1508 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1804 Normal C:\WINDOWS\system32\spoolsv.exe
SCardSvr.exe 1852 Normal C:\WINDOWS\System32\SCardSvr.exe
svchost.exe 380 Normal C:\WINDOWS\system32\svchost.exe
AppleMobileDeviceService.exe 412 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 424 Normal C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe 520 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 532 Below Normal C:\WINDOWS\system32\svchost.exe
mbamservice.exe 740 Normal C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
svchost.exe 764 Normal C:\WINDOWS\System32\svchost.exe
PMBDeviceInfoProvider.exe 784 Normal C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
svchost.exe 796 Normal C:\WINDOWS\System32\svchost.exe
rpcnetp.exe 856 Normal C:\WINDOWS\System32\rpcnetp.exe
SMAgent.exe 1128 Normal C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
svchost.exe 1344 Normal C:\WINDOWS\system32\svchost.exe
alg.exe 860 Normal C:\WINDOWS\System32\alg.exe
Explorer.EXE 692 Normal C:\WINDOWS\Explorer.EXE
wscntfy.exe 1072 Normal C:\WINDOWS\system32\wscntfy.exe
PMBVolumeWatcher.exe 2568 Normal C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
iTunesHelper.exe 2576 Normal C:\Program Files\iTunes\iTunesHelper.exe
AGRSMMSG.exe 2584 Normal C:\WINDOWS\AGRSMMSG.exe
SynTPLpr.exe 2628 Normal C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh.exe 2652 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SMax4PNP.exe 2700 Normal C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
igfxtray.exe 2864 Normal C:\WINDOWS\system32\igfxtray.exe
igfxpers.exe 2924 Normal C:\WINDOWS\system32\igfxpers.exe
hkcmd.exe 2932 Normal C:\WINDOWS\system32\hkcmd.exe
HP Wireless Assistant.exe 2976 Normal C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
hpqSRMon.exe 3040 Normal C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HPWuSchd2.exe 3068 Normal C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
mbamgui.exe 3120 Normal C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
ctfmon.exe 3304 Normal C:\WINDOWS\system32\ctfmon.exe
wmiprvse.exe 3348 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
hpqtra08.exe 3368 Normal C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
iPodService.exe 3640 Normal C:\Program Files\iPod\bin\iPodService.exe
wuauclt.exe 3760 Normal C:\WINDOWS\system32\wuauclt.exe
HPQTOA~1.EXE 3988 Normal C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
taskmgr.exe 2212 High C:\WINDOWS\system32\taskmgr.exe
iexplore.exe 2132 Normal C:\Program Files\Internet Explorer\iexplore.exe
hpswp_clipbook.exe 3224 Normal C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
avira_free_antivirus_en.exe 684 Normal C:\Documents and Settings\User\Desktop\avira_free_antivirus_en.exe
presetup.exe 4060 Normal C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\presetup.exe
mss[1].exe 1452 Normal C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\3ODVF3JE\mss[1].exe
cmd.exe 3452 Normal C:\WINDOWS\system32\cmd.exe
pv.exe 4008 Normal C:\Documents and Settings\User\Desktop\pv.exe
User Profile check
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x64710736
ProfileLoadTimeHigh REG_DWORD 0x1cc8715
RefCount REG_DWORD 0x6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x63744df2
ProfileLoadTimeHigh REG_DWORD 0x1cc8715
RefCount REG_DWORD 0x2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3314406959-1262979982-2352321757-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\User
Sid REG_BINARY 0105000000000005150000002FD68DC58E8B474BDD94358CEB030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x96ceb476
ProfileLoadTimeHigh REG_DWORD 0x1cc8715
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
Current Scheduled Tasks
PATH: C:\Windows\Tasks
AppleSoftwareUpdate.job
desktop.ini
SA.DAT
Windows Drivers and NT-Services
Volume in drive C has no label.
Volume Serial Number is EC52-9CC9
Directory of C:\Windows\System32\Drivers
03/11/2009 04:45 PM 1,580 103C_HP_NTBK_HP Compaq nc6120 (ED988UC)_YN_0U_QCNU5233FCL_EU_46_I099C_SHP_VKBC Version 39.2A_B68DTD Ver. F.14_T060727_WXP2_L409_M504_J80_7Intel_8Pentium M_91.73_#090311_N14E4165E_(ED988UC)_XMOBILE_CN10_Z_2F.14_G.MRK
03/11/2009 04:52 PM 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
03/11/2009 04:52 PM 0 Msft_Kernel_HpqKbFiltr_01005.Wdf
3 File(s) 1,580 bytes
0 Dir(s) 4,689,473,536 bytes free
Volume in drive C has no label.
Volume Serial Number is EC52-9CC9
Directory of C:\Windows\System32\Drivers
08/17/2001 09:46 AM 6,400 enum1394.sys
08/17/2001 09:51 AM 19,584 rasirda.sys
08/17/2001 09:59 AM 3,072 audstub.sys
04/14/2004 03:12 PM 17,016 tiscfw.deb
06/16/2004 02:19 PM 46,080 smcirda.sys
06/19/2004 08:30 PM 190,336 b57xp32.sys
07/17/2004 03:35 PM 67,866 netwlan5.img
07/17/2004 03:36 PM 64,352 ativmc20.cod
07/18/2004 02:55 AM 129,045 cxthsfs2.cty
08/04/2004 02:29 AM 57,856 atinbtxx.sys
08/04/2004 02:29 AM 701,440 ati2mtag.sys
08/04/2004 02:29 AM 327,040 ati2mtaa.sys
08/04/2004 02:29 AM 13,824 atinmdxx.sys
08/04/2004 02:29 AM 11,615 ati1mdxx.sys
08/04/2004 02:29 AM 12,047 ati1pdxx.sys
08/04/2004 02:29 AM 56,623 ati1btxx.sys
08/04/2004 02:29 AM 14,336 atinpdxx.sys
08/04/2004 02:29 AM 52,224 atinraxx.sys
08/04/2004 02:29 AM 28,672 atinsnxx.sys
08/04/2004 02:29 AM 104,960 atinrvxx.sys
08/04/2004 02:29 AM 13,824 atinttxx.sys
08/04/2004 02:29 AM 73,216 atintuxx.sys
08/04/2004 02:29 AM 29,455 ati1xbxx.sys
08/04/2004 02:29 AM 36,463 ati1tuxx.sys
08/04/2004 02:29 AM 21,343 ati1ttxx.sys
08/04/2004 02:29 AM 31,744 atinxbxx.sys
08/04/2004 02:29 AM 63,488 atinxsxx.sys
08/04/2004 02:29 AM 34,735 ati1xsxx.sys
08/04/2004 02:29 AM 30,671 ati1raxx.sys
08/04/2004 02:29 AM 63,663 ati1rvxx.sys
08/04/2004 02:29 AM 26,367 ati1snxx.sys
08/04/2004 02:29 AM 452,736 mtxparhm.sys
08/04/2004 02:29 AM 11,807 wadv07nt.sys
08/04/2004 02:29 AM 11,295 wadv08nt.sys
08/04/2004 02:29 AM 11,935 wadv11nt.sys
08/04/2004 02:29 AM 11,871 wadv09nt.sys
08/04/2004 02:29 AM 25,471 watv10nt.sys
08/04/2004 02:29 AM 22,271 watv06nt.sys
08/04/2004 02:29 AM 166,912 s3gnbm.sys
08/04/2004 02:29 AM 1,897,408 nv4_mini.sys
08/04/2004 02:41 AM 1,309,184 mtlstrm.sys
08/04/2004 02:41 AM 126,686 mtlmnt5.sys
08/04/2004 02:41 AM 13,776 recagent.sys
08/04/2004 02:41 AM 180,360 ntmtlfax.sys
08/04/2004 02:41 AM 129,535 slnt7554.sys
08/04/2004 02:41 AM 404,990 slntamr.sys
08/04/2004 02:41 AM 13,240 slwdmsup.sys
08/04/2004 02:41 AM 95,424 slnthal.sys
08/04/2004 02:41 AM 220,032 hsfbs2s2.sys
08/04/2004 02:41 AM 685,056 hsfcxts2.sys
08/04/2004 02:41 AM 1,041,536 hsfdpsp2.sys
08/04/2004 02:41 AM 11,868 mdmxsdk.sys
08/24/2004 03:20 PM 1,268,204 AGRSM.sys
10/13/2004 06:25 PM 259,840 smwdm.sys
11/04/2004 10:26 PM 186,016 SynTP.sys
11/08/2004 06:10 PM 127,744 aeaudio.sys
05/31/2005 03:46 PM 87,936 gtipci21.sys
06/23/2005 01:16 PM 162,176 tifm21.sys
02/28/2006 08:00 AM 4,736 usbd.sys
02/28/2006 08:00 AM 3,328 pciide.sys
02/28/2006 08:00 AM 32,896 ipfltdrv.sys
02/28/2006 08:00 AM 4,224 beep.sys
02/28/2006 08:00 AM 17,792 ptilink.sys
02/28/2006 08:00 AM 8,832 rasacd.sys
02/28/2006 08:00 AM 4,352 wmilib.sys
02/28/2006 08:00 AM 3,456 oprghdlr.sys
02/28/2006 08:00 AM 21,376 tsbvcap.sys
02/28/2006 08:00 AM 51,712 tosdvd.sys
02/28/2006 08:00 AM 12,032 ws2ifsl.sys
02/28/2006 08:00 AM 13,952 cbidf2k.sys
02/28/2006 08:00 AM 55,936 nwlnkspx.sys
02/28/2006 08:00 AM 18,688 cdaudio.sys
02/28/2006 08:00 AM 6,784 parvdm.sys
02/28/2006 08:00 AM 58,112 vdmindvd.sys
02/28/2006 08:00 AM 352,256 atmuni.sys
02/28/2006 08:00 AM 262,528 cinemst2.sys
02/28/2006 08:00 AM 63,232 nwlnknb.sys
02/28/2006 08:00 AM 34,432 rawwan.sys
02/28/2006 08:00 AM 4,224 rdpcdd.sys
02/28/2006 08:00 AM 11,776 cpqdap01.sys
02/28/2006 08:00 AM 31,360 atmepvc.sys
02/28/2006 08:00 AM 11,648 acpiec.sys
02/28/2006 08:00 AM 2,944 null.sys
02/28/2006 08:00 AM 125,056 ftdisk.sys
02/28/2006 08:00 AM 12,032 nikedrv.sys
02/28/2006 08:00 AM 12,032 rio8drv.sys
02/28/2006 08:00 AM 12,416 nwlnkflt.sys
02/28/2006 08:00 AM 5,888 dmload.sys
02/28/2006 08:00 AM 4,224 mnmdd.sys
02/28/2006 08:00 AM 7,680 mcd.sys
02/28/2006 08:00 AM 16,512 raspti.sys
02/28/2006 08:00 AM 10,496 dxapi.sys
02/28/2006 08:00 AM 12,032 riodrv.sys
02/28/2006 08:00 AM 3,328 dxgthk.sys
02/28/2006 08:00 AM 12,160 fsvga.sys
02/28/2006 08:00 AM 5,888 rootmdm.sys
02/28/2006 08:00 AM 32,512 nwlnkfwd.sys
02/28/2006 08:00 AM 646 gmreadme.txt
02/28/2006 08:00 AM 3,440,660 gm.dls
02/28/2006 08:00 AM 14,592 smclib.sys
02/28/2006 08:00 AM 7,936 fs_rec.sys
09/28/2006 09:55 PM 77,568 WudfPf.sys
09/28/2006 10:00 PM 82,944 WudfRd.sys
10/18/2006 11:00 PM 38,528 wpdusb.sys
11/01/2006 12:55 PM 604,928 BCMWL5.SYS
11/02/2006 11:22 AM 32,224 wdfldr.sys
11/02/2006 11:22 AM 492,000 wdf01000.sys
06/18/2007 08:12 PM 16,768 HpqKbFiltr.sys
06/19/2007 08:26 PM 1,169,980 ialmnt5.sys
04/13/2008 10:45 AM 15,104 usbscan.sys
04/13/2008 10:45 AM 32,128 usbccgp.sys
04/13/2008 10:47 AM 25,856 usbprint.sys
04/13/2008 11:39 AM 5,504 MSTEE.sys
04/13/2008 11:45 AM 60,032 USBAUDIO.sys
04/13/2008 11:46 AM 10,880 NdisIP.sys
04/13/2008 11:46 AM 15,232 StreamIP.sys
04/13/2008 11:46 AM 17,024 CCDECODE.sys
04/13/2008 11:46 AM 19,200 WSTCODEC.SYS
04/13/2008 11:46 AM 11,136 SLIP.sys
04/13/2008 11:46 AM 85,248 NABTSFEC.sys
04/13/2008 12:16 PM 141,056 ks.sys
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 12:39 PM 20,480 secdrv.sys
04/13/2008 12:39 PM 142,592 aec.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:34 PM 163,584 nwrdr.sys
04/13/2008 02:36 PM 14,208 battc.sys
04/13/2008 02:36 PM 5,888 smbali.sys
04/13/2008 02:36 PM 187,776 acpi.sys
04/13/2008 02:36 PM 13,952 cmbatt.sys
04/13/2008 02:36 PM 10,240 compbatt.sys
04/13/2008 02:36 PM 8,832 wmiacpi.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 40,960 sisagp.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
04/13/2008 02:36 PM 63,744 mf.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 02:36 PM 68,224 pci.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:36 PM 73,472 sr.sys
04/13/2008 02:38 PM 71,168 dxg.sys
04/13/2008 02:39 PM 92,544 mqac.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:40 PM 96,512 atapi.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
04/13/2008 02:40 PM 14,976 tape.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:44 PM 153,344 dmio.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 46,592 irbus.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:46 PM 53,376 1394bus.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:51 PM 59,904 atmarpc.sys
04/13/2008 02:51 PM 61,824 nic1394.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:54 PM 88,192 irda.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:56 PM 69,120 psched.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 08:12 PM 11,325 vchnt5.dll
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 40,840 termdd.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
05/02/2008 06:49 AM 62,976 cdrom.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
06/13/2008 07:05 AM 272,128 bthport.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
10/30/2008 03:21 AM 49,920 HPZid412.sys
10/30/2008 03:21 AM 16,496 HPZipr12.sys
10/30/2008 03:21 AM 21,568 HPZius12.sys
03/10/2009 08:32 AM
disdn
03/10/2009 08:34 AM etc
04/30/2009 11:55 PM 2,687,512 LV302V32.SYS
05/18/2009 03:17 PM 26,600 GEARAspiWDM.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
08/28/2009 08:42 PM 40,448 usbaapl.sys
10/20/2009 12:20 PM 265,728 http.sys
01/10/2010 03:23 PM UMDF
02/11/2010 08:02 AM 226,880 tcpip6.sys
11/02/2010 11:17 AM 40,960 ndproxy.sys
02/16/2011 09:22 AM 138,496 afd.sys
02/17/2011 09:18 AM 357,888 srv.sys
04/21/2011 09:37 AM 105,472 mup.sys
06/24/2011 10:10 AM 139,656 rdpwd.sys
07/08/2011 10:02 AM 10,496 ndistapi.sys
07/15/2011 09:29 AM 456,320 mrxsmb.sys
08/31/2011 05:00 PM 22,216 mbam.sys
10/10/2011 02:30 AM .
10/10/2011 02:30 AM ..
305 File(s) 34,291,893 bytes
5 Dir(s) 4,689,457,152 bytes free
Stealth malware?
Internet Explorer
! REG.EXE VERSION 3.0
LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
PrivDiscUiShown REG_DWORD 0x1
ZonesSecurityUpgradeDone REG_DWORD 0x1
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0
GlobalUserOffline REG_DWORD 0x0
ProxyOverride REG_SZ *.local
SyncMode5 REG_DWORD 0x4
EnableAutodial REG_DWORD 0x0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x1
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ
Microsoft
?LinkId=69157
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000FD0300006C020000
NotifyDownloadComplete REG_SZ yes
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
SearchMigrated REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
Use FormSuggest REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
AutoHide REG_SZ yes
HistoryViewType REG_BINARY 0000
Save Directory REG_SZ C:\Documents and Settings\User\Desktop\
Use Search Asst REG_SZ no
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
! REG.EXE VERSION 3.0
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...
Security Center
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
WhiteSmoke problem on Mon Oct 10, 2011 3:12 am
Mon May 21, 2012 7:06 pm by 
