Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SENS] 'Start' = '00000002'
- C:\f4f064d3070b5006d9fed1e073\update\update.exe /quiet /norestart
- C:\TMP\KB835221.exe /quiet /norestart
- <SYSTEM32>\regsvr32.exe "<SYSTEM32>\hhctrl.ocx"
- <SYSTEM32>\shutdown.exe -r -t 02
- <SYSTEM32>\cmd.exe /c ""C:\TMP\HD.cmd" "
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- %WINDIR%\LastGood\TMP10.tmp
- <DRIVERS>\HFX11.tmp
- <DRIVERS>\HFXF.tmp
- <SYSTEM32>\SETD.tmp
- %WINDIR%\LastGood\TMPE.tmp
- %WINDIR%\inf\hdaudbus.inf
- %WINDIR%\inf\hdaudio.inf
- %WINDIR%\Driver Cache\i386\SET14.tmp
- %WINDIR%\LastGood\TMP12.tmp
- <DRIVERS>\HFX13.tmp
- <SYSTEM32>\SETC.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\RestorePointSize
- %WINDIR%\KB835221WXP.cat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- <DRIVERS>\Hdaudio.sys
- <SYSTEM32>\SETB.tmp
- <DRIVERS>\Hdaudbus.sys
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB835221WXP.cat
- <DRIVERS>\portcls.sys
- C:\f4f064d3070b5006d9fed1e073\update\update.exe
- C:\f4f064d3070b5006d9fed1e073\update\hdaupdate_win2k.inf
- C:\f4f064d3070b5006d9fed1e073\update\spmsg.dll
- C:\f4f064d3070b5006d9fed1e073\update\kb835221wxp.cat
- C:\f4f064d3070b5006d9fed1e073\update\spcustom.dll
- C:\f4f064d3070b5006d9fed1e073\update\kb835221wxp.log
- C:\f4f064d3070b5006d9fed1e073\update\eula.txt
- C:\f4f064d3070b5006d9fed1e073\update\kb835221w2k.log
- C:\f4f064d3070b5006d9fed1e073\update\hdaupdate_winxp.inf
- C:\f4f064d3070b5006d9fed1e073\update\updatebr.inf
- C:\f4f064d3070b5006d9fed1e073\update\kb835221w2k.cat
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudprop.dll
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudpropres.dll
- C:\f4f064d3070b5006d9fed1e073\spuninst.exe
- C:\TMP\KB835221.exe
- C:\TMP\HD.cmd
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudbus.sys
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudio.sys
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudio.inf
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudpropshortcut.exe
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudbus.inf
- %TEMP%\Cab3.tmp
- %WINDIR%\LastGood\TMP5.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
- %WINDIR%\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\rp.log
- %WINDIR%\$NtUninstallKB835221WXP$\spuninst\spuninst.inf
- %WINDIR%\LastGood\TMPA.tmp
- %WINDIR%\$NtUninstallKB835221WXP$\spuninst\spuninst.txt
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
- C:\f4f064d3070b5006d9fed1e073\winxp\mssap.dll
- C:\f4f064d3070b5006d9fed1e073\winxp\portcls.sys
- C:\f4f064d3070b5006d9fed1e073\win2k\sysaudio.sys
- C:\f4f064d3070b5006d9fed1e073\update\update.ver
- C:\f4f064d3070b5006d9fed1e073\win2k\portcls.sys
- %WINDIR%\inf\oem3.inf
- %WINDIR%\inf\oem3.PNF
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
- C:\f4f064d3070b5006d9fed1e073\$shtdwn$.req
- %WINDIR%\KB835221.log
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB835221WXP.cat
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
- C:\f4f064d3070b5006d9fed1e073\update\spcustom.dll
- C:\f4f064d3070b5006d9fed1e073\update\spmsg.dll
- C:\f4f064d3070b5006d9fed1e073\update\kb835221w2k.cat
- C:\f4f064d3070b5006d9fed1e073\update\kb835221wxp.cat
- C:\f4f064d3070b5006d9fed1e073\update\hdaupdate_winxp.inf
- C:\f4f064d3070b5006d9fed1e073\update\updatebr.inf
- C:\f4f064d3070b5006d9fed1e073\update\update.exe
- C:\f4f064d3070b5006d9fed1e073\update\hdaupdate_win2k.inf
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudpropres.dll
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudpropshortcut.exe
- C:\f4f064d3070b5006d9fed1e073\spuninst.exe
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudprop.dll
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudbus.sys
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudio.sys
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudbus.inf
- C:\f4f064d3070b5006d9fed1e073\commonfiles\hdaudio.inf
- %WINDIR%\inf\oem3.inf
- %WINDIR%\imsins.BAK
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
- %WINDIR%\inf\oem3.PNF
- <SYSTEM32>\_000001_.tmp
- %TEMP%\Cab3.tmp
- <DRIVERS>\_000003_.tmp
- %WINDIR%\_000002_.tmp
- C:\f4f064d3070b5006d9fed1e073\update\eula.txt
- C:\f4f064d3070b5006d9fed1e073\update\update.ver
- C:\f4f064d3070b5006d9fed1e073\update\kb835221w2k.log
- C:\f4f064d3070b5006d9fed1e073\update\kb835221wxp.log
- C:\f4f064d3070b5006d9fed1e073\winxp\mssap.dll
- C:\f4f064d3070b5006d9fed1e073\winxp\portcls.sys
- C:\f4f064d3070b5006d9fed1e073\win2k\portcls.sys
- C:\f4f064d3070b5006d9fed1e073\win2k\sysaudio.sys
- from <SYSTEM32>\spmsg.dll to <SYSTEM32>\_000001_.tmp
- from <DRIVERS>\Hdaudbus.sys to <DRIVERS>\_000003_.tmp
- from <DRIVERS>\HFX11.tmp to <DRIVERS>\Hdaudbus.sys
- from <DRIVERS>\HFXF.tmp to <DRIVERS>\portcls.sys
- from %WINDIR%\LastGood\TMP10.tmp to %WINDIR%\LastGood\system32\DRIVERS\Hdaudbus.sys
- from <DRIVERS>\HFX13.tmp to <DRIVERS>\Hdaudio.sys
- from %WINDIR%\Driver Cache\i386\SET14.tmp to %WINDIR%\Driver Cache\i386\portcls.sys
- from %WINDIR%\LastGood\TMP12.tmp to %WINDIR%\LastGood\system32\DRIVERS\Hdaudio.sys
- from <DRIVERS>\Hdaudio.sys to <DRIVERS>\_000003_.tmp
- from %WINDIR%\KB835221WXP.cat to %WINDIR%\_000002_.tmp
- from <SYSTEM32>\SETB.tmp to <SYSTEM32>\Hdaudprop.dll
- from %WINDIR%\LastGood\TMP5.tmp to %WINDIR%\LastGood\system32\Mssap.dll
- from %WINDIR%\LastGood\TMPA.tmp to %WINDIR%\LastGood\system32\DllCache\Mssap.dll
- from %WINDIR%\LastGood\TMPE.tmp to %WINDIR%\LastGood\system32\DRIVERS\portcls.sys
- from <DRIVERS>\portcls.sys to <DRIVERS>\_000003_.tmp
- from <SYSTEM32>\SETC.tmp to <SYSTEM32>\Hdaudpropshortcut.exe
- from <SYSTEM32>\SETD.tmp to <SYSTEM32>\Hdaudpropres.dll
- 'www.download.windowsupdate.com':80
- 'wp#d':80
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- wp#d/wpad.dat
- DNS ASK www.download.windowsupdate.com
- DNS ASK wp#d
- ClassName: 'STUFF-BOOT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''