View Full Version : Spybot lists Smitfraud-C.CoreService
leejames75
2007-05-22, 20:49
Hi.
I work for a company that has some XP Pro machines setup as an internet cafe for its employees. All machines are updated with the latest updates, except 2 because there was an Update issued today.
Even though we have webfiltering software on it (K-9) we have had a case of where some sites have been accessed and have been the possible cause of leaving some nasties on 2 of our machines.
At the moment Internet Explorer 6 will loadup a webpage in normal mode.
When the IE icon is clicked IE starts up and then the IE 6 unconnected page comes up asking to check for network settings etc.
When a URL is manually entered, a Windows error box appears saying that IE 6 is unable to search.
I have looked in the logs of AVG anti Virus and AVG antispy and a few trojans have been located in the Vault. And AVG Antispy has deleted all of those it has found.
The have now been removed, but IE 6 is still unable to "logon".
This applies to 2 of the machines,
Both Machines can connect to the net in SAFE MODE, and Adaware and Spybot have been run in SAFE MODE and Spybot has cleaned alot of items up.
5 items appeared under the Smitfraud-C.CoreService heading and Spybot cleaned up 4 of these entries on both machines, leaving 1 registry entry that cannot be removed.
Earlier on in the day I have noticed that someone else has had this problem with the helpers giving advice.
I have followed suit, but downloading the applications and running HJT under scanner.exe and other tools and deleted the same items that matched in the other persons logs.
However since the other person has not responded with their latest log,
I can now say that after I have run the tools, i have rerun Spybot and the Smitfraud-C.CoreService registry is still being identified.
I have checked the Hosts file in Spybot, and it reads 127.0.0.1 which is correct.
I have even ran Windows Live Onecare and Windows Defender.
And they have not identified it.
And even after the 4 entries were removed on both the infected machines, we are still not able access the net in normal mode, only in Safe Mode.
I have looked at the logs created by Scanner.exe (HJT) and VundoFix.exe and I have even run the Smitfraud tool and there is nothing that identifies infected Dll's or files from the Logs from Both Tools.
There are no missing files or rogue Dll's listed in the Scanner.exe Logs, but I will post them tomorrow for you assistance.
Regards
Lee James
leejames75
2007-05-22, 20:51
:oops:
It should read WILL NOT LOAD UP in Normal Mode.
Hi.
I work for a company that has some XP Pro machines setup as an internet cafe for its employees. All machines are updated with the latest updates, except 2 because there was an Update issued today.
Even though we have webfiltering software on it (K-9) we have had a case of where some sites have been accessed and have been the possible cause of leaving some nasties on 2 of our machines.
At the moment Internet Explorer 6 will loadup a webpage in normal mode.
When the IE icon is clicked IE starts up and then the IE 6 unconnected page comes up asking to check for network settings etc.
When a URL is manually entered, a Windows error box appears saying that IE 6 is unable to search.
I have looked in the logs of AVG anti Virus and AVG antispy and a few trojans have been located in the Vault. And AVG Antispy has deleted all of those it has found.
The have now been removed, but IE 6 is still unable to "logon".
This applies to 2 of the machines,
Both Machines can connect to the net in SAFE MODE, and Adaware and Spybot have been run in SAFE MODE and Spybot has cleaned alot of items up.
5 items appeared under the Smitfraud-C.CoreService heading and Spybot cleaned up 4 of these entries on both machines, leaving 1 registry entry that cannot be removed.
Earlier on in the day I have noticed that someone else has had this problem with the helpers giving advice.
I have followed suit, but downloading the applications and running HJT under scanner.exe and other tools and deleted the same items that matched in the other persons logs.
However since the other person has not responded with their latest log,
I can now say that after I have run the tools, i have rerun Spybot and the Smitfraud-C.CoreService registry is still being identified.
I have checked the Hosts file in Spybot, and it reads 127.0.0.1 which is correct.
I have even ran Windows Live Onecare and Windows Defender.
And they have not identified it.
And even after the 4 entries were removed on both the infected machines, we are still not able access the net in normal mode, only in Safe Mode.
I have looked at the logs created by Scanner.exe (HJT) and VundoFix.exe and I have even run the Smitfraud tool and there is nothing that identifies infected Dll's or files from the Logs from Both Tools.
There are no missing files or rogue Dll's listed in the Scanner.exe Logs, but I will post them tomorrow for you assistance.
Regards
Lee James
leejames75
2007-05-23, 10:05
Hi, as stated here are the sbybot following logs.
--- Search result list ---
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885295
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608
Located: HK_LM:Run, %FP%Friendly fts.exe
command: "C:\Program Files\VoyagerTest\fts.exe"
file: C:\Program Files\VoyagerTest\fts.exe
size: 72192
MD5: ab1b1b71dc62d02123f9e2caa3be3305
Located: HK_LM:Run, AOL Spyware Protection
command: "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
file: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 147456
MD5: 1ff1298e77c4a4ba6702b3c84bd78b71
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200c98c049de1a7638ea0edba1c8882
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 68768
MD5: 8e322bf0b350b94f9edf40c6cc754be9
Located: HK_LM:Run, DSLAGENTEXE
command: C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
file: C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
size: 16384
MD5: cdddb1e73f2fc3332fa15c5b2c922f98
Located: HK_LM:Run, DSLSTATEXE
command: C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
file:
Located: HK_LM:Run, EmailChecker
command: C:\APPS\EmailChecker\ech.exe
file: C:\APPS\EmailChecker\ech.exe
size: 40960
MD5: 83f1a4de90182e630beb24ba5b618df2
Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31016
MD5: 38d198a2dd54a67120040566a38103ba
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 118784
MD5: 9f87ee428cf6ff75aba3abdde12c9083
Located: HK_LM:Run, Icon
command: C:\WINDOWS\system32\drivers\Icon.exe
file: C:\WINDOWS\system32\drivers\Icon.exe
size: 217088
MD5: 49d568d4c78b56e0d1bb156414dbc649
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 1b3dee1d33279f942944d12d539fdea3
Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 245760
MD5: 8b5a97e5c16db873092cf3d27b8145a6
Located: HK_LM:Run, McRegWiz
command: C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
file: C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
size: 139264
MD5: 6535f65c5155a6bfa342c7a92f264922
Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
file: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
size: 184320
MD5: 7e046eecdfc13225648a995bf32b1898
Located: HK_LM:Run, MPFExe
command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1327104
MD5: 4173164c2a679b4c62ac9bf2b2852c3d
Located: HK_LM:Run, PCMService
command: "c:\Apps\Powercinema\PCMService.exe"
file: c:\Apps\Powercinema\PCMService.exe
size: 81920
MD5: 1dfe38e7da1d56f9634727a1f4fb1332
Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6
Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a
Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file:
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 65024
MD5: 58ada3beefe33fb8e4875a7848b1fae4
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 503808
MD5: e30302c5244d9020b0865c229c76310a
Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98304
MD5: 0ccdf28ac96d293831c0c536fc522ec7
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: Startup (common), AOL Broadband Check-Up.lnk
command: C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
file: C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
size: 217088
MD5: 9f603bb59ae0d9f60d0aea44367e6806
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 00:47:54
Date (last access): 23/05/2007 08:40:16
Date (last write): 15/05/2003 00:47:54
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 21/05/2007 15:33:52
Date (last access): 23/05/2007 08:08:36
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (Web assistant)
BHO name: Web assistant
CLSID name: CNisExtBho Class
description: NIS 2004,
classification: Legitimate
known filename: NISShExt.dll
info link: http://www.symantec.com/sabu/nis/nis_pe/
info source: TonyKlein
Path: C:\Program Files\Common Files\Symantec Shared\AdBlocking\
Long name: NISShExt.dll
Short name:
Date (created): 07/09/2003 00:31:28
Date (last access): 23/05/2007 08:06:06
Date (last write): 07/09/2003 00:31:28
Filesize: 126976
Attributes: archive
MD5: 0C3B5C014E2ACC49E330661BAB16CEBB
CRC32: 8B1B63E1
Version: 7.0.0.177
{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
BHO name: NAV Helper
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton Internet Security\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 18/08/2003 07:34:14
Date (last access): 23/05/2007 08:38:16
Date (last write): 04/12/2003 18:22:30
Filesize: 103368
Attributes: archive
MD5: 65C8A602DFA9D5860F1E328CB8575317
CRC32: 929FB7E0
Version: 10.0.10.13
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf
Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
description:
classification: Legitimate
known filename: wlscBase.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 27/03/2007 14:25:30
Date (last access): 22/05/2007 11:45:26
Date (last write): 27/03/2007 14:25:30
Filesize: 465816
Attributes: archive
MD5: 85A9ED549078B78D6C0BE4565045F7BA
CRC32: F69A3C13
Version: 1.4.8300.1
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9.ocx
Short name:
Date (created): 22/06/2006 13:44:22
Date (last access): 22/05/2007 12:36:08
Date (last write): 22/06/2006 13:44:22
Filesize: 2201224
Attributes: readonly archive
MD5: 99F80CA1EBE95677668F54CAC6F4AD6D
CRC32: B7385E3B
Version: 9.0.16.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 756 ( 4) \SystemRoot\System32\smss.exe
PID: 812 ( 756) \??\C:\WINDOWS\system32\csrss.exe
PID: 836 ( 756) \??\C:\WINDOWS\system32\winlogon.exe
PID: 880 ( 836) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 892 ( 836) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1028 ( 880) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1104 ( 880) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1268 ( 880) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 668 ( 160) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01D90AE5DCCBCE0C7B52874FEC35A608
PID: 1420 (1944) C:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1192 ( 252) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 664 (1420) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 23/05/2007 08:56:59
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
leejames75
2007-05-23, 10:10
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7BBEDDA7-2902-4298-B286-7C5ECDD8844D}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7BBEDDA7-2902-4298-B286-7C5ECDD8844D}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BA4BE93C-6D6C-425A-BF7F-38EE0679C59F}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BA4BE93C-6D6C-425A-BF7F-38EE0679C59F}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C95BB2C7-5AC8-440E-9DE1-2236BC184B16}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C95BB2C7-5AC8-440E-9DE1-2236BC184B16}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8A30B1A6-AAFB-4009-8947-3BBC3DD43005}] SEQPACKET 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8A30B1A6-AAFB-4009-8947-3BBC3DD43005}] DATAGRAM 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C95BB2C7-5AC8-440E-9DE1-2236BC184B16}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C95BB2C7-5AC8-440E-9DE1-2236BC184B16}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA4BE93C-6D6C-425A-BF7F-38EE0679C59F}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA4BE93C-6D6C-425A-BF7F-38EE0679C59F}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BBEDDA7-2902-4298-B286-7C5ECDD8844D}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BBEDDA7-2902-4298-B286-7C5ECDD8844D}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F305A1A6-0AEB-422D-9930-343105C412FB}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F305A1A6-0AEB-422D-9930-343105C412FB}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FB523DC-364E-4DB6-9F63-9C05D5FACDA4}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FB523DC-364E-4DB6-9F63-9C05D5FACDA4}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A2888EDB-9CAF-448F-A584-434A9618C267}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A2888EDB-9CAF-448F-A584-434A9618C267}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04337268-136A-4ABA-B547-19E2A3133587}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04337268-136A-4ABA-B547-19E2A3133587}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
leejames75
2007-05-23, 10:13
--- Uninstall list ---
(AddressBook)
(America Online uk)
uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
5.8.0.asst_classic.asst_install (AOL Broadband Check-Up)
uninstall cmd: C:\PROGRA~1\AOL\BROADB~1\Uninstall.exe aoluk
publisher: Motive Communications, Inc.
(AOL Connectivity Services)
uninstall cmd: C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
1.0.59 (AOL Spyware Protection)
uninstall cmd: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
publisher: AOL Spyware Protection
comments: AOL Spyware Protection
(AOL YGP Screensaver)
uninstall cmd: C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
(AOLCoach uk)
uninstall cmd: "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Broadband Check-Up (aoluk.MCCInstall)
uninstall cmd: C:\WINDOWS\Motive\aoluk\MCCUninst.exe
AVG 7.5 (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com
(Branding)
BT Voyager 105 ADSL Modem (BT Voyager 105 ADSL Modem)
uninstall cmd: C:\Program Files\BT Voyager 105 ADSL Modem\uninstall.exe
BT Voyager Modem AOL Test (BT Voyager Modem AOL Test)
uninstall cmd: C:\WINDOWS\AppRun.exe C:\PROGRA~1\VOYAGE~1
CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
Microsoft Office Enterprise 2007 12.0.4518.1014 (ENTERPRISE)
install location: C:\Program Files\Microsoft Office
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
publisher: Microsoft Corporation
(Fontcore)
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Richard Wilkinson\Desktop\Utilities\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(KB884016)
(KB893803)
LiveReg (Symantec Corporation) 2.4.1.2056 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation
McAfee Personal Firewall Plus 6014 (McAfee Personal Firewall Plus)
version (major): 6
version (minor): 6014
install location: C:\PROGRA~1\McAfee.com\PERSON~1
uninstall cmd: C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
publisher: McAfee
McAfee SecurityCenter (Mcafee SecurityCenter)
uninstall cmd: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
(MobileOptionPack)
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(MsJavaVM)
(MTCDIO)
uninstall cmd: C:\WINDOWS\system32\drivers\unMTCDIO.exe
(NetMeeting)
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
(QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
(RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
(SchedulingAgent)
(Sevinst)
Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/
(SLAMRMO)
uninstall cmd: C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
(StreetPlugin)
uninstall cmd: C:\Program Files\Learn2.com\StRunner\stuninst.exe
7.0.0.177 (SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20})
install location: C:\Program Files\Norton Internet Security
install source: C:\CABS\NIS
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
publisher: Symantec Corporation
7.8.1.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
(ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live OneCare safety scanner (Windows Live OneCare safety scanner)
uninstall cmd: RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Norton Internet Security 7.0.0.177 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 117440512
version (major): 7
estimated size: 4723
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation
2005.1.0.111 ({1526D87C-A955-4FAB-BF18-697BA457E352})
version (major): 2005
version (minor): 1
estimated size: 1984
install date: 20050407
install source: C:\CABS\PATCHSP2\A\
uninstall cmd: MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
publisher: Symantec Corporation
Garmin City Navigator Europe NT v9 9.0.0.0 ({200B415D-7CC6-4818-8624-9E43EDF19D9C})
version: 150994944
version (major): 9
estimated size: 1607783
install date: 20070405
install source: D:\
uninstall cmd: MsiExec.exe /X{200B415D-7CC6-4818-8624-9E43EDF19D9C}
publisher: Garmin Ltd or its subsidiaries
comments: Please contact Garmin with comments and concerns.
contact: Customer Support Department
help link: http://www.garmin.com/support
({2637C347-9DAD-11D6-9EA2-00055D0CA761})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2440
install date: 20040810
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Norton AntiSpam 2004.1.0.147 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2004
version (minor): 1
estimated size: 1134
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation
Norton Internet Security 7.0.0.177 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 117440512
version (major): 7
estimated size: 1045
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation
Norton Internet Security 7.0.0.177 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 117440512
version (major): 7
estimated size: 963
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation
2005.1.0.98 ({503AA035-41E2-4858-B31F-1E49AC66C309})
version (major): 2005
version (minor): 1
estimated size: 2315
install date: 20050407
install source: C:\CABS\PATCHSP2\B\
uninstall cmd: MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
publisher: Symantec Corporation
Norton Internet Security 7.0.0.177 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 117440512
version (major): 7
estimated size: 1651
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation
Norton AntiSpam 2004.1.0.147 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2004
version (minor): 1
estimated size: 2742
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation
Microsoft AutoRoute 2005 12.00.07.1200 ({67E4EE98-59F4-4220-89A6-A20AF5BEC689})
version: 201326599
version (major): 12
estimated size: 1033770
install date: 20050529
install location: C:\Program Files\Microsoft AutoRoute\
install source: D:\AutoRte\MSMap\
uninstall cmd: MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
Microsoft Works 7.0 07.02.0620 ({764D06D8-D8DE-411E-A1C8-D9E9380F8A84})
version: 117572204
version (major): 7
version (minor): 2
estimated size: 253847
install date: 20050407
install source: C:\Cabs\Wks7\MSWORKS\
uninstall cmd: MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
publisher: Microsoft Corporation
comments: Microsoft Works 7.0 installation.
help link: http://support.microsoft.com/support/works
help telephone:
Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
version: 16777222
version (major): 1
estimated size: 3045
install date: 20070521
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
publisher: Lavasoft AB
help link: http://www.lavasoftsupport.com
({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Microsoft Software Update for Web Folders (English) 12 12.0.4518.1014 ({90120000-0010-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 2227
install date: 20070307
install source: C:\MSOCache\All Users\{90120000-0010-0409-0000-0000000FF1CE}-C\
publisher: Microsoft Corporation
leejames75
2007-05-23, 10:14
Microsoft Office Access MUI (English) 2007 12.0.4518.1014 ({90120000-0015-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 31916
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\
uninstall cmd: MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Excel MUI (English) 2007 12.0.4518.1014 ({90120000-0016-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 15444
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office PowerPoint MUI (English) 2007 12.0.4518.1014 ({90120000-0018-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 15389
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Publisher MUI (English) 2007 12.0.4518.1014 ({90120000-0019-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 24282
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Outlook MUI (English) 2007 12.0.4518.1014 ({90120000-001A-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 22828
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Word MUI (English) 2007 12.0.4518.1014 ({90120000-001B-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 18657
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-001B-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Proof (English) 2007 12.0.4518.1014 ({90120000-001F-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 51191
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.en\
uninstall cmd: MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Proof (French) 2007 12.0.4518.1014 ({90120000-001F-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 23416
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\
uninstall cmd: MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Proof (Spanish) 2007 12.0.4518.1014 ({90120000-001F-0C0A-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 38197
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.es\
uninstall cmd: MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Proofing (English) 2007 12.0.4518.1014 ({90120000-002C-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 506
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Enterprise 2007 12.0.4518.1014 ({90120000-0030-0000-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 627084
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office InfoPath MUI (English) 2007 12.0.4518.1014 ({90120000-0044-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 8385
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0044-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Shared MUI (English) 2007 12.0.4518.1014 ({90120000-006E-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 36182
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office OneNote MUI (English) 2007 12.0.4518.1014 ({90120000-00A1-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 37842
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-00A1-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Groove MUI (English) 2007 12.0.4518.1014 ({90120000-00BA-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 3566
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\Groove.en-us\
uninstall cmd: MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Groove Setup Metadata MUI (English) 2007 12.0.4518.1014 ({90120000-0114-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 502
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Shared Setup Metadata MUI (English) 2007 12.0.4518.1014 ({90120000-0115-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 494
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Access Setup Metadata MUI (English) 2007 12.0.4518.1014 ({90120000-0117-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 502
install date: 20070307
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Norton Internet Security 7.0.0.177 ({91AA4B1F-B918-4e0b-A304-F8D4EC5D7726})
version: 117440512
version (major): 7
estimated size: 357
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
publisher: Symantec Corporation
CC_ccProxyMSI 2.0.2.806 ({A398F2DC-D706-4bb2-AC38-5532CD229D08})
version: 33554434
version (major): 2
estimated size: 1677
install date: 20050407
install source: C:\CABS\NIS\Support\Proxy\
uninstall cmd: MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
publisher: Symantec
Norton Internet Security 7.0.0.177 ({A93C9E60-29B6-49da-BA21-F70AC6AADE20})
version: 117440512
version (major): 7
estimated size: 4306
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
publisher: Symantec Corporation
Adobe Reader 6.0 6.0 ({AC76BA86-7AD7-1033-7B44-000000000001})
version: 100663296
version (major): 6
estimated size: 44437
install date: 20050407
install source: C:\CABS\AREAD\ENUBIG\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: Readme.htm
Packard Bell InfoCentre ({B04AC0A3-7A0F-4E38-9DE7-FD1E4CE47D8C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B04AC0A3-7A0F-4E38-9DE7-FD1E4CE47D8C}\setup.exe"
({B7A0CE06-068E-11D6-97FD-0050BACBF861})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
Norton AntiVirus 10.00.00 ({C6F5B6CF-609C-428E-876F-CA83176C021B})
version: 167772160
version (major): 10
estimated size: 58835
install date: 20050407
install source: C:\CABS\NIS\NAV\
uninstall cmd: MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
publisher: Symantec Corporation
Norton Internet Security 7.0.0.177 ({C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF})
version: 117440512
version (major): 7
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 38363
install date: 20050407
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Symantec Script Blocking Installer 1.0.0 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
version: 16777216
version (major): 1
estimated size: 365
install date: 20050407
install source: C:\CABS\NIS\Support\ScrBlock\
uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
publisher: Symantec
CC_ccStart 2.0.2.806 ({D6414CC7-F215-467F-88B1-546ED863F35B})
version: 33554434
version (major): 2
install date: 20050407
install source: C:\CABS\NIS\Support\ccStart\
uninstall cmd: MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
publisher: Symantec Corporation
ccCommon 2.0.2.806 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 33554434
version (major): 2
estimated size: 4865
install date: 20050407
install source: C:\CABS\NIS\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec
Norton Internet Security 5.2.0.108 ({E47EE8FB-ACC0-4608-859C-4E2851B18A6A})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 2408
install date: 20050407
install source: C:\CABS\NIS\Support\SymNet\
uninstall cmd: MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
publisher: Symantec Corporation
Norton Internet Security 7.0.0.177 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 117440512
version (major): 7
install date: 20050407
install source: C:\CABS\NIS\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corporation
({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Norton Internet Security 7.0.0.177 ({FC2C0536-583C-46c0-844A-62CECAE01F22})
version: 117440512
version (major): 7
estimated size: 616
install date: 20050407
install source: C:\CABS\NIS\Setup\
uninstall cmd: MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
publisher: Symantec Corporation
MSRedist 1.0.0.0 ({FC37ABD0-2108-4beb-B010-1254E0662B5A})
version: 16777216
version (major): 1
estimated size: 4379
install date: 20050407
install source: C:\CABS\NIS\Support\MSRedist\
uninstall cmd: MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
publisher: Symantec Corp
leejames75
2007-05-23, 10:15
--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0
Service (registry key): 6to4
Display name: IPv6 Helper Service
Description: Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,tcpip6,winmgmt
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Image path: system32\DRIVERS\ABP480N5.SYS
Image size: 23552
Image MD5: 6ABB91494FE6C59089B9336452AB2EA3
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Display name: Microsoft Embedded Controller Driver
Image path: system32\DRIVERS\ACPIEC.sys
Image size: 11648
Image MD5: 9859C0F6936E723E4892D7141B1327D5
Start: 0
Type: 1
Error Control: 1
Service (registry key): adpu160m
Image path: system32\DRIVERS\adpu160m.sys
Image size: 101888
Image MD5: 9A11864873DA202C996558B2106B0BBC
Start: 0
Type: 1
Error Control: 1
Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): agp440
Display name: Intel AGP Bus Filter
Image path: system32\DRIVERS\agp440.sys
Image size: 42368
Image MD5: 2C428FA0C3E3A01ED93C9B2A27D8D4BB
Start: 0
Type: 1
Error Control: 1
Service (registry key): agpCPQ
Display name: Compaq AGP Bus Filter
Image path: system32\DRIVERS\agpCPQ.sys
Image size: 44928
Image MD5: 67288B07D6ABA6C1267B626E67BC56FD
Start: 0
Type: 1
Error Control: 1
Service (registry key): Aha154x
Image path: system32\DRIVERS\aha154x.sys
Image size: 12800
Image MD5: C23EA9B5F46C7F7910DB3EAB648FF013
Start: 0
Type: 1
Error Control: 1
Service (registry key): aic78u2
Image path: system32\DRIVERS\aic78u2.sys
Image size: 55168
Image MD5: 19DD0FB48B0C18892F70E2E7D61A1529
Start: 0
Type: 1
Error Control: 1
Service (registry key): aic78xx
Image path: system32\DRIVERS\aic78xx.sys
Image size: 56960
Image MD5: B7FE594A7468AA0132DEB03FB8E34326
Start: 0
Type: 1
Error Control: 1
Service (registry key): ALCXSENS
Display name: Service for WDM 3D Audio Driver
Image path: system32\drivers\ALCXSENS.SYS
Image size: 400384
Image MD5: BA88534A3CEB6161E7432438B9EA4F54
Start: 3
Type: 1
Error Control: 1
Service (registry key): ALCXWDM
Display name: Service for Realtek AC97 Audio (WDM)
Image path: system32\drivers\ALCXWDM.SYS
Image size: 611820
Image MD5: 69CBB79CCCCB7AB08F5E00109E9703BD
Start: 3
Type: 1
Error Control: 1
Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Image path: system32\DRIVERS\aliide.sys
Image size: 5248
Image MD5: 1140AB9938809700B46BB88E46D72A96
Start: 0
Type: 1
Error Control: 1
Service (registry key): alim1541
Display name: ALI AGP Bus Filter
Image path: system32\DRIVERS\alim1541.sys
Image size: 42752
Image MD5: F312B7CEF21EFF52FA23056B9D815FAD
Start: 0
Type: 1
Error Control: 1
Service (registry key): amdagp
Display name: AMD AGP Bus Filter Driver
Image path: system32\DRIVERS\amdagp.sys
Image size: 43008
Image MD5: 675C16A3C1F8482F85EE4A97FC0DDE3D
Start: 0
Type: 1
Error Control: 1
Service (registry key): amsint
Image path: system32\DRIVERS\amsint.sys
Image size: 12032
Image MD5: 79F5ADD8D24BD6893F2903A3E2F3FAD6
Start: 0
Type: 1
Error Control: 1
Service (registry key): AOL ACS
Display name: AOL Connectivity Service
Object name: LocalSystem
Image path: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Image size: 1123440
Image MD5: EF74EEBB2D3DDC9F71C6D3CC8C7889C6
Start: 2
Type: 272
Error Control: 1
Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): Asapi
Start: 1
Type: 1
Error Control: 1
Service (registry key): asc
Image path: system32\DRIVERS\asc.sys
Image size: 26496
Image MD5: 62D318E9A0C8FC9B780008E724283707
Start: 0
Type: 1
Error Control: 1
Service (registry key): asc3350p
Image path: system32\DRIVERS\asc3350p.sys
Image size: 22400
Image MD5: 69EB0CC7714B32896CCBFD5EDCBEA447
Start: 0
Type: 1
Error Control: 1
Service (registry key): asc3550
Image path: system32\DRIVERS\asc3550.sys
Image size: 14848
Image MD5: 5D8DE112AA0254B907861E9E9C31D597
Start: 0
Type: 1
Error Control: 1
Service (registry key): ASCTRM
Display name: ASCTRM
Start: 2
Type: 1
Error Control: 1
Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0
Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: A986FCFDAC587E68478DB51547B90800
Start: 3
Type: 16
Error Control: 1
Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1
leejames75
2007-05-23, 10:17
Service (registry key): AVG Anti-Spyware Driver
Display name: AVG Anti-Spyware Driver
Image path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Image size: 4096
Image MD5: 7D78B7FD0EBE00F177B053A08C78E35B
Start: 1
Type: 1
Error Control: 1
Service (registry key): AVG Anti-Spyware Guard
Display name: AVG Anti-Spyware Guard
Object name: LocalSystem
Image path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Image size: 204800
Image MD5: E8FBDCC8D618D1BB84B828F247A6244B
Start: 2
Type: 16
Error Control: 1
Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Image size: 353280
Image MD5: 5F4ED1DBA7E1EAECBA443A53DA176485
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7RsXP
Display name: AVG7 Resident Driver XP
Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Image size: 49664
Image MD5: 30A14F65DB477DC00A64A5A24E96919C
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): AvgAsCln
Display name: AVG Anti-Spyware Clean Driver
Image path: System32\DRIVERS\AvgAsCln.sys
Image size: 3968
Image MD5: 6D4A1DA6E6D522B3EBBCBFF4A3589EC5
Start: 1
Type: 1
Error Control: 1
Depends On services: Ntfs
Service (registry key): AvgClean
Display name: AVG7 Clean Driver
Image path: \SystemRoot\System32\Drivers\avgclean.sys
Start: 1
Type: 1
Error Control: 1
Depends On services: Ntfs
Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): cbidf
Image path: system32\DRIVERS\cbidf2k.sys
Image size: 13952
Image MD5: 90A673FC8E12A79AFBED2576F6A7AAF9
Start: 0
Type: 1
Error Control: 1
Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1
Service (registry key): ccEvtMgr
Display name: Symantec Event Manager
Description: Symantec Event Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Image size: 255600
Image MD5: F5F81CA6605853252F2C1950CB994DE0
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS,ccSetMgr
Service (registry key): ccProxy
Display name: Symantec Network Proxy
Description: Symantec Network Proxy Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
Image size: 218736
Image MD5: 35AD77BDC4EE11E7FA111E4CE4026E8C
Start: 2
Type: 272
Error Control: 0
Service (registry key): ccPwdSvc
Display name: Symantec Password Validation
Description: Symantec Password Validation Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
Image size: 87664
Image MD5: DD11C3B9B8D80DB9DA815BDA71440782
Start: 3
Type: 16
Error Control: 0
Service (registry key): ccSetMgr
Display name: Symantec Settings Manager
Description: Symantec Settings Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Image size: 235120
Image MD5: 72258D9E8D26A9B498B3B3654CCB6721
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): cd20xrnt
Image path: system32\DRIVERS\cd20xrnt.sys
Image size: 7680
Image MD5: F3EC03299634490E97BBCE94CD2954C7
Start: 0
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0
Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS
Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE
Service (registry key): CmBatt
Display name: Microsoft ACPI Control Method Battery Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 14080
Image MD5: 4266BE808F85826AEDF3C64C1E240203
Start: 3
Type: 1
Error Control: 1
Service (registry key): CmdIde
Image path: system32\DRIVERS\cmdide.sys
Image size: 6656
Image MD5: E5DCB56C533014ECBC556A8357C929D5
Start: 0
Type: 1
Error Control: 1
Service (registry key): Compbatt
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 9344
Image MD5: DF1B1A24BF52D0EBC01ED4ECE8979F50
Start: 0
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0
Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0
Service (registry key): core
Start: 0
Type: 1
Error Control: 0
Service (registry key): Cpqarray
Image path: system32\DRIVERS\cpqarray.sys
Image size: 14976
Image MD5: 3EE529119EED34CD212A215E8C40D4B6
Start: 0
Type: 1
Error Control: 1
Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
leejames75
2007-05-23, 10:20
Service (registry key): dac2w2k
Image path: system32\DRIVERS\dac2w2k.sys
Image size: 179584
Image MD5: E550E7418984B65A78299D248F0A7F36
Start: 0
Type: 1
Error Control: 1
Service (registry key): dac960nt
Image path: system32\DRIVERS\dac960nt.sys
Image size: 14720
Image MD5: 683789CAA3864EB46125AE86FF677D34
Start: 0
Type: 1
Error Control: 1
Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT
Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer
Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmio
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip
Service (registry key): dpti2o
Image path: system32\DRIVERS\dpti2o.sys
Image size: 20192
Image MD5: 40F3B93B4E5B0126F2F5C0A7A5E22660
Start: 0
Type: 1
Error Control: 1
Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1
Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1
Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService
Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1
Service (registry key): Flpydisk
Start: 1
Type: 1
Error Control: 0
Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 124800
Image MD5: 157754F0DF355A9E0A6F54721914F9C6
Start: 0
Type: 2
Error Control: 1
Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0
Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1
Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1
Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): HidUsb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0
Service (registry key): hpn
Image path: system32\DRIVERS\hpn.sys
Image size: 25952
Image MD5: B028377DEA0546A5FCFBA928A8AEFAE0
Start: 0
Type: 1
Error Control: 1
Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262400
Image MD5: BFB7B73C942E816C4FB4A5A7BAE87136
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1
leejames75
2007-05-23, 10:21
Service (registry key): i2omp
Image path: system32\DRIVERS\i2omp.sys
Image size: 18560
Image MD5: ED6BF9E441FDEA13292A6D30A64A24C3
Start: 0
Type: 1
Error Control: 1
Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1
Service (registry key): ialm
Image path: system32\DRIVERS\ialmnt5.sys
Image size: 724221
Image MD5: 16F8DE7A7F9023AAC04DEC6A8A264441
Start: 3
Type: 1
Error Control: 0
Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1
Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1
Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0
Service (registry key): ini910u
Image path: system32\DRIVERS\ini910u.sys
Image size: 16000
Image MD5: 4A40E045FAEE58631FD8D91AFC620719
Start: 0
Type: 1
Error Control: 1
Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntelIde
Image path: system32\DRIVERS\intelide.sys
Image size: 5504
Image MD5: 2D722B2B54AB55B2FA475EB58D7B2AAD
Start: 0
Type: 1
Error Control: 1
Service (registry key): intelppm
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 36096
Image MD5: 279FB78702454DFF2BB445F238C048D2
Start: 1
Type: 1
Error Control: 1
Service (registry key): Ip6Fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\DRIVERS\Ip6Fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1
Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: E2168CBC7098FFE963C6F23F472A3593
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1
Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1
Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0
Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3
Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1
Service (registry key): kbdhid
Display name: Keyboard HID Driver
Image path: system32\DRIVERS\kbdhid.sys
Image size: 14848
Image MD5: E182FA8E49E8EE41B4ADC53093F3C7E6
Start: 1
Type: 1
Error Control: 0
Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 171776
Image MD5: D93CAD07C5683DB066B0B2D2D3790EAD
Start: 3
Type: 1
Error Control: 1
Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1
Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
leejames75
2007-05-23, 10:22
Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): lanusb
Display name: GlobeSpan USB ADSL LAN Modem
Image path: system32\DRIVERS\glausb.sys
Image size: 138402
Image MD5: 73F6EFD2A2315AF34F7872559686C471
Start: 3
Type: 1
Error Control: 1
Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0
Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0
Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0
Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): mcupdmgr.exe
Display name: McAfee SecurityCenter Update Manager
Object name: LocalSystem
Image path: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Image size: 249856
Image MD5: ABD5B888AF754E30A95B21AD885635B0
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS
Service (registry key): Microsoft Office Groove Audit Service
Display name: Microsoft Office Groove Audit Service
Object name: NT AUTHORITY\LocalService
Image path: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
Image size: 65824
Image MD5: FAFE367D032ED82E9332B4C741A20216
Start: 3
Type: 16
Error Control: 1
Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0
Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1
Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0
Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1
Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0
Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1
Service (registry key): MPFIREWL
Display name: MPFIREWL
Image path: System32\Drivers\MpFirewall.sys
Image size: 83325
Image MD5: 8867E5937ECAE0782BDBA20C8A6AD586
Start: 1
Type: 1
Error Control: 1
Depends On services: TcpIp,SYMTDI
Service (registry key): MpfService
Display name: McAfee Personal Firewall Service
Object name: LocalSystem
Image path: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
Image size: 577536
Image MD5: BE6995693D49E26766C8006315582590
Start: 2
Type: 16
Error Control: 1
Service (registry key): mraid35x
Image path: system32\DRIVERS\mraid35x.sys
Image size: 17280
Image MD5: 3F4BB95E5A44F3BE34824E8E7CAF0737
Start: 0
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1
Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 451584
Image MD5: 5DDC9A1B2EB5A4BF010CE8C019A18C1F
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1
leejames75
2007-05-23, 10:23
Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1
Service (registry key): MTC0005_MTCDIO
Display name: Wireless HotKey Driver
Image path: system32\drivers\MTCDIO.sys
Image size: 11316
Image MD5: A21D4D47A868BAF453FC9FC3E3CE3988
Start: 2
Type: 1
Error Control: 1
Service (registry key): MTCDIO
Display name: MTCDIO
Image path: System32\DRIVERS\MTCDIO.sys
Image size: 11316
Image MD5: A21D4D47A868BAF453FC9FC3E3CE3988
Start: 2
Type: 1
Error Control: 1
Service (registry key): Mtlmnt5
Display name: Mtlmnt5
Image path: system32\DRIVERS\Mtlmnt5.sys
Image size: 226288
Image MD5: 395370A7059B7A2B062FA34741940758
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mtlstrm
Display name: Mtlstrm
Image path: system32\DRIVERS\Mtlstrm.sys
Image size: 1299976
Image MD5: 537390292CEE81F308637C5E946AE6F1
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1
Service (registry key): navapsvc
Display name: Norton AntiVirus Auto Protect Service
Description: Handles Norton AntiVirus Auto-Protect events.
Object name: LocalSystem
Image path: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): NAVENG
Display name: NAVENG
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NAVENG.Sys
Image size: 77816
Image MD5: D47DD81567D084CC7DD0F7D4DA6FC7B2
Start: 3
Type: 1
Error Control: 1
Service (registry key): NAVEX15
Display name: NAVEX15
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NavEx15.Sys
Image size: 665816
Image MD5: 35B3E9C24E156A7AA02110E48D037326
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1
Service (registry key): Net Agent
Display name: Net Agent
Description: Internet connectivity support.
Object name: LocalSystem
Image path: C:\WINDOWS\dls0523pmw.exe
Start: 4
Type: 272
Error Control: 1
Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip,MPFIREWL
Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM
Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd
Service (registry key): nm
Start: 0
Type: 0
Error Control: 0
Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): NtMtlFax
Display name: NtMtlFax
Image path: system32\DRIVERS\NtMtlFax.sys
Image size: 180368
Image MD5: 75AE027070701ECC111C6EB0B24E6BB5
Start: 3
Type: 1
Error Control: 1
leejames75
2007-05-23, 10:24
Service (registry key): Null
Start: 1
Type: 1
Error Control: 1
Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd
Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1
Service (registry key): odserv
Display name: Microsoft Office Diagnostics Service
Description: Run portions of Microsoft Office Diagnostics.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Image size: 441136
Image MD5: 84DE1DD996B48B05ACE31AD015FA108A
Start: 3
Type: 16
Error Control: 1
Service (registry key): ose
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 145184
Image MD5: 5A432A042DAE460ABE7199B758E8606C
Start: 3
Type: 16
Error Control: 1
Service (registry key): Outlook
Start: 0
Type: 0
Error Control: 0
Service (registry key): Parport
Start: 3
Type: 1
Error Control: 0
Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1
Service (registry key): ParVdm
Start: 4
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"
Service (registry key): PCI
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 3
Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0
Service (registry key): PCIIde
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1
Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1
Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): perc2
Image path: system32\DRIVERS\perc2.sys
Image size: 27296
Image MD5: 6C14B9C19BA84F73D3A86DBA11133101
Start: 0
Type: 1
Error Control: 1
Service (registry key): perc2hib
Image path: system32\DRIVERS\perc2hib.sys
Image size: 5504
Image MD5: F50F7C27F131AFE7BEBA13E14A3B9416
Start: 0
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0
Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1
Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec
Service (registry key): PortProxy
Start: 0
Type: 0
Error Control: 0
Service (registry key): PPPoEWin
Display name: PPPoEWin Miniport
Image path: system32\DRIVERS\PPPoEWin.SYS
Image size: 104375
Image MD5: 8AE03E978BC99F31AE31B183CD373951
Start: 3
Type: 1
Error Control: 1
Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1
Service (registry key): Processor
Display name: Processor Driver
Image path: system32\DRIVERS\processr.sys
Image size: 35328
Image MD5: 0D97D88720A4087EC93AF7DBB303B30A
Start: 1
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc
Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1
Service (registry key): ql1080
Image path: system32\DRIVERS\ql1080.sys
Image size: 40320
Image MD5: 0A63FB54039EB5662433CABA3B26DBA7
Start: 0
Type: 1
Error Control: 1
Service (registry key): Ql10wnt
Image path: system32\DRIVERS\ql10wnt.sys
Image size: 33152
Image MD5: 6503449E1D43A0FF0201AD5CB1B8C706
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql12160
Image path: system32\DRIVERS\ql12160.sys
Image size: 45312
Image MD5: 156ED0EF20C15114CA097A34A30D8A01
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql1240
Image path: system32\DRIVERS\ql1240.sys
Image size: 40448
Image MD5: 70F016BEBDE6D29E864C1230A07CC5E6
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql1280
Image path: system32\DRIVERS\ql1280.sys
Image size: 49024
Image MD5: 907F0AEEA6BC451011611E732BD31FCF
Start: 0
Type: 1
Error Control: 1
Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1
Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv
Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv
leejames75
2007-05-23, 10:25
Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1
Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1
Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: 809CA45CAA9072B3176AD44579D7F688
Start: 1
Type: 2
Error Control: 1
Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0
Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): RecAgent
Display name: RecAgent
Image path: system32\DRIVERS\RecAgent.sys
Image size: 14160
Image MD5: 235CC3D787A086897FB043979024B49B
Start: 0
Type: 1
Error Control: 1
Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1
Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup
Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs
Service (registry key): RT2500
Display name: RT2500 Wireless Driver
Image path: system32\DRIVERS\RT2500.sys
Image size: 211072
Image MD5: E67493848B31F7F9123B6BBF6B2AD1B2
Start: 3
Type: 1
Error Control: 1
Service (registry key): RTL8023xp
Display name: Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver
Image path: system32\DRIVERS\Rtlnicxp.sys
Image size: 70144
Image MD5: E9877AA069DC11B03DBD1D33B8B2A3CA
Start: 3
Type: 1
Error Control: 1
leejames75
2007-05-23, 10:27
Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): SAVRT
Display name: SAVRT
Image path: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
Image size: 305288
Image MD5: AC9D162F3DD155E6023AA5AC89F59780
Start: 3
Type: 1
Error Control: 1
Service (registry key): SAVRTPEL
Display name: SAVRTPEL
Image path: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
Image size: 37000
Image MD5: 7BD636B57B7FD56C2C2AC9515F6B57D7
Start: 1
Type: 1
Error Control: 1
Service (registry key): SAVScan
Display name: SAVScan
Description: Handles Norton AntiVirus Auto-Protect Archive Scanning
Object name: LocalSystem
Image path: "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
Start: 4
Type: 16
Error Control: 1
Depends On services: SAVRT
Service (registry key): SBService
Display name: ScriptBlocking Service
Object name: LocalSystem
Image path: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Image size: 66784
Image MD5: 928627472ADBD58BB72D5BB9CB1448F6
Start: 2
Type: 16
Error Control: 1
Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay
Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 27440
Image MD5: D26E26EA516450AF9D072635C60387F4
Start: 3
Type: 1
Error Control: 1
Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0
Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): Serial
Start: 2
Type: 1
Error Control: 0
Service (registry key): Sfloppy
Display name: High-Capacity Floppy Disk Drive
Image path: system32\DRIVERS\sfloppy.sys
Image size: 11392
Image MD5: 0D13B6DF6E9E101013A7AFB0CE629FE0
Start: 3
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt
Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1
Service (registry key): sisagp
Display name: SIS AGP Bus Filter
Image path: system32\DRIVERS\sisagp.sys
Image size: 41088
Image MD5: 732D859B286DA692119F286B21A2A114
Start: 0
Type: 1
Error Control: 1
Service (registry key): Slntamr
Display name: SmartLink AMR_PCI Driver
Image path: system32\DRIVERS\slntamr.sys
Image size: 566056
Image MD5: 997EC4CB7A3D1A98FC0D94D3AE2F5CBF
Start: 3
Type: 1
Error Control: 0
Service (registry key): SlNtHal
Display name: SlNtHal
Image path: system32\DRIVERS\Slnthal.sys
Image size: 87656
Image MD5: 1246F114C60AC31858CCE29939B4707D
Start: 3
Type: 1
Error Control: 1
Service (registry key): SLService
Display name: SmartLinkService
Object name: LocalSystem
Image path: slserv.exe
Image size: 45056
Image MD5: A29DE78195E7000A77D02F0862B66B79
Start: 2
Type: 272
Error Control: 1
Service (registry key): SlWdmSup
Display name: SlWdmSup
Image path: system32\DRIVERS\SlWdmSup.sys
Image size: 15712
Image MD5: 3189E583B57D927EDD87839A21BD38FF
Start: 3
Type: 1
Error Control: 0
Service (registry key): SNDSrvc
Display name: Symantec Network Drivers Service
Description: Symantec Network Drivers Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Image size: 206552
Image MD5: 443E397643965E08C5AB6A6CAA732B97
Start: 2
Type: 16
Error Control: 0
leejames75
2007-05-23, 10:28
Service (registry key): SONYPVU1
Display name: Sony USB Filter Driver (SONYPVU1)
Image path: system32\DRIVERS\SONYPVU1.SYS
Image size: 7552
Image MD5: A1ECEEAA5C5E74B2499EB51D38185B84
Start: 3
Type: 1
Error Control: 1
Service (registry key): Sparrow
Image path: system32\DRIVERS\sparrow.sys
Image size: 19072
Image MD5: 83C0F71F86D3BDAF915685F3D568B20E
Start: 0
Type: 1
Error Control: 1
Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 8E186B8F23295D1E42C573B82B80D548
Start: 3
Type: 1
Error Control: 1
Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): sr
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Start: 0
Type: 2
Error Control: 1
Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 332544
Image MD5: 553007ECCE7F6565BBE645BEB66D3B69
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): swenum
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1
Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1
Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{1BA226F2-D25B-4D4F-B468-294D612DFFF1}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): symc810
Image path: system32\DRIVERS\symc810.sys
Image size: 16256
Image MD5: 1FF3217614018630D0A6758630FC698C
Start: 0
Type: 1
Error Control: 1
Service (registry key): symc8xx
Image path: system32\DRIVERS\symc8xx.sys
Image size: 32640
Image MD5: 070E001D95CF725186EF8B20335F933C
Start: 0
Type: 1
Error Control: 1
Service (registry key): SYMDNS
Image path: \SystemRoot\System32\Drivers\SYMDNS.SYS
Start: 3
Type: 1
Error Control: 0
Service (registry key): SymEvent
Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Start: 3
Type: 1
Error Control: 1
Service (registry key): SYMFW
Image path: \SystemRoot\System32\Drivers\SYMFW.SYS
Start: 3
Type: 1
Error Control: 0
Service (registry key): SYMIDS
Image path: \SystemRoot\System32\Drivers\SYMIDS.SYS
Start: 3
Type: 1
Error Control: 0
Service (registry key): SYMIDSCO
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060106.055\symidsco.sys
Image size: 200288
Image MD5: 32675BA1704B3511143504C685E64985
Start: 3
Type: 1
Error Control: 0
Service (registry key): SYMNDIS
Image path: \SystemRoot\System32\Drivers\SYMNDIS.SYS
Start: 3
Type: 1
Error Control: 0
Service (registry key): SYMREDRV
Image path: \SystemRoot\System32\Drivers\SYMREDRV.SYS
Start: 3
Type: 1
Error Control: 0
Service (registry key): SYMTDI
Display name: SYMTDI
Image path: \SystemRoot\System32\Drivers\SYMTDI.SYS
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): SymWSC
Display name: SymWMI Service
Description: Symantec WMI Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
Image size: 316544
Image MD5: 67C5AF84809468061121FBCBECB19285
Start: 2
Type: 16
Error Control: 0
Depends On services: winmgmt
Service (registry key): sym_hi
Image path: system32\DRIVERS\sym_hi.sys
Image size: 28384
Image MD5: 80AC1C4ABBE2DF3B738BF15517A51F2C
Start: 0
Type: 1
Error Control: 1
Service (registry key): sym_u3
Image path: system32\DRIVERS\sym_u3.sys
Image size: 30688
Image MD5: BF4FAB949A382A8E105F46EBB4937058
Start: 0
Type: 1
Error Control: 1
Service (registry key): SynTP
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 177856
Image MD5: 8A92E8518F3D12927FF696D1953C2066
Start: 3
Type: 1
Error Control: 1
Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1
Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 359808
Image MD5: 88763A98A4C26C409741B4AA162720C9
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec
Service (registry key): Tcpip6
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip6.sys
Image size: 223616
Image MD5: 4D58BB1AE8841AAFD8790AD7E1E3B8EA
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): TDAUSBMU
Display name: Panasonic KX-TDA USB Main Unit driver
Image path: System32\Drivers\TDAUSBMU.sys
Image size: 33856
Image MD5: A61CD568ADA211EEE5249EED37D3E8EF
Start: 3
Type: 1
Error Control: 1
Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0
Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0
Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): TEUSBMU
Display name: Panasonic Analog PBX USB Main Unit driver
Image path: System32\Drivers\TEUSBMU.sys
Image size: 20992
Image MD5: 838EE3A30928962833511016B2DEE3D4
Start: 3
Type: 1
Error Control: 1
Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): TlntSvr
Start: 3
Type: 0
Error Control: 0
Service (registry key): TosIde
Image path: system32\DRIVERS\toside.sys
Image size: 4992
Image MD5: F2790F6AF01321B172AA62F8E1E187D9
Start: 0
Type: 1
Error Control: 1
Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): tunmp
Display name: Microsoft Tun Miniport Adapter Driver
Image path: system32\DRIVERS\tunmp.sys
Image size: 12416
Image MD5: 87A0E9E18C10A9E454238E3330E2A26D
Start: 3
Type: 1
Error Control: 1
Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): ultra
Image path: system32\DRIVERS\ultra.sys
Image size: 36736
Image MD5: 1B698A51CD528D8DA4FFAED66DFC51B9
Start: 0
Type: 1
Error Control: 1
leejames75
2007-05-23, 10:29
Service (registry key): Update
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 209408
Image MD5: AFF2E5045961BBC0A602BB6F95EB1345
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1
Service (registry key): USB
Start: 0
Type: 0
Error Control: 0
Service (registry key): usbccgp
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 31616
Image MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 26624
Image MD5: 15E993BA2F6946B2BFBBFCD30398621E
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbohci
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: system32\DRIVERS\usbohci.sys
Image size: 17024
Image MD5: BDFE799A8531BAD8A5A985821FE78760
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbscan
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 15104
Image MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 20480
Image MD5: F8FD1400092E23C8F2F31406EF06167B
Start: 3
Type: 1
Error Control: 1
Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0
Service (registry key): viaagp
Display name: VIA AGP Bus Filter
Image path: system32\DRIVERS\viaagp.sys
Image size: 42240
Image MD5: D92E7C8A30CFD14D8E15B5F7F032151B
Start: 0
Type: 1
Error Control: 1
Service (registry key): ViaIde
Image path: system32\DRIVERS\viaide.sys
Image size: 5376
Image MD5: 59CB1338AD3654417BEA49636457F65D
Start: 0
Type: 1
Error Control: 1
Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1
Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): VXD
Start: 0
Type: 0
Error Control: 0
Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0
Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1
Service (registry key): wanatw
Display name: WAN Miniport (ATW)
Image path: system32\DRIVERS\wanatw4.sys
Image size: 33588
Image MD5: 0A716C08CB13C3A8F4F51E882DBF7416
Start: 3
Type: 1
Error Control: 1
Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0
Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: 2797F33EBF50466020C430EE4F037933
Start: 3
Type: 1
Error Control: 1
Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV
Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WS2IFSL
Start: 1
Type: 0
Error Control: 0
Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt
Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio
Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): {7BBEDDA7-2902-4298-B286-7C5ECDD8844D}
Start: 0
Type: 0
Error Control: 0
Service (registry key): {B8896F53-9EE0-4692-8D8F-53D2A68F41FD}
Start: 0
Type: 0
Error Control: 0
Service (registry key): {BA4BE93C-6D6C-425A-BF7F-38EE0679C59F}
Start: 0
Type: 0
Error Control: 0
Service (registry key): {C95BB2C7-5AC8-440E-9DE1-2236BC184B16}
Start: 0
Type: 0
Error Control: 0
leejames75
2007-05-23, 10:34
Here is a log from SDFIX
SDFix: Version 1.84
Run by Richard Wilkinson - 22/05/2007 - 12:19:40.82
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\29134537.EXE - Deleted
C:\Documents and Settings\Richard Wilkinson\Application Data\Install.dat - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\tcb.pmw - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\Explorer.exe"="C:\\WINDOWS\\Explorer.exe:*:Enabled:Explorer"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Program Files\Common Files\aolshare\shell\uk\shellext.dll
C:\Program Files\AOL 9.0\aolphx.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\RBM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\pifpaf.pif
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\Samantha Wilkinson\My Documents\sams work\~WRL0003.tmp
C:\Documents and Settings\Samantha Wilkinson\My Documents\sams work\~WRL1251.tmp
C:\Documents and Settings\Samantha Wilkinson\My Documents\sams work\~WRL1548.tmp
C:\Documents and Settings\Samantha Wilkinson\My Documents\sams work\~WRL1806.tmp
C:\Documents and Settings\Samantha Wilkinson\My Documents\sams work\~WRL1986.tmp
C:\Documents and Settings\Samantha Wilkinson\My Documents\sams work\~WRL3961.tmp
Finished
leejames75
2007-05-23, 10:34
Here is log from Vundofix
VundoFix V6.4.1
Checking Java version...
Sun Java not detected
Scan started at 10:13:27 22/05/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
leejames75
2007-05-23, 10:41
and here is the Hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 09:40:20, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Richard Wilkinson\Desktop\Utilities\Scanner.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Common Files\winctl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
leejames75
2007-05-23, 10:45
Just run spybot again and the following appear under the C.CoreService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Core
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Core
leejames75
2007-05-23, 10:47
Spybot fixes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Core
Please note all logs were done in SAFE MODE
Regards
Lee James
leejames75
2007-05-23, 11:07
Here is a log from SmitFraudFix
SmitFraudFix v2.186
Scan done at 10:00:50.83, 23/05/2007
Run from C:\Documents and Settings\Richard Wilkinson\Desktop\Utilities\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
leejames75
2007-05-23, 22:23
Decided that enough is enough and have deleted the NFTS partions and reformatted them and reinstalled XP on the infected machines.
Had them up and running and full windows UPDATES including SP2 in under 4 hours.
Reinstalled the other software as well whilst Windows Updates were installed.
Nice clean responsive machines and SPYBOT comes back with a clean scan on both.
Also done defrags in SAFE MODE, they are now very responsive machines.
I guess it is better to reinstall. Plus no members of staff moaning about lack of working machines.
**********************************************************
******************** POST CLOSED **************************
**********************************************************
Wow, three pages before a helper responded. :laugh:
"BEFORE you POST" Steps to take Before Requesting Assistance (http://forums.spybot.info/showthread.php?t=288)
I guess it is better to reinstall. Plus no members of staff moaning about lack of working machines.
Please see: Personal computers (http://forums.spybot.info/showpost.php?p=25712&postcount=5) :)
This topic has been archived.
Good luck. ;)