View Full Version : IE Browser hijacked - keeps forwarding to 3929.cn
My wife got a few trojans last week and I was able to remove them with Mcafee but the browser has been hijacked and I can't seem to remove it.
I've researched it plenty and have tried Adware, Spybot (keeps getting hung up on C:\WINDOWS\system32\drivers\etc\hosts - I've tried moving the host file and stopping every service I can and their dependences but no luck.).
Also tried Malwarebytes Anti-Malware (it's not picking anything up at this point). I've searched all over the internet and have come across a few of the major site and they all pretty much say the same thing: run HijackThis and Kaspersky online scanner and post the logs.
Here are the logs, and thanks in advance for your help.
--------------------------------------------------
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:30 AM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\R Marwaha\My Documents\downloads\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154662680312
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/09/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
--
End of file - 10696 bytes
---------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 13, 2008 14:46:04
Records in database: 1220742
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 79794
Threat name 1
Infected objects 3
Suspicious objects 0
Duration of the scan 01:26:32
File name Threat name Threats count
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PLZY72T5\pp[1].av Infected: Backdoor.Win32.Agent.ppc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KVNM6TYA\pp[2].av Infected: Backdoor.Win32.Agent.ppc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KVNM6TYA\pp[3].av Infected: Backdoor.Win32.Agent.ppc 1
The selected area was scanned.
Just thought I would follow up with this, since I haven't heard back...
My wife got a few trojans last week and I was able to remove them with Mcafee but the browser has been hijacked and I can't seem to remove it.
I've researched it plenty and have tried Adware, Spybot (keeps getting hung up on C:\WINDOWS\system32\drivers\etc\hosts - I've tried moving the host file and stopping every service I can and their dependences but no luck.).
Also tried Malwarebytes Anti-Malware (it's not picking anything up at this point). I've searched all over the internet and have come across a few of the major site and they all pretty much say the same thing: run HijackThis and Kaspersky online scanner and post the logs.
Here are the logs, and thanks in advance for your help.
--------------------------------------------------
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:30 AM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\R Marwaha\My Documents\downloads\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154662680312
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/09/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
--
End of file - 10696 bytes
---------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 13, 2008 14:46:04
Records in database: 1220742
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 79794
Threat name 1
Infected objects 3
Suspicious objects 0
Duration of the scan 01:26:32
File name Threat name Threats count
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PLZY72T5\pp[1].av Infected: Backdoor.Win32.Agent.ppc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KVNM6TYA\pp[2].av Infected: Backdoor.Win32.Agent.ppc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KVNM6TYA\pp[3].av Infected: Backdoor.Win32.Agent.ppc 1
The selected area was scanned.
shelf life
2008-09-24, 01:11
hi zdiddy,
still getting redirected? you can try running sdfix. runs in safe mode:
link and directions:
Download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Thank you for the response. There doesn't seem to be a virus judging from the SDFix and HIJackThis logs but the browser is still forwarding to 3929.cn.
Here are the new SDFix and HIJackThis logs:
Thank you,
----------------------------------------------------
SDFix Log
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 05:31:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhere Host Service"
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywhere Remote Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\AOL\\1172840683\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1172840683\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\hoss\\sw\\alicall32.exe"="C:\\hoss\\sw\\alicall32.exe:*:Enabled:alicall32"
"C:\\Program Files\\Nortel Networks\\Extranet.exe"="C:\\Program Files\\Nortel Networks\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
Files with Hidden Attributes :
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 17 Sep 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Wed 17 Sep 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sat 25 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\R Marwaha\Application Data\U3\temp\Launchpad Removal.exe"
Sat 3 Nov 2007 8 A..H. --- "C:\Documents and Settings\R Marwaha\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 3 Nov 2007 8 A..H. --- "C:\Documents and Settings\R Marwaha\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 3 Nov 2007 8 A..H. --- "C:\Documents and Settings\R Marwaha\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Finished!
HIJACKThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:05 AM, on 9/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\R Marwaha\My Documents\downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.3929.cn?tn=102720
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154662680312
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/09/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
--
End of file - 10697 bytes
shelf life
2008-09-25, 00:31
hi zdiddy,
thanks for the info. I was hoping sdfix would dig up something. i see your internet start page is set to www.3929. You have tried changing it via internet options, but it keeps changing back?
Yes, when I change the home page in the internet options it changes it back to 3929.cn each time the computer is rebooted.
Thanks for the quick response, I really appreciate it.
shelf life
2008-09-26, 01:32
hi zdiddy,
ok another member suggested trying to lock the start page with spybot.
select your start page in IE. launch spybot;
in advanced mode (at top under mode)
click the Tools tab on the left side
click on IE tweaks
put a check next to "lock IE start page against user changes"
cruise around and do a reboot and see what happens. You say it only changes back after a reboot of your computer? if its changed again lets grab a copy of silent runners:
http://www.silentrunners.org/sr_download.html
To download the script, go to the Download page, right-click on the first “here” link and select “Save Target As…” (if you're using Internet Explorer) or “Save Link As…” (if you're using Firefox).
doubleclick the script to run it. select yes to run the default search.
please post the output in your reply.
No luck:
Here is the Silent Runner log file.
Thanks!
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SetDefaultMIDI" = "MIDIDef.exe" ["Creative Technology Ltd"]
"Creative Detector" = ""C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R" ["Creative Technology Ltd"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"MBMon" = "Rundll32 CTMBHA.DLL,MBMon" [MS]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]
"IntelZeroConfig" = ""C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"]
"IntelWireless" = ""C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"DLA" = "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" ["Sonic Solutions"]
"mcagent_exe" = "C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" ["McAfee, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\(Default) = "McAntiPhishingBHO"
-> {HKLM...CLSID} = "McAfee Phishing Filter"
\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\msk\mcapbho.dll" ["McAfee, Inc."]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"
-> {HKLM...CLSID} = "scriptproxy"
\InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan\scriptsn.dll" ["McAfee, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll" ["Google Inc."]
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided)
-> {HKLM...CLSID} = "McAfee SiteAdvisor BHO"
\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
shelf life
2008-09-27, 00:43
hi,
ok thanks for the info. dont see anything that looks out of place in the silent runners log. something has to be changing it at reboot. i hate to have somebody download all kinds of software but looks like we will try another to see if it can dig up anything. so lets try combofix. one thing you said is that spybots choking on your C:\WINDOWS\system32\drivers folder.
maybe thats a clue:
Download combofix from one of these links and save it to your Desktop:
http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
I tried changing and locking the home page option within SpyBot again just for the heck of it and still no luck.
Here are the logs for HiJackThis and ComboFix.
Thanks again for your efforts and taking the time to look into this, I sincerely appreciate it.
--------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:53 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\R Marwaha\My Documents\downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154662680312
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/09/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
--
End of file - 10506 bytes
-------------------------------------------------------
-------------------------------------------------------
-------------------------------------------------------
ComboFix 08-09-26.01 - R Marwaha 2008-09-26 16:13:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1441 [GMT -7:00]
Running from: C:\Documents and Settings\R Marwaha\My Documents\downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@insightexpressai[2].txt
C:\Documents and Settings\R Marwaha\Local Settings\Temporary Internet Files\index.dat
C:\WINDOWS\system32\5TqoUD.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\mywfhit.ini
C:\WINDOWS\system32\mywfhit.ini.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SEIUCTOL
-------\Service_seiuctol
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.
2008-09-23 21:21 . 2008-09-23 21:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 21:18 . 2008-09-24 05:35 <DIR> d----c--- C:\SDFix
2008-09-09 20:37 . 2008-09-12 08:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-09 20:37 . 2008-09-12 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 07:24 . 2008-09-12 08:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 20:51 . 2008-09-26 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-08 19:45 . 2008-09-08 19:45 74 --a------ C:\WINDOWS\st_affiliate.ini
2008-09-07 13:53 . 2008-09-07 13:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-07 13:36 . 2008-09-07 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-07 13:31 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-09-07 13:31 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-07 13:31 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-09-07 13:31 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-09-07 13:31 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-09-07 13:31 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-07 13:29 . 2008-09-07 13:31 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-09-07 11:58 . 2008-09-08 04:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 11:58 . 2008-09-07 11:58 <DIR> d-------- C:\Documents and Settings\R Marwaha\Application Data\Malwarebytes
2008-09-07 11:58 . 2008-09-07 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 11:58 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 11:58 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 11:27 . 2008-09-07 12:22 <DIR> d-------- C:\WINDOWS\system32\inf
2008-08-27 08:49 . 2008-08-27 09:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 23:23 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-09-26 23:12 --------- d-----w C:\Documents and Settings\R Marwaha\Application Data\U3
2008-09-26 22:44 --------- d-----w C:\Program Files\McAfee
2008-09-17 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-09 03:51 --------- d-----w C:\Program Files\Google
2008-09-07 21:07 --------- d-----w C:\Program Files\Java
2008-09-07 20:50 --------- d-----w C:\Program Files\McAfee.com
2008-09-07 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-07 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-06 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-06 07:31 --------- d-----w C:\Documents and Settings\R Marwaha\Application Data\AdobeUM
2008-08-01 00:33 --------- d-----w C:\Documents and Settings\R Marwaha\Application Data\Apple Computer
2008-07-31 20:32 --------- d-----w C:\Program Files\iTunes
2008-07-31 20:31 --------- d-----w C:\Program Files\iPod
2007-12-27 19:01 56,912 ----a-w C:\Documents and Settings\R Marwaha\g2mdlhlpx.exe
.
------- Sigcheck -------
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2004-08-04 03:00 14336 ced048feae472734dcaeab4f4d11766e C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 138008]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-05-04 237568]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 162584]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-29 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer HDD Camera Monitor.lnk
backup=C:\WINDOWS\pss\ImageMixer HDD Camera Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UCLA Cisco VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UCLA Cisco VPN Client.lnk
backup=C:\WINDOWS\pss\UCLA Cisco VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^R Marwaha^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\R Marwaha\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^R Marwaha^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\R Marwaha\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 08:51 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-06-02 09:05 1032192 C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-11-01 01:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-05-04 06:24 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a--c--- 2006-05-04 06:32 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-08-03 16:09 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
-----c--- 2003-09-10 00:24 20480 C:\Program Files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a--c--- 2004-11-11 08:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a--c--- 2006-07-29 05:00 26112 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
--a------ 2007-05-29 16:21 520192 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-03-08 18:20 17306664 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-01-02 07:13 1126400 C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"DbgSvc"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=3 (0x3)
"awhost32"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\hoss\\sw\\alicall32.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R0 puipr;puipr;C:\WINDOWS\system32\drivers\puipr.sys [2004-08-04 28960]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-04-22 9161]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 114080]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-05-04 16768]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 114080]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PCASp50.sys [ ]
S4 DbgSvc;Debug Diagnostic Service;C:\Program Files\DebugDiag\DbgSvc.exe [2007-01-16 316256]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06c8a362-71d7-11db-bc68-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15959f24-c55c-11dc-899b-444553544200}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29bf59d9-45e9-11dc-88e0-0016cffb3339}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e54f3bf-cbbf-11dc-89a3-444553544200}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58cf2832-635d-11dd-89f0-444553544200}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9318b7-3b1c-11dc-88c9-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b03d604-61b8-11dc-8907-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c248862-73b6-11dc-8930-0015c5458c74}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86e4010-c82b-11db-bce5-0016cffb3339}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
MSConfigStartUp-AOLDialer - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-D-Link AirPlus G - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
MSConfigStartUp-GoBoingo - C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1172840683\ee\AOLSoftware.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = www.3929.cn?tn=102720
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O18 -: Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 16:30:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\RMARWA~1\LOCALS~1\temp\clclean.0001
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-09-26 16:34:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-26 23:34:44
Pre-Run: 28,099,829,760 bytes free
Post-Run: 28,031,905,792 bytes free
296 --- E O F --- 2008-09-06 17:41:53
shelf life
2008-09-27, 05:15
hi,
thanks for the info. your welcome.we will use combofix to remove some files.
Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:
File::
C:\Documents and Settings\R Marwaha\g2mdlhlpx.exe
C:\WINDOWS\st_affiliate.ini
C:\WINDOWS\system32\drivers\lvuvc.hs
Driver::
lvuvc
Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on the desktop.
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log.
see how your start page acts now.
The home page is still forwarding. Good times! :)
Here is a new HiJackThis log and the new combo fix log after running the script you instructed me to run.
Thanks again.
---------------------------------------------
---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:24 AM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\R Marwaha\My Documents\downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.3929.cn?tn=102720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154662680312
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/09/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
--
End of file - 11093 bytes
------------------------------------------------------
------------------------------------------------------
------------------------------------------------------
------------------------------------------------------
ComboFix 08-09-26.01 - R Marwaha 2008-09-27 10:57:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1178 [GMT -7:00]
Running from: C:\Documents and Settings\R Marwaha\My Documents\downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\R Marwaha\My Documents\downloads\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\R Marwaha\g2mdlhlpx.exe
C:\WINDOWS\st_affiliate.ini
C:\WINDOWS\system32\drivers\lvuvc.hs
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@ads.revsci[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@revsci[2].txt
C:\Documents and Settings\R Marwaha\g2mdlhlpx.exe
C:\WINDOWS\st_affiliate.ini
C:\WINDOWS\system32\drivers\lvuvc.hs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_LVUVC
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.
2008-09-27 08:19 . 2008-09-27 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 08:18 . 2008-09-27 08:18 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 08:16 . 2008-09-27 08:17 <DIR> d-------- C:\Program Files\QuickTime
2008-09-27 08:14 . 2008-09-27 08:14 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-23 21:21 . 2008-09-23 21:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 21:18 . 2008-09-24 05:35 <DIR> d----c--- C:\SDFix
2008-09-09 20:37 . 2008-09-12 08:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-09 20:37 . 2008-09-12 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 07:24 . 2008-09-12 08:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 20:51 . 2008-09-26 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-07 13:53 . 2008-09-07 13:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-07 13:36 . 2008-09-07 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-07 13:31 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-09-07 13:31 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-07 13:31 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-09-07 13:31 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-09-07 13:31 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-09-07 13:31 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-07 13:29 . 2008-09-07 13:31 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-09-07 11:58 . 2008-09-08 04:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 11:58 . 2008-09-07 11:58 <DIR> d-------- C:\Documents and Settings\R Marwaha\Application Data\Malwarebytes
2008-09-07 11:58 . 2008-09-07 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 11:58 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 11:58 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-06 11:27 . 2008-09-07 12:22 <DIR> d-------- C:\WINDOWS\system32\inf
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-27 08:49 . 2008-08-27 09:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 15:20 --------- d-----w C:\Program Files\iTunes
2008-09-27 15:19 --------- d-----w C:\Program Files\iPod
2008-09-27 15:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-26 23:12 --------- d-----w C:\Documents and Settings\R Marwaha\Application Data\U3
2008-09-26 22:44 --------- d-----w C:\Program Files\McAfee
2008-09-17 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-09 03:51 --------- d-----w C:\Program Files\Google
2008-09-07 21:07 --------- d-----w C:\Program Files\Java
2008-09-07 20:50 --------- d-----w C:\Program Files\McAfee.com
2008-09-07 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-07 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-06 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-06 07:31 --------- d-----w C:\Documents and Settings\R Marwaha\Application Data\AdobeUM
2008-08-01 00:33 --------- d-----w C:\Documents and Settings\R Marwaha\Application Data\Apple Computer
.
------- Sigcheck -------
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2004-08-04 03:00 14336 ced048feae472734dcaeab4f4d11766e C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-26_16.34.13.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-27 15:20:47 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-09-27 15:14:37 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-27 15:18:49 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
- 2008-09-26 19:58:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-27 14:23:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-26 19:58:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-27 14:23:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-26 19:58:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-27 14:23:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-29 19:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 20:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 20:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 20:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
- 2008-01-29 19:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-04-17 20:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 138008]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-05-04 237568]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 162584]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-29 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer HDD Camera Monitor.lnk
backup=C:\WINDOWS\pss\ImageMixer HDD Camera Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UCLA Cisco VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UCLA Cisco VPN Client.lnk
backup=C:\WINDOWS\pss\UCLA Cisco VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^R Marwaha^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\R Marwaha\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^R Marwaha^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\R Marwaha\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 08:51 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-06-02 09:05 1032192 C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-11-01 01:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-05-04 06:24 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a--c--- 2006-05-04 06:32 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-08-03 16:09 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
-----c--- 2003-09-10 00:24 20480 C:\Program Files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a--c--- 2004-11-11 08:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a--c--- 2006-07-29 05:00 26112 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
--a------ 2007-05-29 16:21 520192 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-03-08 18:20 17306664 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-01-02 07:13 1126400 C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"DbgSvc"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=3 (0x3)
"awhost32"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\hoss\\sw\\alicall32.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 puipr;puipr;C:\WINDOWS\system32\drivers\puipr.sys [2004-08-04 28960]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-04-22 9161]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 114080]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-05-04 16768]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 114080]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PCASp50.sys [ ]
S4 DbgSvc;Debug Diagnostic Service;C:\Program Files\DebugDiag\DbgSvc.exe [2007-01-16 316256]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06c8a362-71d7-11db-bc68-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15959f24-c55c-11dc-899b-444553544200}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29bf59d9-45e9-11dc-88e0-0016cffb3339}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e54f3bf-cbbf-11dc-89a3-444553544200}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58cf2832-635d-11dd-89f0-444553544200}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9318b7-3b1c-11dc-88c9-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b03d604-61b8-11dc-8907-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c248862-73b6-11dc-8930-0015c5458c74}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86e4010-c82b-11db-bce5-0016cffb3339}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 11:09:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\RMARWA~1\LOCALS~1\temp\clclean.0001
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-09-27 11:14:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 18:14:11
ComboFix2.txt 2008-09-26 23:34:51
Pre-Run: 27,702,247,424 bytes free
Post-Run: 27,706,298,368 bytes free
313 --- E O F --- 2008-09-06 17:41:53
shelf life
2008-09-28, 16:41
hi zdiddy,
no luck yet. some process/code has to be changing it back at reboot. we just havent found it yet. update malwarebytes and we can try running it and spybot while you are in safe mode. also you can delete temps while in safe mode.
to reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list: safe mode.
once at the safe mode desktop run malwarebytes followed by spybot. please post the malwarebytes log. also in safe mode you can do this:
you might copy/paste this part into notepad and save it so you can read it in safe mode:
still in safe mode:
Click Start>Run then type %temp%
Hit OK. Delete all the files you can.
click Start>Run then type %windir%\temp
hit ok. delete all the files you can
Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
you can also drill down to these and delete files:
C:\Documents and Settings\-Any other users Profile-\Local Settings\Temporary Internet Files\
C:\Documents and Settings\-Any other users Profile-\Local Settings\Temp\
click start->settings->control panel->internet options->programs tab->RESET WEB SETTINGS
may have to "show all files" to see the local settings:
FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
if this dosnt work or provide any clues we will try another download to use. cross fingers.
Ok, did everything on the list (all file types and hidden files showing etc etc).
A few points of interest....
1) The home page is staying set to yahoo.com when I booted into safe mode, but when I reboot normally it changes back. something else interesting which may yield a clue...if I right click on the IE icon on desktop and change the home page it doesn't hold when I go back in and recheck it. But if I actually open the browser and go into internet options, change it, close the browser and reopen it, it stays chnaged to yahoo.com or any other link I change it to.
2) I forgot to mention this before, but it hangs forever when you shut it down or reboot and takes forever to log in and out of safe mode.
3) SpyBot is still hanging on the "host" file in safe mode and regular boot up.
4) I rescanned with Mcafee (recently upgraded and fully updated dat files) and the stinger and nothing is coming up (except for references to Malwarebytes and Spybot)
5) Please notice that the last two logs are both HiJackThis logs - 1st one from safe mode, and the 2nd I ran again after rebooting into normal mode. The browser running very slow (very delayed response while trying to navigate up and down throughout the text are where I'm entering this post) so I thought I would run it again. Althought the Windows Exploerer and text files I have open are snapping back up with no problems - just the IE window I have open is being a pig. Maybe I origianlly had to much content copied into the text field???
6) And lastly, when I rebooted back from safe mode (I did it twice just to be sure) I'm getting a little pop-up as it's booting up, that says: RUNDLL > Error ...\system32\5TqoUD.dll > Specific module can't be found. I googled 5TqoUD.dll and nothing at all came up.
Thought some of this info would be helpful. If not, I guess I'll just toss this thing in the trash, and go get a new MAC. :)
Thanks again!
Here are the new log files....
----------------------------------------
I removed all of the 500 or so repeated lines below to save some space in the post....
***Error during check!: Microsoft.Windows.RedirectedHosts [353 - $7CA381F6] (Cannot open file "C:\WINDOWS\System32\drivers\etc\hosts". The process cannot access the file because it is being used by another process) ()
***
----------------------------------------
----------------------------------------
----------------------------------------
Malwarebytes' Anti-Malware 1.27
Database version: 1130
Windows 5.1.2600 Service Pack 2
9/28/2008 9:00:35 AM
mbam-log-2008-09-28 (09-00-35).txt
Scan type: Quick Scan
Objects scanned: 52361
Time elapsed: 11 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()
Error during check!: Microsoft.Windows.RedirectedHosts [1 - $63CDFA57] (Cannot open file "C:\WINDOWS\System32\drivers\etc\hosts". The process cannot access the file because it is being used by another process) ()
Error during check!: Microsoft.Windows.RedirectedHosts [353 - $7CA381F6] (Cannot open file "C:\WINDOWS\System32\drivers\etc\hosts". The process cannot access the file because it is being used by another process) ()
Error during check!: Microsoft.Windows.RedirectedHosts [354 - $282300E8] (Cannot open file "C:\WINDOWS\System32\drivers\etc\hosts". The process cannot access the file because it is being used by another process) ()
Error during check!: Dummy [1 - $649C5A6E] (Cannot open file "C:\WINDOWS\System32\drivers\etc\hosts". The process cannot access the file because it is being used by another process) ()
Error during check!: Dummy [1 - $649C5A6E] (Cannot open file "C:\WINDOWS\System32\drivers\etc\hosts". The process cannot access the file because it is being used by another process) ()
Congratulations!: No immediate threats were found. ()
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-09-09 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-09-09 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-09-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-09-09 Includes\Malware.sbi (*)
2008-09-10 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-09-09 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-02 Includes\Spyware.sbi (*)
2008-09-09 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-09-10 Includes\Trojans.sbi (*)
2008-09-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885855
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB889673
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB892627
/ Windows XP / SP3: Windows XP Hotfix - KB893056
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896256)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Hotfix for Windows XP (KB906569)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Hotfix for Windows XP (KB908673)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Update for Windows XP (KB912945)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB914642)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932823-v3)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937143)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
--- Startup entries list ---
Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 111936
MD5: 3C59CB80D1849128C14FF2B3245419BE
Located: HK_LM:Run, DLA
command: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
file: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 162584
MD5: 2C0F5B7992CF976C2EFE75E394F2487F
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 138008
MD5: 554BF964313238DB774F1E3406766C63
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 696320
MD5: A54892B62CEF9790A669E8174C8C1C83
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 802816
MD5: 75A2ADC59D809994E3974F4E6B7680A9
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763DAB43BDAB27316DBF3373192823D7
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 289576
MD5: A7FA648719063B234A434A089FC0F49D
Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\system32\LVCOMSX.EXE
file: C:\WINDOWS\system32\LVCOMSX.EXE
size: 237568
MD5: 7691D314DC1E1AF289D65F1B2F75AE0F
Located: HK_LM:Run, MBMon
command: Rundll32 CTMBHA.DLL,MBMon
file: C:\WINDOWS\system32\CTMBHA.DLL
size: 1355938
MD5: 0EC23C3CDF28304596743263A34133A5
Located: HK_LM:Run, mcagent_exe
command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4
Located: HK_LM:Run, MPFExe
command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1005096
MD5: D76DCBA1BCE72093E00A4EFA114A4E98
Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 138008
MD5: 3B00D3D63E89B7383475CE5D1FC750FB
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: 6CD5C3276C83F72677D647F27EE14ABD
Located: HK_LM:Run, SigmatelSysTrayApp
command: stsystra.exe
file: C:\WINDOWS\stsystra.exe
size: 282624
MD5: AD2506958DE1937C16C553C0A1BE0572
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761947
MD5: ABB85828C394CEACACBC90373C59C529
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: C419DF63E0121D72411285780C2FC6CC
Located: HK_LM:RunOnce, SDLV
command: %systemroot%\system32\rundll32.exe %systemroot%\system32\5TqoUD.dll,DllRegisterServer
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
Located: HK_CU:Run, Creative Detector
where: PE_C_LOGMEINREMOTEUSER...
command: "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
file: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
size: 102400
MD5: C744293DFBE1A3347FEC5DBFE3FD123E
Located: HK_CU:Run, Creative MediaSource Go
where: PE_C_LOGMEINREMOTEUSER...
command: "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
file: C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
size: 135168
MD5: 5103ECB738D8AAAD81FE91532B2387C7
Located: HK_CU:Run, DellSupport
where: PE_C_LOGMEINREMOTEUSER...
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ModemOnHold
where: PE_C_LOGMEINREMOTEUSER...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1
Located: HK_CU:Run, SetDefaultMIDI
where: PE_C_LOGMEINREMOTEUSER...
command: MIDIDef.exe
file: C:\WINDOWS\MIDIDef.exe
size: 24576
MD5: 702A697091F0C47AF6BDAE2A35E2C248
Located: HK_CU:Run, Creative Detector
where: PE_C_LOGMEINREMOTEUSER.ROHIT...
command: "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
file: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
size: 102400
MD5: C744293DFBE1A3347FEC5DBFE3FD123E
Located: HK_CU:Run, Creative MediaSource Go
where: PE_C_LOGMEINREMOTEUSER.ROHIT...
command: "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
file: C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
size: 135168
MD5: 5103ECB738D8AAAD81FE91532B2387C7
Located: HK_CU:Run, DellSupport
where: PE_C_LOGMEINREMOTEUSER.ROHIT...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
Located: HK_CU:Run, ModemOnHold
where: PE_C_LOGMEINREMOTEUSER.ROHIT...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1
Located: HK_CU:Run, SetDefaultMIDI
where: PE_C_LOGMEINREMOTEUSER.ROHIT...
command: MIDIDef.exe
file: C:\WINDOWS\MIDIDef.exe
size: 24576
MD5: 702A697091F0C47AF6BDAE2A35E2C248
Located: HK_CU:Run, Creative Detector
where: S-1-5-21-3624333002-4055953087-2211670949-1006...
command: "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
file: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
size: 102400
MD5: C744293DFBE1A3347FEC5DBFE3FD123E
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3624333002-4055953087-2211670949-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, SetDefaultMIDI
where: S-1-5-21-3624333002-4055953087-2211670949-1006...
command: MIDIDef.exe
file: C:\WINDOWS\MIDIDef.exe
size: 24576
MD5: 702A697091F0C47AF6BDAE2A35E2C248
Located: Startup (common), Digital Line Detect.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: B66E56733E2CD6A10FDA5919625FBF46
Located: Startup (disabled), Acrobat Assistant (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
size: 217193
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
Located: Startup (disabled), America Online 9.0 Tray Icon (DISABLED)
command: C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
file: C:\PROGRA~1\AMERIC~1.0\aoltray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), Bluetooth (DISABLED)
command: C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
file: C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
size: 622653
MD5: 223A18AC9E6A23D6A8B84223F3794497
Located: Startup (disabled), HotSync Manager (DISABLED)
command: C:\PROGRA~1\palmOne\Hotsync.exe -logon
file: C:\PROGRA~1\palmOne\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
Located: Startup (disabled), HOTSYNCSHORTCUTNAME (DISABLED)
command: C:\PROGRA~1\palmOne\Hotsync.exe -logon
file: C:\PROGRA~1\palmOne\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
Located: Startup (disabled), ImageMixer HDD Camera Monitor (DISABLED)
command: C:\PROGRA~1\PIXELA\IMAGEM~1\HDDCAM~1.EXE
file: C:\PROGRA~1\PIXELA\IMAGEM~1\HDDCAM~1.EXE
size: 2117632
MD5: D9389D75FD732A3469DDCEC2BC1A4C81
Located: Startup (disabled), QuickBooks Update Agent (DISABLED)
command: C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe
file: C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe
size: 806912
MD5: F88F642F9BEDE17255D1A447F2579FC1
Located: Startup (disabled), UCLA Cisco VPN Client (DISABLED)
command: C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe "-user_logon"
file: C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), LimeWire On Startup (DISABLED)
command: C:\PROGRA~1\LimeWire\LimeWire.exe -startup
file: C:\PROGRA~1\LimeWire\LimeWire.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), palmOne Registration (DISABLED)
command: C:\PROGRA~1\palmOne\register.exe /remind /language=EN /INTL="true" /_NBL="true" /PRNM="palmOne"
file: C:\PROGRA~1\palmOne\register.exe
size: 2367488
MD5: FA4B5C6E69C610E9BF0789209A2F7A95
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, LMIinit
command: LMIinit.dll
file: LMIinit.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (McAntiPhishingBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: McAntiPhishingBHO
CLSID name: McAfee Phishing Filter
Path: c:\PROGRA~1\mcafee\msk\
Long name: mcapbho.dll
Short name:
Date (created): 9/7/2008 1:34:12 PM
Date (last access): 9/28/2008 9:04:44 AM
Date (last write): 11/26/2007 10:46:10 AM
Filesize: 324936
Attributes: archive
MD5: 4F7DD63B3D09D1CA6C13E53285A1884F
CRC32: 501C5F38
Version: 9.1.107.0
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 12/18/2006 9:25:46 PM
Date (last access): 9/28/2008 9:04:24 AM
Date (last write): 10/31/2006 4:29:16 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\System32\DLA\
Long name: DLASHX_W.DLL
Short name:
Date (created): 7/29/2006 5:06:46 AM
Date (last access): 9/28/2008 8:46:12 AM
Date (last write): 9/8/2005 3:20:00 AM
Filesize: 110652
Attributes: archive
MD5: 8EF6619212E5500022AB22FF11E68D3B
CRC32: 132215F0
Version: 5.20.8.0
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 8/24/2007 7:01:22 AM
Date (last access): 9/28/2008 8:25:50 AM
Date (last write): 8/24/2007 7:01:22 AM
Filesize: 2212224
Attributes: archive
MD5: 32C4927E013C018A13D8DFBDA4148812
CRC32: 9A9F3D8B
Version: 12.0.6211.1000
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan\
Long name: scriptsn.dll
Short name:
Date (created): 9/7/2008 1:31:22 PM
Date (last access): 9/28/2008 9:08:32 AM
Date (last write): 11/9/2007 12:09:08 PM
Filesize: 58688
Attributes: archive
MD5: 5B9FCB73F5A4A000C55AFF08B639A07C
CRC32: C78C7E89
Version: 14.0.0.366
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 1/7/2008 4:48:50 PM
Date (last access): 9/28/2008 7:43:48 AM
Date (last write): 1/7/2008 4:48:48 PM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\
Long name: swg.dll
Short name:
Date (created): 9/8/2008 8:51:56 PM
Date (last access): 9/28/2008 9:08:32 AM
Date (last write): 9/8/2008 8:51:56 PM
Filesize: 651248
Attributes: archive
MD5: 588DD213B6DE7DD0F0035C6BB83B21EE
CRC32: 17270CD2
Version: 4.1.805.1852
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: c:\PROGRA~1\mcafee\SITEAD~1\
Long name: McIEPlg.dll
Short name:
Date (created): 9/7/2008 1:34:38 PM
Date (last access): 9/28/2008 9:04:24 AM
Date (last write): 9/4/2008 11:43:36 AM
Filesize: 121632
Attributes: archive
MD5: 6F2F34A9BD1FA89773E3E457C6C1829C
CRC32: 9B281CA7
Version: 1.0.1.200
--- ActiveX list ---
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154662680312
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 9/28/2008 8:55:52 AM
Date (last write): 7/18/2008 10:07:32 PM
Filesize: 210976
Attributes: archive
MD5: C5F2BE2C84D119CCE6DB901EA49D1528
CRC32: D65E48EB
Version: 7.2.6001.784
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 9/27/2008 2:15:00 PM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 3:48:18 PM
Date (last access): 9/13/2008 11:36:38 AM
Date (last write): 11/19/2003 3:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 9/13/2008 11:36:54 AM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 9/13/2008 11:37:12 AM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/25/2007 12:31:44 AM
Date (last access): 9/13/2008 11:37:28 AM
Date (last write): 9/25/2007 2:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 9/28/2008 9:23:16 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 9/28/2008 9:23:16 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
--- Process list ---
PID: 0 ( 0) [System]
PID: 180 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 224 ( 180) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 248 ( 180) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 292 ( 248) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 304 ( 248) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 464 ( 292) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: CED048FEAE472734DCAEAB4F4D11766E
PID: 512 ( 292) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: CED048FEAE472734DCAEAB4F4D11766E
PID: 560 ( 292) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: CED048FEAE472734DCAEAB4F4D11766E
PID: 596 ( 292) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
size: 767976
MD5: CB3A8976DE2F65349322DA7627CEA223
PID: 1080 (1052) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1104 ( 464) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4
PID: 1244 ( 464) c:\PROGRA~1\mcafee\msc\mcuimgr.exe
size: 265040
MD5: 02800372FA7F33E4042DA92D362D6573
PID: 2008 (1080) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 9/28/2008 9:23:18 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
(AddressBook)
Adobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/
AliComm32 and Eval32 (AliComm32 and Eval32)
(AudioPlugin.dll)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
(Branding)
(CADI)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
Conexant HDA D110 MDC V.92 Modem (CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
(Connection Manager)
Cool Edit Pro 2.1 (Cool Edit Pro 2.1)
uninstall cmd: C:\Program Files\coolpro2\cep2unin.exe
(CopyNow.dll)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
(Creative MediaSource)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
(Creative MediaSource Detector)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
(Creative MediaSource Go!)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
(Creative MediaSource MiniDisc Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
(Creative Music Store Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
(Creative Restore Defaults)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
(Creative WaveStudio)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
(DataPlugin.dll)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
(DirectAnimation)
(DirectDrawEx)
(dlatray.exe)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
(DXM_Runtime)
(EAX)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
Microsoft Office Enterprise 2007 12.0.6215.1000 (ENTERPRISE)
install location: C:\Program Files\Microsoft Office
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
publisher: Microsoft Corporation
(Equalizer)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
(Fontcore)
Google Updater 2.3.1334.1308 (Google Updater)
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
publisher: Google Inc.
help link: http://pack.google.com:80/pack-support?hl=en&gl=us
Intel(R) Graphics Media Accelerator Driver (HDMI)
uninstall cmd: C:\WINDOWS\system32\igxpun.exe -uninstall
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Documents and Settings\R Marwaha\My Documents\downloads\HijackThis.exe" /uninstall
publisher: TrendMicro
(ICW)
Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20070930
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
(IE40)
(IE4Data)
(IE5BAKEX)
Windows Internet Explorer 7 20070813.185237 (ie7)
install date: 20071111
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie
(IEData)
(InstallShield Uninstall Information)
High Definition Audio Driver Package - KB835221 20040219.000000 (KB835221WXP)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB835221
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
(KB884267)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
(KB885353)
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB885855 20040930.104104 (KB885855)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885855
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
(KB886612)
(KB887078)
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
(KB887626)
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
(KB888656)
Windows XP Hotfix - KB889673 20041116.085848 (KB889673)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=889673
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
(KB891122)
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20070930
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
Windows XP Hotfix - KB892627 20050201.181426 (KB892627)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892627
Windows XP Hotfix - KB893056 20050126.164313 (KB893056)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893056
(KB893240)
(KB893241)
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
Windows Installer 3.1 (KB893803) (KB893803v2)
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391
(KB895181)
(KB895316)
Hotfix for Windows XP (KB896256) 1 (KB896256)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896256
Security Update for Windows XP (KB896358) 1 (KB896358)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896423) 1 (KB896423)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
(KB897586)
Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
(KB898549)
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899588) 1 (KB899588)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588
Security Update for Windows XP (KB899591) 1 (KB899591)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
(KB900399)
Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
(KB902344)
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 1 (KB904706)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Update for Windows XP (KB904942) 2 (KB904942)
install date: 20070930
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Hotfix for Windows XP (KB906569) 2 (KB906569)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=906569
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060729
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB908531) 2 (KB908531)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Hotfix for Windows XP (KB908673) 1 (KB908673)
install date: 20060729
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908673
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Update for Windows XP (KB911280) 2 (KB911280)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280
Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060729
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567
(KB911854)
Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060729
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Update for Windows XP (KB912945) 1 (KB912945)
install date: 20060729
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912945
Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580
Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388
Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060804
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389
Hotfix for Windows XP (KB914440) 12 (KB914440)
install date: 20070930
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914440
Hotfix for Windows XP (KB914642) 1 (KB914642)
install date: 20060729
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914642
Hotfix for Windows XP (KB915865) 10 (KB915865)
install date: 20070930
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=915865
Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060729
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281
Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595
Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159
Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060729
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344
Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422
Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734
Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953
Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070302
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118
Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060729
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439
Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899
Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007
Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213
Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214
Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670
Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683
Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685
Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872
Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398
Security Update for Windows XP (KB921503) 1 (KB921503)
install date: 20070815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921503
Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883
Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582
Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616
Security Update for Windows XP (KB922760) 1 (KB922760)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922760
Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061024
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819
Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061024
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191
Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061024
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414
Security Update for Windows XP (KB923689) (KB923689)
install date: 20061213
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689
Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20061213
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694
Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
install date: 20070302
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/923723
Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980
Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061024
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191
Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270
Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061024
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496
Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070302
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667
Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20061213
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398
Security Update for Windows XP (KB925454) 1 (KB925454)
install date: 20061213
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925454
Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20061024
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486
Security Update for Windows XP (KB925902) 1 (KB925902)
install date: 20070409
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925902
Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239
Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20061213
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255
Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070302
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436
Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070302
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779
Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070302
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802
Update for Windows XP (KB927891) 3 (KB927891)
install date: 20070526
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927891
Security Update for Windows XP (KB928090) 1 (KB928090)
install date: 20070228
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090
Security Update for Windows XP (KB928255) 1 (KB928255)
install date: 20070302
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928255
Security Update for Windows XP (KB928843) 1 (KB928843)
install date: 20070228
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928843
Security Update for Windows XP (KB929123) 1 (KB929123)
install date: 20070614
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929123
Update for Windows XP (KB929338) 1 (KB929338)
install date: 20070318
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929338
Hotfix for Windows Media Format 11 SDK (KB929399) (KB929399)
install date: 20070827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=929399
Security Update for Windows XP (KB929969) 1 (KB929969)
install date: 20070114
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969
Security Update for Windows XP (KB930178) 1 (KB930178)
install date: 20070412
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930178
Update for Windows XP (KB930916) 1 (KB930916)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930916
Security Update for Windows XP (KB931261) 1 (KB931261)
install date: 20070412
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931261
Security Update for Windows XP (KB931768) 1 (KB931768)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768
Security Update for Windows XP (KB931784) 1 (KB931784)
install date: 20070412
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931784
Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070302
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836
Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931906
Security Update for Windows XP (KB932168) 1 (KB932168)
install date: 20070412
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932168
Update for Windows XP (KB932823-v3) 3 (KB932823-v3)
install date: 20080608
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932823-v3
Update for Windows XP (KB933360) 1 (KB933360)
install date: 20070829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933360
Security Update for Windows XP (KB933566) 1 (KB933566)
install date: 20070614
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933566
Security Update for Windows XP (KB933729) 1 (KB933729)
install date: 20071104
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933729
Security Update for Windows XP (KB935839) 1 (KB935839)
install date: 20070614
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935839
Security Update for Windows XP (KB935840) 1 (KB935840)
install date: 20070614
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935840
Security Update for Windows XP (KB936021) 1 (KB936021)
install date: 20070815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936021
Update for Windows XP (KB936357) 1 (KB936357)
install date: 20070711
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936357
Security Update for Windows Media Player 10 (KB936782) (KB936782_WMP10)
install date: 20070815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782
Security Update for Windows XP (KB937143) 1 (KB937143)
install date: 20070815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937143
Security Update for Windows XP (KB938127) 1 (KB938127)
install date: 20070815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127
(KB938127-IE7)
Update for Windows XP (KB938828) 1 (KB938828)
install date: 20070815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938828
Security Update for Windows XP (KB938829) 1 (KB938829)
install date: 20070815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938829
Security Update for Windows Internet Explorer 7 (KB939653) 1 (KB939653-IE7)
install date: 20071111
uninstall cmd: "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=939653
Security Update for Windows XP (KB941202) 1 (KB941202)
install date: 20071104
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941202
Security Update for Windows XP (KB941568) 1 (KB941568)
install date: 20080118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941568
Security Update for Windows XP (KB941569) (KB941569)
install date: 20080118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941569
Security Update for Windows XP (KB941644) 1 (KB941644)
install date: 20080118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941644
Security Update for Windows XP (KB941693) 1 (KB941693)
install date: 20080523
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941693
Security Update for Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
install date: 20080118
uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=942615
Update for Windows XP (KB942763) 1 (KB942763)
install date: 20080118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=942763
Security Update for Windows XP (KB943055) 1 (KB943055)
install date: 20080225
uninstall cmd: "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=943055
Security Update for Windows XP (KB943460) 1 (KB943460)
install date: 20080118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=943460
Security Update for Windows XP (KB943485) 1 (KB943485)
install date: 20080118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=943485
Security Update for Windows Internet Explorer 7 (KB944533) 1 (KB944533-IE7)
install date: 20080225
uninstall cmd: "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=944533
Security Update for Windows XP (KB944653) 1 (KB944653)
install date: 20080118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=944653
Security Update for Windows XP (KB945553) 1 (KB945553)
install date: 20080523
uninstall cmd: "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=945553
Security Update for Windows XP (KB946026) 1 (KB946026)
install date: 20080226
uninstall cmd: "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=946026
Hotfix for Windows Internet Explorer 7 (KB947864) 1 (KB947864-IE7)
install date: 20080523
uninstall cmd: "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=947864
Security Update for Windows XP (KB948590) 1 (KB948590)
install date: 20080523
uninstall cmd: "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=948590
Security Update for Windows XP (KB948881) 1 (KB948881)
install date: 20080523
uninstall cmd: "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=948881
Security Update for Windows XP (KB950749) 1 (KB950749)
install date: 20080523
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950749
Security Update for Windows Internet Explorer 7 (KB950759) 1 (KB950759-IE7)
install date: 20080611
uninstall cmd: "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950759
Security Update for Windows XP (KB950760) 1 (KB950760)
install date: 20080611
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950760
Security Update for Windows XP (KB950762) 1 (KB950762)
install date: 20080611
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950762
Security Update for Windows XP (KB951376) 1 (KB951376)
install date: 20080611
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376
Security Update for Windows XP (KB951376-v2) 2 (KB951376-v2)
install date: 20080619
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376
Security Update for Windows XP (KB951698) 1 (KB951698)
install date: 20080611
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951698
Security Update for Windows XP (KB951748) 1 (KB951748)
install date: 20080710
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951748
LiveReg (Symantec Corporation) 2.0.0.963 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation
LiveUpdate 1.6 (Symantec Corporation) (LiveUpdate1.6)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20080908
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: http://www.malwarebytes.org
(McAfee Personal Firewall Plus)
uninstall cmd: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee Uninstaller (McAfee Uninstall Utility)
uninstall cmd: C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
(MobileOptionPack)
(MPlayer2)
McAfee SecurityCenter (MSC)
install location: C:\Program Files\McAfee
uninstall cmd: C:\Program Files\McAfee\MSC\mcuninst.exe
publisher: McAfee, Inc.
Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087
(NetMeeting)
Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20070930
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Intel(R) PROSet/Wireless Software 10.50.0000 (ProInst)
install location: C:\WINDOWS\Installer\iProInst.exe
uninstall cmd: C:\WINDOWS\Installer\iProInst.exe
publisher: Intel Corporation
comments: Intel(R) PROSet/Wireless installation package
contact: Intel Customer Support
help link: http://support.intel.com
Logitech® Camera Driver (QcDrv)
install location: C:\Program Files\Common Files\Logitech\QCDRV
install source: C:\Dell\cam\bin\
uninstall cmd: "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Sound Blaster ADVANCED MB Drivers (SAMB_ADVMB_FILTER_DRV)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Samsung CLP-300 Series (Samsung CLP-300 Series)
uninstall cmd: C:\Program Files\Samsung\Samsung CLP-300 Series\Install\Setup.exe /R
(SchedulingAgent)
(SFBM)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
Skype 2.0 2.0 (Skype_is1)
install location: C:\Program Files\Skype\Phone\
uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/2.0.31.95/en/help
Snapshot Viewer (Snapshot Viewer)
uninstall cmd: C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
(Sound Blaster Audigy ADVANCED MB)
Sound Blaster Audigy ADVANCED MB Product Registration (Sound Blaster Audigy ADVANCED MB Product Registration)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
(Sound Blaster Audigy ADVANCED MB Windows Drivers)
uninstall cmd: "C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
(SPEAKER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Learn2 Player (Uninstall Only) (StreetPlugin)
uninstall cmd: C:\Program Files\Learn2.com\StRunner\stuninst.exe
(SURMIXER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
Synaptics Pointing Device Driver 8.2.4.6 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
publisher: Synaptics
Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VZAccess Manager 6.3.7 (VZAccess Manager)
uninstall cmd: C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
publisher: Smith Micro Software, Inc.
WebCyberCoach 3.2 Dell (WebCyberCoach_wtrb)
uninstall cmd: "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0 (WGA)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
Windows Genuine Advantage Notifications (KB905474) 1.5.0540.0 (WgaNotify)
install date: 20060806
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474
Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinZip (WinZip)
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Windows Media Format 11 runtime (WMFDist11)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716
Yahoo! Browser Services (Yahoo! Customizations)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager (YInstHelper)
uninstall cmd: C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Macromedia Flash Player 7.0.19.0 ({0456ebd7-5f67-4ab6-852e-63781e3f389c})
version: 117440531
version (major): 7
install date: 20060729
uninstall cmd: MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
publisher: Macromedia, Inc.
mSSO 7.15.0000 ({06BE8AFD-A8E2-4B63-BAE7-287016D16ACB})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 324
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Roxio RecordNow Data 2.0.4 ({075473F5-846A-448B-BCB3-104AA1760205})
version: 33554436
version (major): 2
install date: 20060729
uninstall cmd: MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
publisher: Roxio
MSXML 6.0 Parser (KB933579) 6.10.1200.0 ({0A869A65-8C94-4F7C-A5C7-972D3C8CED9E})
version: 101319856
version (major): 6
version (minor): 10
estimated size: 1341
install date: 20070827
install source: c:\1e081e65cc6c13e42f29695fbe77db\
uninstall cmd: MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/933579
3.00 ({0B095086-7205-4D48-90DF-DCD16613C6D4})
version: 50331648
install location: C:\Program Files\Creative\MediaSource\Detector
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
mLogView 7.15.0000 ({0E2B0B41-7E08-4F9F-B21F-41C4133F43B7})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 756
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Microsoft Plus! Photo Story 2 LE 1.1.0.3463 ({0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B})
version: 16842752
version (major): 1
version (minor): 1
install date: 20060729
uninstall cmd: MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
publisher: Microsoft Corporation
readme: C:\Program Files\Microsoft Plus! Photo Story 2 LE\Readme.htm
Security Update for CAPICOM (KB931906) 2.1.0.2 ({0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 770
install date: 20070514
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
Qualxserve Service Agreement 1.10.0000 ({0F756CD9-4A1E-409B-B101-601DDC4C03AA})
version: 17432576
version (major): 1
version (minor): 10
install date: 20060729
uninstall cmd: MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
publisher: Dell
comments: Go to http://support.dell.com.
contact: Dell Support
help link: http://support.dell.com
help telephone: 0
3.00 ({103BCDA0-E063-46AC-8028-64E78722ABA7})
version: 50331648
install location: C:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
Roxio DLA 5.2.0 ({1206EF92-2E83-4859-ACCB-2048C3CB7DA6})
version: 84017152
version (major): 5
version (minor): 2
install date: 20060729
uninstall cmd: MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
publisher: Roxio
help link: http://support.sonic.com/
QuickBooks Simple Start Special Edition ({14374619-0900-4056-BA06-C87C900AF9E6})
install location: C:\Program Files\Intuit\QuickBooks 2005\
uninstall cmd: msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
comments: To repair this program, click on Change/Remove button.
contact: Customer Support Department
help link: http://www.quickbooks.com/support/
help telephone: 1-800-881-2079
Mobile Broadband Drivers 2.01.07.10 ({190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2})
version: 33619975
version (major): 2
version (minor): 1
estimated size: 2412
install date: 20070808
install location: C:\Program Files\Novatel Wireless\
install source: C:\WINDOWS\Downloaded Installations\{97E01F71-E28E-42F5-8A14-5E0B70A1DCE3}\
uninstall cmd: MsiExec.exe /X{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}
publisher: Novatel Wireless
help link: www.nvtl.com
2.0.0000.0 ({219B0DA4-8F1A-499D-8795-4A07C632521E})
version: 33554432
version (major): 2
estimated size: 40463
install date: 20071014
install source: D:\Streets\MSMap\Redist\MSTTSEng_20\
uninstall cmd: MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
publisher: Microsoft
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
mProSafe 9.00.0000 ({23FB368F-1399-4EAC-817C-4B83ECBE3D83})
version: 150994944
version (major): 9
estimated size: 472
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
DeLorme Street Atlas USA 2007 Plus 1.12.2007 ({258E7BCB-F415-4517-AB13-0A20DDDECAAB})
version: 17565655
version (major): 1
version (minor): 12
estimated size: 2128930
install date: 20070809
install location: C:\Program Files\DeLorme\Street Atlas USA 2007 Plus\
install source: D:\
uninstall cmd: MsiExec.exe /I{258E7BCB-F415-4517-AB13-0A20DDDECAAB}
publisher: DeLorme Publishing, Inc.
contact: Technical Support Department
help link: http://www.delorme.com/support
1.10 ({2616B36E-38CE-4357-8AB5-8B3EE9B1C117})
version: 17432576
install location: C:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
Broadcom Management Programs 8.65.05 ({26E1BFB0-E87E-4696-9F89-B467F01F81E5})
version: 138477573
version (major): 8
version (minor): 65
install date: 20060729
install location: C:\Program Files\Broadcom\
uninstall cmd: MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
publisher: Broadcom Corporation
comments: Broadcom Advanced Control Suite 2 (BACS)
contact: Dell Customer Support
help link: http://www.support.dell.com
Creative MediaSource 3.00 ({2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC})
version: 50331648
install location: C:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\Setup.exe" -l0x9 /remove
help link: http://www.creative.com/support
Sonic Update Manager 3.0.0 ({30465B6C-B53F-49A1-9EBA-A3F187AD502E})
version: 50331648
version (major): 3
install date: 20060729
uninstall cmd: MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
publisher: Sonic Solutions
Java(TM) SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 137306
install date: 20070707
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_01-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt
Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113906
install date: 20070718
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_02\README.txt
Java(TM) 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113966
install date: 20080107
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_03\README.txt
Java(TM) 6 Update 7 1.6.0.70 ({3248F0A8-6813-11D6-A77B-00B0D0160070})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 117050
install date: 20080907
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_07-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_07\README.txt
2.00 ({32B4B536-4443-42F0-9676-98373BE9114F})
version: 33554432
install location: C:\Program Files\Creative\SBAudigy\Speaker Settings
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
Windows Media Player 10 9.00.3636 ({33BB4982-DC52-4886-A03B-F4C5C80BEE89})
version: 150998580
version (major): 9
install date: 20060729
uninstall cmd: MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=9647
2.00 ({34EBD418-B8E6-4E86-89C4-33B72CF5663F})
version: 33554432
install location: C:\Program Files\Creative\SBAudigy\Program
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20040810
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
NetZeroInstallers 1.0.0 ({352310C3-E46B-42D3-8F32-54721FDD72D9})
version: 16777216
version (major): 1
install date: 20060729
uninstall cmd: MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
publisher: NetZero, Inc.
contact: NetZero, Inc.
MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20061117
install source: c:\1714e2abc09caac86e0d99a681c92d68\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978
Debug Diagnostics Tool 1.1 (x86) 1.6.0204 ({3B78B379-C0E7-4FBF-9FD9-04FB6E05E60F})
version: 17170636
version (major): 1
version (minor): 6
estimated size: 9048
install date: 20071103
install source: C:\Documents and Settings\R Marwaha\Desktop\update\
uninstall cmd: MsiExec.exe /I{3B78B379-C0E7-4FBF-9FD9-04FB6E05E60F}
publisher: Microsoft Corporation
contact: Microsoft Corporation
help link: http://support.microsoft.com
help telephone: 800-936-5800
mIWA 7.15.0000 ({3E9D596A-61D4-4239-BD19-2DB984D2A16F})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 1325
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
WIDCOMM Bluetooth Software 5.0.1.2609 ({3F4EC965-28EF-45C3-B063-04B25D4E9679})
version: 83886081
version (major): 5
estimated size: 30778
install date: 20060729
install source: C:\dell\GK101\Win32\
uninstall cmd: MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
publisher: Dell
help link: Support.Dell.com
help telephone:
NetWaiting 2.5.23 ({3F92ABBB-6BBF-11D5-B229-002078017FBF})
version (major): 2
version (minor): 5
install location: C:\Program Files\NetWaiting
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
publisher: BVRP Software, Inc
LogMeIn 3.00.606 ({3FEC3A5B-60FF-4626-B425-08E09B121A15})
version: 50332254
version (major): 3
estimated size: 18372
install date: 20070808
install source: C:\Documents and Settings\R Marwaha\Local Settings\Temporary Internet Files\Content.IE5\RE0FZLKP\
uninstall cmd: MsiExec.exe /I{3FEC3A5B-60FF-4626-B425-08E09B121A15}
publisher: LogMeIn, Inc.
help telephone: +1-866-600-7205
iTunes 8.0.0.35 ({41B9E2CF-0B3F-442A-B5B3-592A4A355634})
version: 134217728
version (major): 8
estimated size: 89538
install date: 20080927
install location: C:\Program Files\iTunes\
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\IXP415.TMP\
uninstall cmd: MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
Dell CinePlayer 3.0 ({43CAC9A1-1993-4F65-9096-7C9AFC2BBF54})
version: 50331648
version (major): 3
install date: 20060729
uninstall cmd: MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
publisher: Dell
Sonic Advanced Decoder ({46C73DE4-E96D-4F7C-8371-F28052183B12})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
mHlpDell 7.15.0000 ({49D687E5-6784-431B-A0A2-2F23B8CC5A1B})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 292
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
publisher: Intel
comments: Help Files
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
1.00 ({52338F65-A1C3-4CDC-B733-50051682B297})
version: 16777216
install location: C:\Program Files\Creative\SBAudigy\Equalizer
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
Sound Blaster Audigy ADVANCED MB 1.0 ({53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB})
version: 16777216
install location: C:\Program Files\Creative\SBAudigy
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
help link: http://www.creative.com/support
6.00 ({569A9538-86EC-44C3-8EE4-C68B165F2A75})
version: 100663296
install location: C:\Program Files\Creative\SBAudigy\WaveStudio
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
MSXML 6.0 Parser (KB927977) 6.00.3890.0 ({5A710547-B58E-488B-828D-CA9A25A0533C})
version: 100667186
version (major): 6
estimated size: 1332
install date: 20070825
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927977
2.00 ({5B17E626-7885-4FC3-A66A-73548A4F01FD})
version: 33554432
install location: C:\Program Files\Creative\SBAudigy\EAX
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
Sonic Activation Module 1.0 ({5B6BE547-21E2-49CA-B2E2-6A5F470593B1})
version: 16777216
version (major): 1
install date: 20060729
uninstall cmd: MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
publisher: Sonic Solutions
({5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977})
AOLIcon 1.00.0000 ({62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C})
version: 16777216
version (major): 1
estimated size: 648
install date: 20060729
install source: C:\dell\KC999\
uninstall cmd: MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
publisher: Dell
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-4505
mWMI 7.15.0000 ({63DB9CCD-2B56-4217-9A3D-507AC78320CA})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 452
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
1.00.0000 ({644B991F-B109-4360-9DA3-40CDAD13961C})
version: 16777216
version (major): 1
estimated size: 6820
install date: 20071014
install source: D:\Streets\MSMap\Redist\SAPI\
uninstall cmd: MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
publisher: Your Company Name
help link: http://www.yourcompany.com
help telephone: 555-555-1234
Apple Software Update 2.1.1.116 ({6956856F-B6B3-4BE0-BA0B-8F495BE32033})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 2208
install date: 20080927
install location: C:\Program Files\Apple Software Update\
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\IXP415.TMP\
uninstall cmd: MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
MobileMe Control Panel 2.1.0.24 ({6DA9102E-199F-43A0-A36B-6EF48081A658})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 5247
install date: 20080927
install location: C:\Program Files\Common Files\Apple\Mobile Device Support\
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\IXP415.TMP\
uninstall cmd: MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
Microsoft Plus! Digital Media Edition Installer 1.1.0.3514 ({6E45BA47-383C-4C1E-8ED0-0D4845C293D7})
version: 16842752
version (major): 1
version (minor): 1
install date: 20060729
uninstall cmd: MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
publisher: Microsoft Corporation
1.03 ({700932B3-A964-4878-82A2-96054622A1F7})
version: 16973824
install location: C:\Program Files\Creative\ShareDLL\CADI
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
Java 2 Runtime Environment, SE v1.4.2_03 1.4.2_03 ({7148F0A8-6813-11D6-A77B-00B0D0142030})
version (major): 1
version (minor): 4
estimated size: 139992
install date: 20060729
install source: C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt
EarthLink setup files 2005.1.47.0 ({728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE})
version (major): 2005
version (minor): 1
install date: 20060729
install location: C:\Program Files\EarthLink Setup\
uninstall cmd: MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
publisher: EarthLink
comments: None
contact: Customer Support Department
help link: http://support.earthlink.net
help telephone: 1-800-EARTHLINK
3.00 ({73919E2B-725C-4FAA-8473-45E063A3575F})
version: 50331648
install location: C:\Program Files\Creative\SBAudigy\SFBM
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
Dell System Restore 2.00.0000 ({74F7662C-B1DB-489E-A8AC-07A06B24978B})
version: 33554432
version (major): 2
install date: 20060729
publisher: Dell Inc.
comments: N/A
contact: Customer Support Department
help link: http://support.dell.com
help telephone: 1-800-624-9896
ImageMixer3 3.00.006 ({751910E3-ECF1-44D0-BF3F-2936A4424514})
version: 50331654
install date: 20070722
install location: C:\Program Files\PIXELA\ImageMixer3
install source: D:\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{751910E3-ECF1-44D0-BF3F-2936A4424514}\setup.exe" -l0x9 UNINSTALL -removeonly
publisher: PIXELA
3.00 ({7AFFF09F-386B-4F7A-B3E0-EC24C13893AA})
version: 50331648
install location: C:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
LogMeIn 4.0.680 ({7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A})
version: 67109544
version (major): 4
estimated size: 21624
install date: 20071228
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\
uninstall cmd: MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
publisher: LogMeIn, Inc.
help telephone: +1-866-600-7205
DellSupport 6.0.3062 ({7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D})
version: 100666358
version (major): 6
estimated size: 15145
install date: 20071103
install location: C:\Program Files\DellSupport\
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\gac241.tmp.dir\Release_01_3062\
uninstall cmd: MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
publisher: Dell
comments: .
contact: .
help link: http://support.dell.com/support/topics/global.aspx/support/kb/en/document?dn=1091989
help telephone: .
Modem Helper 3.01 ({7F142D56-3326-11D5-B229-002078017FBF})
install location: C:\Program Files\Modem Helper
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
publisher: BVRP Software
Bonjour 1.0.105 ({8A25392D-C5D2-4E79-A2BD-C15DDC5B0959})
version: 16777321
version (major): 1
estimated size: 497
install date: 20080927
install location: C:\Program Files\Bonjour\
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\IXP415.TMP\
uninstall cmd: MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
3.0 ({8A3F2ADE-DEF2-4A50-866A-6B9357B5590F})
version: 50331648
install location: C:\Program Files\Creative\MediaSource\Go
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
mPfMgr 7.15.0000 ({8B928BA1-EDEC-4227-A2DA-DD83026C36F5})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 1968
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Skype Setup 2.0.31.95 ({8CD1F21C-D3A2-4B07-8493-31752E93A3E4})
version: 33554463
version (major): 2
install date: 20060729
install location: C:\Dell\Skype Setup\
uninstall cmd: MsiExec.exe /X{8CD1F21C-D3A2-4B07-8493-31752E93A3E4}
publisher: Skype Technologies
comments: Skype preload for Dell
help link: http://www.skype.com
Andrea VoiceCenter ({8D2AE3F6-79DF-423C-91CB-389F6FB5837B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove
QuickTime 7.55.90.70 ({8DC42D05-680B-41B0-8878-6C14D24602DB})
version: 121045082
version (major): 7
version (minor): 55
estimated size: 89493
install date: 20080927
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\IXP415.TMP\
uninstall cmd: MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
Microsoft Software Update for Web Folders (English) 12 12.0.6215.1000 ({90120000-0010-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 2227
install date: 20080906
install source: C:\MSOCache\All Users\{90120000-0010-0409-0000-0000000FF1CE}-C\
publisher: Microsoft Corporation
Microsoft Office Access MUI (English) 2007 12.0.6215.1000 ({90120000-0015-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 31916
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\
uninstall cmd: MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Excel MUI (English) 2007 12.0.6215.1000 ({90120000-0016-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 36912
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office PowerPoint MUI (English) 2007 12.0.6215.1000 ({90120000-0018-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 15389
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Publisher MUI (English) 2007 12.0.6215.1000 ({90120000-0019-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 24282
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Outlook MUI (English) 2007 12.0.6215.1000 ({90120000-001A-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 22828
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Word MUI (English) 2007 12.0.6215.1000 ({90120000-001B-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 18657
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-001B-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Proof (English) 2007 12.0.6213.1000 ({90120000-001F-0409-0000-0000000FF1CE})
version: 201332805
version (major): 12
estimated size: 56807
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.en\
uninstall cmd: MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173})
uninstall cmd: msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Proof (French) 2007 12.0.6213.1000 ({90120000-001F-040C-0000-0000000FF1CE})
version: 201332805
version (major): 12
estimated size: 23736
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\
uninstall cmd: MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C})
uninstall cmd: msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Proof (Spanish) 2007 12.0.6213.1000 ({90120000-001F-0C0A-0000-0000000FF1CE})
version: 201332805
version (major): 12
estimated size: 38517
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.es\
uninstall cmd: MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1})
uninstall cmd: msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Proofing (English) 2007 12.0.4518.1014 ({90120000-002C-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 506
install date: 20070228
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
Microsoft Office Enterprise 2007 12.0.6215.1000 ({90120000-0030-0000-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 1110835
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
publisher: Microsoft Corporation
Security Update for Office 2007 (KB947801) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
publisher: Microsoft
help link: http://support.microsoft.com/kb/947801
Update for Microsoft Office Outlook 2007 (KB952142) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4AD3A076-427C-491F-A5B7-7D1DE788A756})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
publisher: Microsoft
help link: http://support.microsoft.com/kb/952142
Security Update for Excel 2007 (KB946974) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
publisher: Microsoft
help link: http://support.microsoft.com/kb/946974
Security Update for Microsoft Office system 2007 (KB951808) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
publisher: Microsoft
help link: http://support.microsoft.com/kb/951808
Update for Office 2007 (KB946691) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A420F522-7395-4872-9882-C591B4B92278})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
publisher: Microsoft
help link: http://support.microsoft.com/kb/946691
Security Update for Microsoft Office Word 2007 (KB950113) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{AD72BABE-C733-4FCF-9674-4314466191B9})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
publisher: Microsoft
help link: http://support.microsoft.com/kb/950113
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Update for Outlook 2007 Junk Email Filter (kb955433) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D9806966-6AA1-4B55-9528-6748E37CEE86})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86}
publisher: Microsoft
help link: http://support.microsoft.com/kb/955433
Security Update for Microsoft Office Publisher 2007 (KB950114) ({90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85})
uninstall cmd: msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
publisher: Microsoft
help link: http://support.microsoft.com/kb/950114
Microsoft Office InfoPath MUI (English) 2007 12.0.6215.1000 ({90120000-0044-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 8385
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0044-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Shared MUI (English) 2007 12.0.6215.1000 ({90120000-006E-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 48646
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85})
uninstall cmd: msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office OneNote MUI (English) 2007 12.0.6215.1000 ({90120000-00A1-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 37842
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-00A1-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Groove MUI (English) 2007 12.0.6215.1000 ({90120000-00BA-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 3566
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\Groove.en-us\
uninstall cmd: MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Groove Setup Metadata MUI (English) 2007 12.0.6215.1000 ({90120000-0114-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 502
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Shared Setup Metadata MUI (English) 2007 12.0.6215.1000 ({90120000-0115-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 494
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85})
uninstall cmd: msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
Microsoft Office Access Setup Metadata MUI (English) 2007 12.0.6215.1000 ({90120000-0117-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 502
install date: 20080906
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
2007 Microsoft Office Suite Service Pack 1 (SP1) ({90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59})
uninstall cmd: msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
publisher: Microsoft
help link: http://support.microsoft.com/kb/936982
mPfWiz 7.15.0000 ({90B0D222-8C21-4B35-9262-53B042F18AF9})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 936
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
mDrWiFi 7.15.0000 ({90CC4231-94AC-45CD-991A-0253BFAC0650})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 1007
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
1.00 ({943884D4-B604-496F-B132-DFA9C63FAF6A})
version: 16777216
install location: C:\Program Files\Creative\Sound Blaster ADVANCED MB Drivers
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
mZConfig 7.15.0000 ({94658027-9F16-4509-BBD7-A59FE57C3023})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 758
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Microsoft English TTS Engine 2.0.1000.0 ({94824ADD-8F26-43D2-84DB-22E11F377E5E})
version: 33555432
version (major): 2
estimated size: 40397
install date: 20071014
install source: D:\Streets\MSMap\Redist\MSTTSEng_21\
uninstall cmd: MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
publisher: Microsoft
SAPI Wrapper 1.0.0.0 ({96172E04-BB14-45F6-A77B-8EE7A421B903})
version: 16777216
version (major): 1
estimated size: 24
install date: 20071014
install source: D:\Streets\MSMap\Redist\SAPI\
uninstall cmd: MsiExec.exe /I{96172E04-BB14-45F6-A77B-8EE7A421B903}
publisher: Microsoft Corporation
TTS Wrapper 1.0.0.0 ({97D0C0A1-7E64-4B05-A2EE-61D2CE23F154})
version: 16777216
version (major): 1
estimated size: 24
install date: 20071014
install source: D:\Streets\MSMap\Redist\MSTTSEng_20\
uninstall cmd: MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
publisher: Microsoft Corporation
mXML 7.15.0000 ({9CC89556-3578-48DD-8408-04E66EBEF401})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 22509
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
mDriver 7.15.0000 ({A0F925BF-5C55-44C2-A4E7-5A4C59791C29})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 15648
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
publisher: Intel
comments: Intel Wireless Adapter driver installation
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
2.00 ({A82F10CB-18B5-4EAC-AEF2-FA49CD565626})
version: 33554432
install location: C:\Program Files\Creative\Shared Files
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
MSXML 4.0 SP2 (KB925672) 4.20.9839.0 ({A9CF9052-F4A0-475D-A00F-A8388C62DD63})
version: 68429423
version (major): 4
version (minor): 20
estimated size: 2617
install date: 20061023
install source: c:\f1666775719ba8f90460\
uninstall cmd: MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/925672
Apple Mobile Device Support 2.1.0.25 ({AA9768AA-FF0B-4C66-A085-31E934F77841})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 39673
install date: 20080927
install location: C:\Program Files\Common Files\Apple\Mobile Device Support\
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\IXP415.TMP\
uninstall cmd: MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
Roxio RecordNow Audio 2.0.4 ({AB708C9B-97C8-4AC9-899B-DBF226AC9382})
version: 33554436
version (major): 2
install date: 20060729
uninstall cmd: MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
publisher: Roxio
Dell Media Experience 3.1 ({AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B})
version: 50397184
version (major): 3
version (minor): 1
install date: 20060729
uninstall cmd: MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
publisher: Dell
Adobe Acrobat - Reader 6.0.2 Update 6.0.2 ({AC76BA86-0000-0000-0000-6028747ADE01})
version: 100663298
version (major): 6
estimated size: 5780
install date: 20060729
install source: C:\Program Files\Adobe\{AC76BA86-0000-0000-7AC5-6028747ADE00}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
publisher: Adobe Systems
comments: Adobe Acrobat - Reader 6.0.2 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687
Adobe Acrobat 6.0 Professional 006.000.000 ({AC76BA86-1033-0000-7760-000000000001})
version: 100663296
version (major): 6
estimated size: 236717
install date: 20070808
install location: C:\Program Files\Adobe\Acrobat 6.0\
install source: C:\Documents and Settings\R Marwaha\Desktop\Adobe Acrobat 6\Adobe Acrobat 6.0 Professional\
uninstall cmd: MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
publisher: Adobe Systems
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Readme.htm
Adobe Reader 6.0.1 006.000.001 ({AC76BA86-7AD7-1033-7B44-A00000000001})
version: 100663297
version (major): 6
install date: 20060729
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Reader\Readme.htm
WordPerfect Office 12 12.01 ({AF19F291-F22F-4798-9662-525305AE9E48})
version: 201392128
version (major): 12
version (minor): 1
install date: 20060729
install location: C:\Program Files\WordPerfect Office 12\
uninstall cmd: MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
publisher: Corel Corporation
comments: Installs WordPerfect Office 12
contact: Corel Customer Service
help link: http://www.corel.com/support
readme: file:///C:\Program Files\WordPerfect Office 12\Programs\ReadMe.htm
Symantec pcAnywhere 10.0 ({B05E8183-866A-11D3-97DF-0000F8D8F2E9})
version: 167772160
version (major): 10
estimated size: 35955
install date: 20060803
install source: D:\Installs\PCANYW~7\PCA32F~3\CD\disk1\
uninstall cmd: MsiExec.exe /I{B05E8183-866A-11D3-97DF-0000F8D8F2E9}
publisher: Symantec
help link: http://www.symantec.com/techsupp
Roxio RecordNow Copy 2.0.4 ({B12665F4-4E93-4AB4-B7FC-37053B524629})
version: 33554436
version (major): 2
install date: 20060729
uninstall cmd: MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
publisher: Roxio
Spybot - Search & Destroy 1.6.0 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20080909
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support
Microsoft .NET Framework 2.0 Service Pack 1 2.1.21022 ({B508B3F1-A24A-32C0-B310-85786919EF28})
version: 33640990
version (major): 2
version (minor): 1
estimated size: 190114
install date: 20080523
install source: c:\7677564b176bb962ca210a902ca74b\wcu\dotnetframework\dotnetfx20\
uninstall cmd: MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=98073
Digital Content Portal 1.00.0000 ({B702CCCE-3176-4DBF-B932-D1B8F402F330})
version: 16777216
version (major): 1
install date: 20060729
uninstall cmd: MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
publisher: Dell
comments: Dell Download Center
contact: Customer Support Department
help link: http://support.dell.com/
help telephone: http://support.dell.com/
MSXML 4.0 SP2 (KB936181) 4.20.9848.0 ({C04E32E0-0416-434D-AFB9-6969D703A9EF})
version: 68429432
version (major): 4
version (minor): 20
estimated size: 2680
install date: 20070815
install source: c:\33de92fb9911a94c1b62e563\
uninstall cmd: MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/936181
CinepPlayer 30 Update ({C41F4616-44B6-4E8D-BFC7-4267862A2CE1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}\setup.exe" -l0x9 -L0x9 /SMAINT
QuickSet 7.1.9 ({C5074CC4-0E26-4716-A307-960272A90040})
version: 117506057
install location: C:\Program Files\Dell\QuickSet
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Microsoft Streets & Trips 2008 15.0.17.1600 ({C82185E8-C27B-4EF4-2008-4444BC2C2B6D})
version: 251658257
version (major): 15
estimated size: 1146673
install date: 20071014
install location: C:\Program Files\Microsoft Streets & Trips\
install source: D:\Streets\MSMap\
uninstall cmd: MsiExec.exe /I{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Streets & Trips\readme.htm
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 75255
install date: 20070711
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Logitech QuickCam Software 9.60.0000 ({CED6D2AF-BB0C-49A2-BDC4-A66A10AC4755})
version: 154927104
install location: C:\Program Files\Logitech\Video
install source: C:\dell\GJ892\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CED6D2AF-BB0C-49A2-BDC4-A66A10AC4755}\setup.exe" -l0x9
publisher: Logitech, Inc.
contact: Logitech Customer Support
help link: http://www.logitech.com/support
help telephone: USA: (702) 269-3457 UK: +44 (0) 1344-894301
readme: C:\Program Files\Logitech\Video\Readme.htm
MCU 1.00.0000 ({D2988E9B-C73F-422C-AD4B-A66EBE257120})
version: 16777216
version (major): 1
estimated size: 624
install date: 20060729
install source: C:\dell\M8192\
uninstall cmd: MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
publisher: Dell
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: http://support.dell.com/
1.00 ({DAAC5938-8026-4D0C-A476-D1954917B7F5})
version: 16777216
install location: C:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
version: 67108864
version (major): 4
estimated size: 2020
install date: 20080107
install source: http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_03/sp1/
uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
publisher: Google Inc.
3.00 ({DE4A4C48-2232-4CCB-AD61-490ACD29BA85})
version: 50331648
install location: C:\Program Files\Creative\SBAudigy\Surround Mixer
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
Digital Line Detect 1.15 ({E646DCF0-5A68-11D5-B229-002078017FBF})
version (major): 1
version (minor): 15
install location: C:\Program Files\Digital Line Detect
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
publisher: BVRP Software, Inc
mCore 7.15.0000 ({E81667C6-2856-46D6-ABEA-6A2F42166779})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 8322
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Musicmatch for Windows Media Player 0.00.000 ({E93E5EF6-D361-481E-849D-F16EF5C78EBC})
install location: C:\Program Files\Musicmatch\MUSICMATCH Music Services
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Live Search Maps Add-In for Microsoft Office Outlook 3.0.1526.1 ({EB9A4856-C28A-4BC2-9373-975A33BB9CD4})
version: 50333174
version (major): 3
estimated size: 14552
install date: 20071014
install source: C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\Live Search Maps for Outlook Setup 3.0.1526.1\
uninstall cmd: MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
publisher: Microsoft Corporation
1.50 ({EEEF992E-270C-4B4C-8389-4B3DEEE33190})
version: 20054016
install location: C:\Program Files\Creative\Sound Blaster Audigy ADVANCED MB\Product Registration\English
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
Nortel Networks Contivity VPN Client ({EF964A78-078C-11D1-B7A7-0000C0134CE6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
mMHouse 7.15.0000 ({F0BFC7EF-9CF8-44EE-91B0-158884CD87C5})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 1680
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
15.0.4002.469 ({F543B12A-13F5-487E-9314-F7D25E1BBE3E})
version: 251662242
version (major): 15
install date: 20060729
install location: C:\Program Files\Intuit\QuickBooks 2005\
uninstall cmd: MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
publisher: Intuit Inc.
comments: To repair this program, click on Change/Remove button.
contact: Customer Support Department
help link: http://www.quickbooks.com/support/
help telephone: 1-888-320-7276
mWlsSafe 7.15.0000 ({FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4})
version: 118423552
version (major): 7
version (minor): 15
estimated size: 472
install date: 20061112
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
palmOne 4.1.0420 ({FF24F097-D090-41D2-8E9C-BAFEBBFD938C})
version: 67174820
version (major): 4
version (minor): 1
estimated size: 33512
install date: 20070721
install source: C:\WINDOWS\Downloaded Installations\{69CC78F2-D6EE-4702-A0C8-1913BB2D9F01}\
uninstall cmd: MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}
publisher: palmOne, Inc.
comments: For troubleshooting help try the Palm Knowledge Finder at www.palmone.com/support.
contact: palmOne Customer Support
help link: http://www.palmone.com/support
help telephone: None
readme: Readme_eng.txt
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: abp480n5
Image path: \SystemRoot\system32\DRIVERS\ABP480N5.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: adpu160m
Image path: \SystemRoot\system32\DRIVERS\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 1EE7B434BA961EF845DE136224C30FEC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AegisP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AEGIS Protocol (IEEE 802.1x) v3.5.3.0
Description: AEGIS Protocol (IEEE 802.1x) v3.5.3.0
Image path: system32\DRIVERS\AegisP.sys
Image size: 21419
Image MD5: 15E655BAA989444F56787EF558823643
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): agpCPQ
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Compaq AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\agpCPQ.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Aha154x
Image path: \SystemRoot\system32\DRIVERS\aha154x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aic78u2
Image path: \SystemRoot\system32\DRIVERS\aic78u2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aic78xx
Image path: \SystemRoot\system32\DRIVERS\aic78xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AliIde
Image path: \SystemRoot\system32\DRIVERS\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): alim1541
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ALI AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\alim1541.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\DRIVERS\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: amsint
Image path: \SystemRoot\system32\DRIVERS\amsint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): APPDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: APPDRV
Image path: \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Image size: 116040
Image MD5: F293992F9CEEF6EA00CE52C3094E59E9
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Arp1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: system32\DRIVERS\arp1394.sys
Image size: 60800
Image MD5: F0D692B0BFFB46E30EB3CEA168BBC49F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: asc
Image path: \SystemRoot\system32\DRIVERS\asc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: asc3350p
Image path: \SystemRoot\system32\DRIVERS\asc3350p.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: asc3550
Image path: \SystemRoot\system32\DRIVERS\asc3550.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASCTRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASCTRM
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_1.1.4322
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 33800
Image MD5: 4EABF511B1AF176A971C3271E48FA3A8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): awhost32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: pcAnywhere Host Service
Description: "Allows Remote pcAnywhere users to connnect to this machine."
Object name: LocalSystem
Image path: C:\Program Files\Symantec\pcAnywhere\awhost32.exe
Image size: 106552
Image MD5: 374B8CBBD42C99FB2A4799CCBB3234EF
Control Set: CurrentControlSet
Start: 4
Type: 272
Error Control: 1
Service (registry key): awlegacy
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\Drivers\awlegacy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AW_HOST
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\aw_host5.sys
Image size: 30398
Image MD5: CA5F2EB69105A4DB4F5CED1A9A2AD69C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): bcm4sbxp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom 440x 10/100 Integrated Controller XP Driver
Image path: system32\DRIVERS\bcm4sbxp.sys
Image size: 45312
Image MD5: C768C8A463D32C219CE291645A0621A4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BCMLogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BCMLogon
Description: Provides credential information (user name, password, domain) used by wireless management software for login to wireless networks. Optionally enables wireless login at startup for SSO environments.
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bonjour Service
Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 238888
Image MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): btaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Audio Device
Image path: system32\drivers\btaudio.sys
Image size: 328237
Image MD5: 8893AE0B6B9B60E0521A60E8B2160216
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BTDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Virtual Communications Driver
Image path: system32\DRIVERS\btport.sys
Image size: 30427
Image MD5: FDE318E3569F57264AF74B7E431F60AE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): BTKRNL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Bus Enumerator
Image path: system32\DRIVERS\btkrnl.sys
Image size: 851434
Image MD5: 9C3C8B9E2EDA516EB44B51DAB81DBD68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BTSERIAL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Driver
Image path: \??\C:\WINDOWS\system32\drivers\btserial.sys
Image size: 23271
Image MD5: 089F7526FF41C17B0A43896D0553D5A2
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): btwdins
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Service
Description: Handles installation and removal of Bluetooth devices.
Object name: LocalSystem
Image path: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Image size: 266295
Image MD5: 3A462EBA453D84D036046772104CFBCB
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): BTWDNDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth LAN Access Server
Image path: system32\DRIVERS\btwdndis.sys
Image size: 148900
Image MD5: 28531AB3183F498E58D93D585E6A6B70
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\btwhid.sys
Image size: 45683
Image MD5: C5C0E21C67089F053B964E0A8B8ADBAC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): btwmodem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Modem
Image path: system32\DRIVERS\btwmodem.sys
Image size: 30285
Image MD5: 7D295223C172AB4D61DC256721B2F09E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): BTWUSB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WIDCOMM USB Bluetooth Driver
Image path: System32\Drivers\btwusb.sys
Image size: 66488
Image MD5: 56C701580F2891952761362BA7594B3D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): catchme
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \??\C:\ComboFix\catchme.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cbidf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: cbidf
Image path: \SystemRoot\system32\DRIVERS\cbidf2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): CCDECODE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Closed Caption Decoder
Image path: system32\DRIVERS\CCDECODE.sys
Image size: 17024
Image MD5: 6163ED60B684BAB19D3352AB22FC48B2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: cd20xrnt
Image path: \SystemRoot\system32\DRIVERS\cd20xrnt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): CiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS
Service (registry key): ClipSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE
Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 70144
Image MD5: 234B1BC2796483E1F5C3F26649FB3388
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Control Method Battery Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 14080
Image MD5: 4266BE808F85826AEDF3C64C1E240203
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): CmdIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CmdIde
Image path: \SystemRoot\system32\DRIVERS\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): CO80211
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 9344
Image MD5: DF1B1A24BF52D0EBC01ED4ECE8979F50
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): ContentFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ContentIndex
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Cpqarray
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cpqarray
Image path: \SystemRoot\system32\DRIVERS\cpqarray.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Creative Labs Licensing Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative Labs Licensing Service
Description: Provides licensing services for Creative Labs applications.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe"
Image size: 69632
Image MD5: 7DB5E3F44D797BD38B8E336CCC2E49D5
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): Creative Service for CDROM Access
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative Service for CDROM Access
Object name: LocalSystem
Image path: C:\WINDOWS\system32\CTsvcCDA.exe
Image size: 44032
Image MD5: 3C8B6609712F4FF78E521F6DCFC4032B
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ctsfm2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative SoundFont Management Device Driver
Image path: system32\DRIVERS\ctsfm2k.sys
Image size: 138752
Image MD5: 8DB84DE3AAB34A8B4C2F644EFF41CD76
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): CTUSFSYN
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative SoundFont Synthesizer
Image path: system32\drivers\ctusfsyn.sys
Image size: 158464
Image MD5: 4EE8822ADB764EDD28CE44E808097995
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): CVirtA
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cisco Systems VPN Adapter
Image path: system32\DRIVERS\CVirtA.sys
Image size: 5315
Image MD5: 5C706C06C1279952D2CC1A609CA948BF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): dac2w2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: dac2w2k
Image path: \SystemRoot\system32\DRIVERS\dac2w2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): dac960nt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: dac960nt
Image path: \SystemRoot\system32\DRIVERS\dac960nt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): DbgSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Debug Diagnostic Service
Description: Scriptable debug and diagnostic service used to troubleshoot crashes, hangs, memory leaks, heap corruption and performance issues
Object name: LocalSystem
Image path: "C:\Program Files\DebugDiag\DbgSvc.exe"
Image size: 316256
Image MD5: 115F8C318D00C1322B28B6922EFAA7E4
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): DCSLoader
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DCS Loader
Object name: LocalSystem
Image path: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
Image size: 24576
Image MD5: F9F4610044E9370C90F3145B73E3E5BF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: SPOOLER
Service (registry key): DgiVecp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DgiVecp
Image path: \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys
Image size: 41984
Image MD5: 770471DE2550820FEEB7E5D24BF2E273
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT
Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): DLABOIOM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLABOIOM.SYS
Image size: 25628
Image MD5: E2D0DE31442390C35E3163C87CB6A9EB
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLACDBHM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLACDBHM.SYS
Image size: 5628
Image MD5: D979BEBCF7EDCC9C9EE1857D1A68C67B
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0
Service (registry key): DLADResN
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLADResN.SYS
Image size: 2496
Image MD5: 83545593E297F50A8E2524B4C071A153
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLAIFS_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAIFS_M.SYS
Image size: 86524
Image MD5: 96E01D901CDC98C7817155CC057001BF
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLAOPIOM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAOPIOM.SYS
Image size: 14684
Image MD5: 0A60A39CC5E767980A31CA5D7238DFA9
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLAPoolM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAPoolM.SYS
Image size: 6364
Image MD5: 9FE2B72558FC808357F427FD83314375
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLARTL_N
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLARTL_N.SYS
Image size: 22684
Image MD5: 7EE0852AE8907689DF25049DCD2342E8
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0
Service (registry key): DLAUDFAM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAUDFAM.SYS
Image size: 94332
Image MD5: F08E1DAFAC457893399E03430A6A1397
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLAUDF_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAUDF_M.SYS
Image size: 87036
Image MD5: E7D105ED1E694449D444A9933DF8E060
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): dmadmin
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer
Service (registry key): dmboot
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmio
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmload
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): DMusic
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip
Service (registry key): dpti2o
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: dpti2o
Image path: \SystemRoot\system32\DRIVERS\dpti2o.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): DRVMCDB
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DRVMCDB.SYS
Image size: 89264
Image MD5: FD0F95981FEF9073659D8EC58E40AA3C
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 0
Service (registry key): DRVNDDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DRVNDDM.SYS
Image size: 40544
Image MD5: B4869D320428CDC5EC4D7F5E808E99B5
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DSBrokerService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DSBrokerService
Object name: LocalSystem
Image path: "C:\Program Files\DellSupport\brkrsvc.exe"
Image size: 76848
Image MD5: FE80901578E7E3DA70299A5AEB2B7FBD
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Service (registry key): DSproct
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DSproct
Image path: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Image size: 4736
Image MD5: 413F2D5F9D802688242C23B38F767ECB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): dsunidrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DellSupport UniDriver
Image path: system32\DRIVERS\dsunidrv.sys
Image size: 5376
Image MD5: DFEABB7CFFFADEA4A912AB95BDC3177A
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Service (registry key): E100B
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO Adapter Driver
Image path: system32\DRIVERS\e100b325.sys
Image size: 117760
Image MD5: 3FCA03CBCA11269F973B70FA483C88EF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Eacfilt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Eacfilt Miniport
Image path: system32\DRIVERS\eacfilt.sys
Image size: 9161
Image MD5: FEFE6FB7B7D3B5A1261269078101AE9E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ERSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): EvtEng
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Event Log
Description: Manages the event trace messages for all the components of Intel(R) PROSet/Wireless software.
Object name: LocalSystem
Image path: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Image size: 434176
Image MD5: 6A197698A141FFE7651B962AE3172008
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): Fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): FastUserSwitchingCompatibility
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService
Service (registry key): Fax
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fax
Description: Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
Object name: LocalSystem
Image path: %systemroot%\system32\fxssvc.exe
Image size: 267776
Image MD5: FCBD571FA0EE8DC238944AE5FAB74461
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler
Service (registry key): Fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): FilterService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UVC Filter Service
Image path: system32\DRIVERS\lvuvcflt.sys
Image size: 14080
Image MD5: 2C9AF9B2F4D6AE269AB176C13E097ED4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fips
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 128896
Image MD5: 3D234FB6D6EE875EB009864A299BEA29
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0
Service (registry key): Ftdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 15464
Image MD5: AB8A6A87D9D7255C3884D5B9541A6E80
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Gernuwa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Gpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): gusvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Updater Service
Object name: LocalSystem
Image path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 137200
Image MD5: 1BF044E23206FDDC16891A32922D571B
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 137728
Image MD5: E31363D186B3E1D7C4E9117884A6AEE5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): helpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): HidServ
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: hpn
Image path: \SystemRoot\system32\DRIVERS\hpn.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): HSF_DPV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSX_DPV.sys
Image size: 936960
Image MD5: E8EC1767EA315A39A0DD8989952CA0E9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): HSXHWAZL
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSXHWAZL.sys
Image size: 192512
Image MD5: 61478FA42EE04562E7F11F4DCA87E9C8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262784
Image MD5: CB77BB47E67E84DEB17BA29632501730
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTPFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): i2omgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i2omp
Image path: \SystemRoot\system32\DRIVERS\i2omp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): ialm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\igxpmp32.sys
Image size: 5704672
Image MD5: E8C7CC369C2FB657E0792AF70DF529E6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Service (registry key): Imapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): ImapiService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ini910u
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ini910u
Image path: \SystemRoot\system32\DRIVERS\ini910u.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Inport
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntelIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IntelIde
Image path: \SystemRoot\system32\DRIVERS\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 36096
Image MD5: 279FB78702454DFF2BB445F238C048D2
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Ip6Fw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\DRIVERS\Ip6Fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpNat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: E2168CBC7098FFE963C6F23F472A3593
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): iPod Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 536872
Image MD5: 3E1544C58548E3332C3F11768BEDE52E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): IPSec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): IPSECEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Nortel Extranet Access Protocol
Description: Nortel Extranet Access Protocol
Image path: system32\DRIVERS\ipsecw2k.sys
Image size: 114080
Image MD5: 1C6F2FF5DC46D5797357CEAEA01CB85E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Service (registry key): IPSECSHM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Nortel IPSECSHM Adapter
Description: Nortel IPSECSHM Adapter
Image path: system32\DRIVERS\ipsecw2k.sys
Image size: 114080
Image MD5: 1C6F2FF5DC46D5797357CEAEA01CB85E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ISAPISearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): Kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard HID Driver
Image path: system32\DRIVERS\kbdhid.sys
Image size: 14848
Image MD5: E182FA8E49E8EE41B4ADC53093F3C7E6
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): kmixer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 172416
Image MD5: BA5DEDA4D934E6288C2F66CAF58D2562
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): lanmanserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): lanmanworkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): lbrtfdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LicenseService
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LmHosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): LMIInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LogMeIn Kernel Information Provider
Image path: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
Image size: 12992
Image MD5: CB82947F34084110C6F4AB7F6FE56921
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): LMIMaint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LogMeIn Maintenance Service
Object name: LocalSystem
Image path: "C:\Program Files\LogMeIn\x86\RaMaint.exe"
Image size: 116032
Image MD5: 87D71DF719CB43007C6C9131B259E807
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Service (registry key): lmimirr
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\lmimirr.sys
Image size: 10144
Image MD5: 4477689E2D8AE6B78BA34C9AF4CC1ED1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): LMIRfsClientNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LMIRfsClientNP
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): LMIRfsDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LogMeIn Remote File System Driver
Image path: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Image size: 46112
Image MD5: 74701F9E50292543E7C2867CDBF4C4A5
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Service (registry key): LogMeIn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LogMeIn
Object name: LocalSystem
Image path: "C:\Program Files\LogMeIn\x86\LogMeIn.exe"
Image size: 63040
Image MD5: 9015122D04C195BDAB88FEBCBAE229DB
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Depends On services: Tcpip,RPCSS
Service (registry key): Lvckap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech Kernel Audio Processing Filter Driver
Image path: \??\C:\WINDOWS\system32\drivers\Lvckap.sys
Image size: 2173696
Image MD5: B98E079BCC9A3C84C35D8C46A87931F4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): lvmvdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech Machine Vision Engine Loader
Image path: \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys
Image size: 2411648
Image MD5: 147DF77D1245B8C07FE3FCEB005A40A8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): lvpopflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech POP Suppression Filter
Image path: system32\DRIVERS\lvpopflt.sys
Image size: 2010112
Image MD5: 412FFF911F70018C313A96ACE4FB7186
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LVPrcMon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech LVPrcMon Driver
Image path: \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
Image size: 16768
Image MD5: EBEAFEC19975689D641028D593FC5913
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LVPrcSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech Process Monitor
Description: Webcam Effects Helper.
Object name: LocalSystem
Image path: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
Image size: 86016
Image MD5: 40543D9ACB1563A53337975E8B616212
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): lvselsus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech Selective Suspend Filter
Image path: system32\DRIVERS\lvselsus.sys
Image size: 46720
Image MD5: 6B1CA0A9551587E0FA79C4F9402973BD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LVUSBSta
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech USB Monitor Filter
Image path: system32\drivers\lvusbsta.sys
Image size: 39424
Image MD5: 6C7C5971A4D1ADA78A6B2ACEF93ED23E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): McAfee SiteAdvisor Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee SiteAdvisor Service
Description: Provides low-level support for McAfee SiteAdvisor
Object name: LocalSystem
Image path: "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
Image size: 198944
Image MD5: D933FC7C5E51F4DA342A4E1F2BE3F764
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): mcmscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Services
Description: McAfee Protection Manager
Object name: LocalSystem
Image path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
Image size: 767976
Image MD5: CB3A8976DE2F65349322DA7627CEA223
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): McNASvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Network Agent
Description: Allows McAfee applications to communicate securely on the local network.
Object name: LocalSystem
Image path: "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
Image size: 2458128
Image MD5: C69E71E00B30B60556D3E096699BD423
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): McODS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Scanner
Description: Scans specified locations on this computer for viruses and other threats. The service runs for scheduled scans and manual scans.
Object name: LocalSystem
Image path: C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
Image size: 378184
Image MD5: 21456F3051CBEFD1F2D60D8B9AB9C6EE
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): McProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Proxy Service
Description: McAfee Proxy Service
Object name: LocalSystem
Image path: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Image size: 359248
Image MD5: 8CF3DA0BE6094C34D7C4A85493E60547
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): McShield
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Real-time Scanner
Description: Scans files for viruses and other threats when they are accessed by this computer.
Object name: LocalSystem
Image path: C:\Program Files\McAfee\VirusScan\McShield.exe
Image size: 144704
Image MD5: 33734ABFA52EC8D096A1254D645E9B4F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): McSysmon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee SystemGuards
Description: Monitors potentially unauthorized changes to this computer.
Object name: LocalSystem
Image path: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
Image size: 695624
Image MD5: FD47DF2BCC3544DF65B01AD6B6062430
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Service (registry key): mdmxsdk
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\mdmxsdk.sys
Image size: 12544
Image MD5: E246A32C445056996074A397DA56E815
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Service (registry key): Messenger
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS
Service (registry key): mfeavfk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mfeavfk
Image path: system32\drivers\mfeavfk.sys
Image size: 79304
Image MD5: C97CBFD71C1C215150A3B3E55F77A7A3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mfebopk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mfebopk
Image path: system32\drivers\mfebopk.sys
Image size: 35240
Image MD5: 5447338B83A1A2354FB2FEA7604387FD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mfehidk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mfehidk
Image path: system32\drivers\mfehidk.sys
Image size: 201320
Image MD5: 6C9A6ED60B8FC3BAF72FE1B1D096445B
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): mferkdk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mferkdk
Image path: system32\drivers\mferkdk.sys
Image size: 33832
Image MD5: A551154B51D6A93FCCF70FC4E8EAF4BD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mfesmfk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mfesmfk
Image path: system32\drivers\mfesmfk.sys
Image size: 40488
Image MD5: 299A86B780C9627AAA24E74292363ED2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Microsoft Office Groove Audit Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Office Groove Audit Service
Object name: NT AUTHORITY\LocalService
Image path: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
Image size: 68464
Image MD5: 033B947AF4A997820E86FCB070B1F450
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Service (registry key): mnmdd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): mnmsrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): monfilt
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\monfilt.sys
Image size: 1389056
Image MD5: 9FA7207D1B1ADEAD88AE8EED9CDBBAA5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): MountMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): MPFIREWL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MPFIREWL
Image path: System32\Drivers\MpFirewall.sys
Image size: 80640
Image MD5: 537B049DBABA4FEBCDAAE711C0F2805B
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: TcpIp
Service (registry key): MPFP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MPFP
Image path: System32\Drivers\Mpfp.sys
Image size: 113952
Image MD5: E454F42AE5524D695D76EAB5D363B8AC
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: TcpIp
Service (registry key): MpfService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Personal Firewall Service
Object name: LocalSystem
Image path: C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
Image size: 548864
Image MD5: 316535E69181703D4CE4623DEA29FECB
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): mraid35x
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: mraid35x
Image path: \SystemRoot\system32\DRIVERS\mraid35x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 179584
Image MD5: 29414447EB5BDE2F8397DC965DBB3156
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): MRxSmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 453120
Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSIServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): MSK80Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Anti-Spam Service
Description: This service filters e-mail messages on your computer
Object name: LocalSystem
Image path: "C:\Program Files\McAfee\MSK\MskSrver.exe"
Image size: 23880
Image MD5: A05DE3535884270B8D292DCBDD6DED20
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 5504
Image MD5: BF13612142995096AB084F2DB7F40F77
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mup
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): NABTSFEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NABTS/FEC VBI Codec
Image path: system32\DRIVERS\NABTSFEC.sys
Image size: 85376
Image MD5: 5C8DC6429C43DC6177C1FA5B76290D1A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS System Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): NdisIP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft TV/Video Connection
Image path: system32\DRIVERS\NdisIP.sys
Image size: 10880
Image MD5: 520CE427A8B298F54112857BCF6BDE15
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip,MPFIREWL,MPFP
Service (registry key): NetDDE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM
Service (registry key): NetDDEdsdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): NETw3x32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit
Image path: system32\DRIVERS\NETw3x32.sys
Image size: 1709952
Image MD5: 3B9F072A0BEC6DC3E047927458682723
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NIC1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 Net Driver
Image path: system32\DRIVERS\nic1394.sys
Image size: 61824
Image MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NICCONFIGSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NICCONFIGSVC
Description: Configure your Internal Network Card power management settings.
Object name: LocalSystem
Image path: C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
Image size: 380928
Image MD5: E0DCA08082A433556B11065B45531E31
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): Nla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd
Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): NtLmSsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): NtmsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): nv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\nv4_mini.sys
Image size: 1897408
Image MD5: 2B298519EDBFCF451D43E0F1E8F1006D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): NWADI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NWADI Bus Enumerator
Image path: system32\DRIVERS\NWADIenum.sys
Image size: 194048
Image MD5: 67FB86EEB94059177642050718D57460
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NwlnkFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd
Service (registry key): NwlnkFwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NWUSBModem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Novatel Wireless USB Modem Driver
Image path: system32\DRIVERS\nwusbmdm.sys
Image size: 99200
Image MD5: 4E651808B35656AC88A4DCDAF6CC1169
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NWUSBPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Novatel Wireless USB Status Port Driver
Image path: system32\DRIVERS\nwusbser.sys
Image size: 99200
Image MD5: 4E651808B35656AC88A4DCDAF6CC1169
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): odserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Office Diagnostics Service
Description: Run portions of Microsoft Office Diagnostics.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Image size: 443776
Image MD5: E54AA592A65F317390EEE386A8821692
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: OHCI Compliant IEEE 1394 Host Controller
Image path: system32\DRIVERS\ohci1394.sys
Image size: 61056
Image MD5: 0951DB8E5823EA366B0E408D71E1BA2A
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ose
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 145184
Image MD5: 5A432A042DAE460ABE7199B758E8606C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): ossrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative OS Services Driver
Image path: system32\DRIVERS\ctoss2k.sys
Image size: 106496
Image MD5: 103A9B117A7D9903111955CDAFE65AC6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Outlook
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PalmUSBD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\PalmUSBD.sys
Image size: 16694
Image MD5: 240C0D4049A833B16B63B636ACF01672
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: system32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 29744EB4CE659DFE3B4122DEB45BC478
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PartMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ParVdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"
Service (registry key): PCASp50
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCASp50 NDIS Protocol Driver
Image path: System32\drivers\PCASp50.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): PCI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): PCIDump
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): PCIIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): PDCOMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRELI
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): perc2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: perc2
Image path: \SystemRoot\system32\DRIVERS\perc2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): perc2hib
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: perc2hib
Image path: \SystemRoot\system32\DRIVERS\perc2hib.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec
Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): PSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc
Service (registry key): Ptilink
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): puipr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: puipr
Image path: system32\drivers\puipr.sys
Image size: 28960
Image MD5: 098D5414C51FCD00FDD60013DF104E53
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): PxHelp20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 36624
Image MD5: 1962166E0CEB740704F30FA55AD3D509
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql1080
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ql1080
Image path: \SystemRoot\system32\DRIVERS\ql1080.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Ql10wnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ql10wnt
Image path: \SystemRoot\system32\DRIVERS\ql10wnt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql12160
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ql12160
Image path: \SystemRoot\system32\DRIVERS\ql12160.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1240
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ql1240
Image path: \SystemRoot\system32\DRIVERS\ql1240.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1280
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ql1280
Image path: \SystemRoot\system32\DRIVERS\ql1280.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv
Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv
Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Raspti
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): rdpdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): RDSessMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): redbook
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): RegSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Registry Service
Description: Intel(R) PROSet/Wireless Registry Service
Object name: LocalSystem
Image path: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Image size: 327680
Image MD5: D8F61AAAE73A1FBDE6F538BECC891F2F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup
Service (registry key): rimmptsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\rimmptsk.sys
Image size: 28544
Image MD5: 24ED7AF20651F9FA1F249482E7C1F165
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): rimsptsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\rimsptsk.sys
Image size: 51328
Image MD5: 1BDBA2D2D402415A78A4BA766DFE0F7B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): rismxdp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ricoh xD-Picture Card Driver
Image path: system32\DRIVERS\rixdptsk.sys
Image size: 307968
Image MD5: F774ECD11A064F0DEBB2D4395418153C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): RSVP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs
Service (registry key): RT73
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: D-Link USB Wireless LAN Card Driver
Image path: system32\DRIVERS\Dr71WU.sys
Image size: 245504
Image MD5: CB20F16AFDBA63707FB971E0922EDEC1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): S24EventMonitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Service
Description: Wireless Management Service for Intel(R) PROSet/Wireless
Object name: LocalSystem
Image path: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Image size: 937984
Image MD5: 381A459D3909A382400FDA0AE1713A59
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: s24trans,EvtEng
Service (registry key): s24trans
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WLAN Transport
Description: WLAN Transport
Image path: system32\DRIVERS\s24trans.sys
Image size: 12544
Image MD5: 2862ADB14481AC28F98105FF33A99EB0
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay
Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): sdbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\sdbus.sys
Image size: 67584
Image MD5: 02FC71B020EC8700EE8A46C58BC6F276
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 20480
Image MD5: 90A3935D05B494A5A39D37E71F09A677
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 0
Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): ser2plms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB GPS driver
Image path: system32\DRIVERS\ser2plms.sys
Image size: 42240
Image MD5: 227DF2E68510D25462EE80136722374E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15488
Image MD5: A2D868AEEFF612E70E213C451A70CAFB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 64896
Image MD5: CD9404D115A00D249F70A371B46D5A26
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: system32\DRIVERS\sffdisk.sys
Image size: 11136
Image MD5: 1D9F1BEC651815741F088A8FB88E17EE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: system32\DRIVERS\sffp_sd.sys
Image size: 10240
Image MD5: 586499FD312FFD7F78553F408E71682E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"
Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt
Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Simbad
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): sisagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\sisagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): SLIP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BDA Slip De-Framer
Image path: system32\DRIVERS\SLIP.sys
Image size: 11136
Image MD5: 5CAEED86821FA2C6139E32E9E05CCDC9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SMNDIS5
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMNDIS5 NDIS Protocol Driver
Image path: \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
Image size: 16936
Image MD5: 4EF5EA44583C37383C289D4B8C354698
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Sparrow
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Sparrow
Image path: \SystemRoot\system32\DRIVERS\sparrow.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): splitter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 0CE218578FFF5F4F7E4201539C45C78F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): sr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): srservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 332928
Image MD5: EA554A3FFC3F536FE8320EB38F5E4843
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): SSPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSPORT
Image path: \??\C:\WINDOWS\system32\Drivers\SSPORT.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): STacSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SigmaTel Audio Service
Description: Manages SigmaTel Audio Universal Jack configurations.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\stacsv.exe
Image size: 81920
Image MD5: 5594C3DCE4D17FD5862AEA29D549A8D6
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): STHDA
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SigmaTel High Definition Audio CODEC
Image path: system32\drivers\sthda.sys
Image size: 1156648
Image MD5: 3AD78E22210D3FBD9F76DE84A8DF19B5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): streamip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BDA IPSink
Image path: system32\DRIVERS\StreamIP.sys
Image size: 15360
Image MD5: 284C57DF5DC7ABCA656BC2B96A667AFB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): swmidi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SwPrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): symc810
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: symc810
Image path: \SystemRoot\system32\DRIVERS\symc810.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): symc8xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: symc8xx
Image path: \SystemRoot\system32\DRIVERS\symc8xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): SymEvent
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Image size: 63712
Image MD5: E5E87F27CB2AF84472FB57566FB10BC5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sym_hi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: sym_hi
Image path: \SystemRoot\system32\DRIVERS\sym_hi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_u3
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: sym_u3
Image path: \SystemRoot\system32\DRIVERS\sym_u3.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): SynPS2Enable
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SynTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 191872
Image MD5: FA2DAA32BED908023272A0F77D625DAE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sysaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysmonLog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 360320
Image MD5: 2A5554FC5B1E04E131230E3CE035C3F9
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec
Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): TosIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TosIde
Image path: \SystemRoot\system32\DRIVERS\toside.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): ultra
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ultra
Image path: \SystemRoot\system32\DRIVERS\ultra.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Update
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 364160
Image MD5: CED744117E91BDC0BEB810F7D8608183
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): UPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): usb
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): USBAAPL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile USB Driver
Image path: System32\Drivers\usbaapl.sys
Image size: 30336
Image MD5: 7C9F1503245402B01C79BDFA8731CB2A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Audio Driver (WDM)
Image path: system32\drivers\usbaudio.sys
Image size: 59264
Image MD5: 45A0D14B26C35497AD93BCE7E15C9941
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 31616
Image MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 27264
Image MD5: 708579B01FED227AADB393CB0C3B4A2C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 58240
Image MD5: ACE960E54148821E8E48F5D191562C28
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 25856
Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbscan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 15104
Image MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 20480
Image MD5: F8FD1400092E23C8F2F31406EF06167B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): viaagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\viaagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ViaIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ViaIde
Image path: \SystemRoot\system32\DRIVERS\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): VolSnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): vsdatant
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: vsdatant
Image path: \??\C:\WINDOWS\system32\vsdatant.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): w32time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): w39n51
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO/Wireless 3945ABG Adapter Driver
Image path: system32\DRIVERS\w39n51.sys
Image size: 1428096
Image MD5: B1F126E7E28877106D60E6FF3998D033
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Wanarp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): wanatw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (ATW)
Image path: system32\DRIVERS\wanatw4.sys
Image size: 33588
Image MD5: 0A716C08CB13C3A8F4F51E882DBF7416
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WDICA
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): wdmaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: EFD235CA22B57C81118C1AEB4798F1C1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV
Service (registry key): winachsf
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSX_CNXT.sys
Image size: 669696
Image MD5: BA6B6FB242A6BA4068C8B763063BEB63
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinTrust
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WLANKEEPER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless SSO Service
Description: Provides Single Sign On (SSO) functionality.
Object name: LocalSystem
Image path: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Image size: 290816
Image MD5: 391CA8AD835440671BCD532B4593D2F9
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: S24EventMonitor,RpcSs,EvtEng
Service (registry key): WmdmPmSN
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: system32\DRIVERS\wmiacpi.sys
Image size: 8832
Image MD5: AE2C8544E747C20062DB27456EA2D67A
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WpdUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WpdUsb
Image path: system32\DRIVERS\wpdusb.sys
Image size: 38528
Image MD5: CF4DEF1BF66F06964DC0D91844239104
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WS2IFSL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 0
Error Control: 0
Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt
Service (registry key): WSTCODEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: World Standard Teletext Codec
Image path: system32\DRIVERS\WSTCODEC.SYS
Image size: 19328
Image MD5: D5842484F05E12121C511AA93F6439EC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Provide communciation services for UMDF components.
Image path: system32\DRIVERS\WudfPf.sys
Image size: 77568
Image MD5: F15FEAFFFBB3644CCC80C5DA584E6311
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): WudfRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework Reflector
Description: Reflect device requests to user-mode driver drivers
Image path: system32\DRIVERS\wudfrd.sys
Image size: 82944
Image MD5: 28B524262BCE6DE1F7EF9F510BA3985B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WudfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay
Service (registry key): WZCSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio
Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: CED048FEAE472734DCAEAB4F4D11766E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): {2B48C1C3-7B41-4524-B502-7ABB05052E43}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {440D1F59-2793-4C4F-A307-DD6E3473A39B}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {5ADE1048-C102-4D92-9B26-A16204B42567}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {7E14E01A-1565-46F0-8393-CC06F8E2517F}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {9A56FE99-97BF-4C20-924E-78A51B6E0697}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {E3BA2448-4646-4519-96D0-835121E86F7C}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
---------------------------------------------
---------------------------------------------
SAFE MODE
---------------------------------------------
---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:25 AM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\R Marwaha\My Documents\downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SDLV] %systemroot%\system32\rundll32.exe %systemroot%\system32\5TqoUD.dll,DllRegisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154662680312
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/09/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
--
End of file - 9169 bytes
---------------------------------------------
---------------------------------------------
NORMAL AFTER REBOOTING FROM SAFE MODE
---------------------------------------------
---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48, on 2008-09-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\RMARWA~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\R Marwaha\My Documents\downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154662680312
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/09/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
--
End of file - 11049 bytes
---------------------------------------------
---------------------------------------------
---------------------------------------------
shelf life
2008-09-29, 15:40
hi zdiddy,
thanks for all the information. still no joy. take a look in the system 32 dir and delete:
5TqoUD.dll
you know what these are? they are actual pictures? malware can be named anything. they are also in a temp dir. which is suspicious.
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/09/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/RMARWA~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
ok we will get another download to use. lets go with superanitspyware.
link and directions for using and getting the log:
Please download SUPERAntiSpyware Home Edition:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
* Close browsers before scanning
* Scan for tracking cookies
* Terminate memory threats before quarantining.
* Ignore System Restore/Volume Information on ME and XP
* Please leave the others unchecked.
* Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
Yes.
To retrieve the removal information - please do the following:
* After reboot, double-click the SUPERAntispyware icon on your desktop.
* Click Preferences . Click the Statistics/Logs tab .
* Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
* It will open in your default text editor (Notepad).
* Please highlight everything , then right-click and choose copy.
* Click close and close again to exit the program.
Hi, sorry for the delay. I had set the computer up to scan MOnday night before I went to bed, and my wife in her infinite wisdom woke up in the morning and took it upon herself to just c lose out the program - selecting "fix all" (or whatever it said after the scan) of course before doing so. At any rate she took to laptop to work and our schedules have been a little mixed up the past few days.
Sooooo, I re-ran the scan and I am including both log files. It looks like it's only detecting cookies, and the home page is still jacked.
Here are the logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/25/2008 at 09:05 PM
Application Version : 4.21.1004
Core Rules Database Version : 3582
Trace Rules Database Version: 1570
Scan type : Complete Scan
Total Scan Time : 01:15:45
Memory items scanned : 527
Memory threats detected : 0
Registry items scanned : 6931
Registry threats detected : 0
File items scanned : 80639
File threats detected : 36
Adware.Tracking Cookie
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@richmedia.yahoo[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@efluxmedia[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@ad.yieldmanager[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@warnerbros.112.2o7[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@msnbc.112.2o7[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@serving-sys[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@interclick[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@baby-medical-questions-and-answers[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@insightexpressai[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@dmtracker[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@adserver.adtechus[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@tacoda[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@collective-media[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@chitika[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@specificmedia[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@adopt.specificclick[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@www.efluxmedia[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@adbrite[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@ads.pointroll[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@msnportal.112.2o7[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@bs.serving-sys[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@overture[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@kontera[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@specificclick[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@revsci[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@iacas.adbureau[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@questionmarket[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@kaboose.112.2o7[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@www.burstbeacon[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@tracking.foxnews[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@atwola[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@tribalfusion[2].txt
C:\QooBox\Quarantine\C\Documents and Settings\R Marwaha\Cookies\r_marwaha@ads.revsci[2].txt.vir
C:\QooBox\Quarantine\C\Documents and Settings\R Marwaha\Cookies\r_marwaha@insightexpressai[2].txt.vir
C:\QooBox\Quarantine\C\Documents and Settings\R Marwaha\Cookies\r_marwaha@revsci[2].txt.vir
----------------------------------------------
----------------------------------------------
----------------------------------------------
----------------------------------------------
----------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/27/2008 at 03:54 AM
Application Version : 4.21.1004
Core Rules Database Version : 3582
Trace Rules Database Version: 1570
Scan type : Complete Scan
Total Scan Time : 01:12:45
Memory items scanned : 507
Memory threats detected : 0
Registry items scanned : 6921
Registry threats detected : 0
File items scanned : 80784
File threats detected : 5
Adware.Tracking Cookie
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@2o7[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@interclick[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@msnportal.112.2o7[1].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@specificclick[2].txt
C:\Documents and Settings\R Marwaha\Cookies\r_marwaha@revsci[1].txt
shelf life
2008-10-02, 01:39
hi,
ok thanks for the info--still no joy. i went back and looked at the combofix log. we will use it again like last time except for a different file. so.....
Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:
File::
C:\WINDOWS\system32\drivers\puipr.sys
Driver::
puipr.sys
Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop-
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log. cross fingers
Looks like we have joy. After I ran combofix I rebooted twice (and unlocked the homepage in superantispyware) and the home page stayed set to yahoo.com. Looks good so far.
One thing, as I was running combofix, Mcafee gave me a "Virus Quarantined" notification:
Detected: EICAR test file (Virus)
Quarantined From: C:\Documents and Settings\R Marwaha\Local Settings\Temp\Av-test.txt
Looks like nothing to worry about??
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=98616
Thanks again for your help, I do sincerely appreciate it.
-----------------------------------------
ComboFix 08-10-02.04 - R Marwaha 2008-10-02 20:25:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1233 [GMT -7:00]
Running from: C:\Documents and Settings\R Marwaha\My Documents\downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\R Marwaha\My Documents\downloads\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\drivers\puipr.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\puipr.sys
.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.
2008-10-01 15:02 . 2008-10-01 15:02 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-09-27 08:19 . 2008-09-27 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 08:18 . 2008-09-27 08:18 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 08:16 . 2008-09-27 08:17 <DIR> d-------- C:\Program Files\QuickTime
2008-09-27 08:14 . 2008-09-27 08:14 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-25 19:44 . 2008-09-25 19:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-25 19:44 . 2008-09-25 19:44 <DIR> d-------- C:\Documents and Settings\R Marwaha\Application Data\SUPERAntiSpyware.com
2008-09-25 19:44 . 2008-09-25 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-25 19:43 . 2008-09-25 19:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 21:21 . 2008-09-23 21:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 21:18 . 2008-09-24 05:35 <DIR> d----c--- C:\SDFix
2008-09-09 20:37 . 2008-09-12 08:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-09 20:37 . 2008-09-12 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 07:24 . 2008-09-12 08:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 20:51 . 2008-10-02 06:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-07 13:53 . 2008-09-07 13:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-07 13:36 . 2008-09-07 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-07 13:31 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-09-07 13:31 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-07 13:31 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-09-07 13:31 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-09-07 13:31 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-09-07 13:31 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-07 13:29 . 2008-09-07 13:31 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-09-07 11:58 . 2008-09-08 04:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 11:58 . 2008-09-07 11:58 <DIR> d-------- C:\Documents and Settings\R Marwaha\Application Data\Malwarebytes
2008-09-07 11:58 . 2008-09-07 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 11:58 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 11:58 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-06 11:27 . 2008-09-07 12:22 <DIR> d-------- C:\WINDOWS\system32\inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 22:02 --------- d-----w C:\Program Files\Viewpoint
2008-10-01 22:02 --------- d-----w C:\Documents and Settings\R Marwaha\Application Data\AdobeUM
2008-10-01 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-27 15:20 --------- d-----w C:\Program Files\iTunes
2008-09-27 15:19 --------- d-----w C:\Program Files\iPod
2008-09-27 15:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-26 23:12 --------- d-----w C:\Documents and Settings\R Marwaha\Application Data\U3
2008-09-26 22:44 --------- d-----w C:\Program Files\McAfee
2008-09-17 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-09 03:51 --------- d-----w C:\Program Files\Google
2008-09-07 21:07 --------- d-----w C:\Program Files\Java
2008-09-07 20:50 --------- d-----w C:\Program Files\McAfee.com
2008-09-07 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-07 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-06 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.
------- Sigcheck -------
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2004-08-04 03:00 14336 ced048feae472734dcaeab4f4d11766e C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-26_16.34.13.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-27 15:20:47 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-09-27 15:14:37 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-27 15:18:49 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2008-09-26 02:44:20 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-26 02:44:20 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-09-26 19:58:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-03 03:11:39 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-26 19:58:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-03 03:11:39 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-29 19:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 20:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 20:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 20:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
- 2008-01-29 19:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-04-17 20:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2008-09-26 23:27:34 67,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-27 14:18:15 67,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-26 23:27:34 415,798 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-27 14:18:15 415,798 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-01 20:23:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_978.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 138008]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-05-04 237568]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 162584]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-29 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer HDD Camera Monitor.lnk
backup=C:\WINDOWS\pss\ImageMixer HDD Camera Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UCLA Cisco VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UCLA Cisco VPN Client.lnk
backup=C:\WINDOWS\pss\UCLA Cisco VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^R Marwaha^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\R Marwaha\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^R Marwaha^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\R Marwaha\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 08:51 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-06-02 09:05 1032192 C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-11-01 01:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-05-04 06:24 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a--c--- 2006-05-04 06:32 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-08-03 16:09 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
-----c--- 2003-09-10 00:24 20480 C:\Program Files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a--c--- 2004-11-11 08:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a--c--- 2006-07-29 05:00 26112 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
--a------ 2007-05-29 16:21 520192 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-03-08 18:20 17306664 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-01-02 07:13 1126400 C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"DbgSvc"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=3 (0x3)
"awhost32"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\hoss\\sw\\alicall32.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 puipr;puipr;C:\WINDOWS\system32\drivers\puipr.sys [ ]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-04-22 9161]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 114080]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-05-04 16768]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 114080]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PCASp50.sys [ ]
S4 DbgSvc;Debug Diagnostic Service;C:\Program Files\DebugDiag\DbgSvc.exe [2007-01-16 316256]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06c8a362-71d7-11db-bc68-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15959f24-c55c-11dc-899b-444553544200}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29bf59d9-45e9-11dc-88e0-0016cffb3339}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e54f3bf-cbbf-11dc-89a3-444553544200}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58cf2832-635d-11dd-89f0-444553544200}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9318b7-3b1c-11dc-88c9-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b03d604-61b8-11dc-8907-0016cffb3339}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c248862-73b6-11dc-8930-0015c5458c74}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86e4010-c82b-11db-bce5-0016cffb3339}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8ec197b-6d71-11dd-89f3-444553544200}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 20:28:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-02 20:30:22
ComboFix-quarantined-files.txt 2008-10-03 03:29:53
ComboFix2.txt 2008-09-27 18:14:18
ComboFix3.txt 2008-09-26 23:34:51
Pre-Run: 27,342,606,336 bytes free
Post-Run: 27,345,776,640 bytes free
303 --- E O F --- 2008-09-06 17:41:53
shelf life
2008-10-04, 03:44
hi zdiddy,
ok good, at last(?)
that test file like you said, nothing to worry about. if all looks good on your end post back and we can remove some of the tools we used and finish it up.
Lovely. Thanks again for your help and patience with getting this straight, I really appreciate it. Take care.
shelf life
2008-10-05, 01:45
hi zdiddy,
ok glad to help. we can remove some of the tools we used:
combofix uninstall:
go to start>run and type in:
combofix /u
click ok
note: there is a space after the x and before the/
sdfix:
you can delete the original sdfix download archive and the install folder at its default location @ C:/
silentrunners:
delete the script on your desktop
malwarebytes and superantispyware: you can keep both or just one of them, up to you.
two things to do: check java version and system restore:
java:
Vulnerabilities/exploits in versions of Sun Java may be responsible for some malware installs via your browser.
It is important to keep Sun Java up to date and also to remove older versions.
* 1. Uninstall old versions of Sun Java via Add/Remove Programs.
* 2. Click the Remove or Change/Remove button
* 3. Reboot your PC if prompted.
to check if you have the latest version of Java and to download the latest version:
http://www.java.com/en/download/installed.jsp
system restore:
One of the features of Windows ME,XP and Vista is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
and no one gets away without this:
My Top Ten List
The Short Version:
1) Keep your OS, (Windows) browser (IE, FireFox) and other software up to date.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons. Do you trust the source?
3) Install, keep updated: one antivirus and two or three anti-malware applications.
4) Refrain from clicking on links or installing files you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting or legitimate the message.
5) Don't click on ads/pop ups or offers from websites to install software to your computer.
6) Don't click on offers to "scan" your computer.
7) Set up and use limited accounts rather than administrator accounts.
8) Install and understand the limitations of a third party software firewall.
9) Consider using an alternate browser and E-mail client.
10) If your habits include visiting or downloading/installing files from: warez, crack sites or p2p (file sharing) networks: then you are much more likely to encounter malicious code. Do you trust the source?
longer version in link below
happy safe surfing