View Full Version : Win32.TDSS.rtk
Ensemble of Wolves
2009-08-11, 08:26
Hello. =) So today Spybot alerted me of something it found; something called Fraud.VirusResponseLab2009. I have a screenshot of the message displayed if it is of any importance, but this isn't my problem (at least, I don't think, because it hasn't come up again, at least not that I'm recalling now.)
For the past few hours, Spybot's been reporting this Win32.TDSS.rtk thing that keeps coming back no matter how many times I try to delete it. I've seen a few threads about it already, so I'm guessing that you guys'll know what I'm talking about. =P
I installed HijackThis and Erunt, and I already have Spybot S&D, Malwarebytes' Anti-Malware, and AVG 8.5. (As a side-note, I've heard that sometimes certain anti-virus or anti-spyware or malware programs can work against each other. Would someone be able to tell me whether or not the combination that I'm using is okay?) If I can avoid it, I don't want to have to install any other programs, but I'll do what I have to to get rid of this problem.
As another side-note... I'm not a very computer-literate person, so if anyone is able to help me, it would be incredibly nice if that person were also able to explain what it is that you're asking me to do, so I'm not totally lost. =) Thank you in advance! =D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:30 AM, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\WINDOWS\system32\S3LoadSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Folding@Home\FahCore_7c.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] ;;; VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotDeletingA60] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC137] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3976] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1635] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA905] command.com /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC141] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA289] command.com /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC797] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6521] command.com /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1080] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6191] command.com /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7596] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8997] command.com /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6982] cmd.exe /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4315] command.com /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC26] cmd.exe /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7486] command.com /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8224] cmd.exe /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1840] command.com /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6834] cmd.exe /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8867] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8459] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4331] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7983] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA522] command.com /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4079] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6710] command.com /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4874] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6134] command.com /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8808] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7575] command.com /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6316] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5842] command.com /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7061] cmd.exe /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2334] command.com /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7519] cmd.exe /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8437] command.com /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4555] cmd.exe /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA517] command.com /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2635] cmd.exe /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bionix Wallpaper 5] "C:\BioniX Wallpaper\Bionix Wallpaper 5.exe"
O4 - HKCU\..\Run: [winhpdrv] "C:\Documents and Settings\Renee\Application Data\Google\xtgoj6119471.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1216] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4736] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9170] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD188] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2427] command.com /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9737] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5312] command.com /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6104] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4485] command.com /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1390] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9478] command.com /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3423] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB377] command.com /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7524] cmd.exe /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7101] command.com /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3630] cmd.exe /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1998] command.com /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5755] cmd.exe /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5596] command.com /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9222] cmd.exe /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5657] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7440] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2188] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3422] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7585] command.com /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4019] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB946] command.com /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7336] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxbdpmqrn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4231] command.com /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7925] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5196] command.com /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8314] cmd.exe /c del "C:\WINDOWS\system32\SKYNETxobrcctn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6300] command.com /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD96] cmd.exe /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB45] command.com /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7623] cmd.exe /c del "C:\WINDOWS\system32\SKYNETmybenxvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8347] command.com /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3350] cmd.exe /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5879] command.com /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9686] cmd.exe /c del "C:\WINDOWS\system32\SKYNETsxypkmyi.dat"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: S3LoadSv - S3 Graphics Co., Inc. - C:\WINDOWS\system32\S3LoadSv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 16410 bytes
Hi Ensemble of Wolves
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
Ensemble of Wolves
2009-08-12, 08:05
Alright, thank you... the first two times I tried to run the scan, my computer crashed partway through; I tried to boot my computer up in safe mode, but this failed to work somehow. I figured out though that while I wasn't using the internet, I was still connected to it, so I disconnected the cable from my computer, and then the scan was able to finish. Or maybe it just happened to work then, haha. Here is the result of the scan:
GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-11 23:59:04
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 861514A0 ZwDeviceIoControlFile
Code 85E44240 ZwEnumerateKey
Code 85D32248 ZwFlushInstructionCache
Code 860BD7D6 IofCallDriver
Code 85E4CAD6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 860BD7DB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 85E4CADB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 85D3224C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 85E44244
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Java\jre6\bin\jusched.exe[152] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0486000A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[172] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 045B000A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[372] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0480000A
.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text ...
.text C:\WINDOWS\system32\SearchIndexer.exe[2444] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003C000A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006B000A
.text C:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[3420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B000A
? C:\WINDOWS\System32\svchost.exe[3812] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\system32\wuauclt.exe[4012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77E37211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77E0D8EC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C8099C0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C864F55] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C865C7F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C86250D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812DF6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C812B7E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80FCCF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80ACAF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C85AD4C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80DE9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810800] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7E41A8AD] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7E41A610] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7E41A9B6] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [3D9AD5BE] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [3D944339] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [3D93DA71] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [3D944992] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [3D94C879] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [3D960B8C] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [3D9567CE] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [3D94ABCC] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [3D953623] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [71AB4C27] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [71AB6A55] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [71AB3D10] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [71AB2E53] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [71AB4A07] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [71AB4211] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [71AB676F] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [71AB2EE1] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [71AB5355] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [76D6A2AA] C:\WINDOWS\System32\iphlpapi.dll (IP Helper API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [76D6A252] C:\WINDOWS\System32\iphlpapi.dll (IP Helper API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3812] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [76D6CE49] C:\WINDOWS\System32\iphlpapi.dll (IP Helper API/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8614CAD0
Device \FileSystem\Mup \Dfs 8614CAD0
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\RAW \Device\RawTape 8614CAD0
Device \FileSystem\AvgRkx86 \Device\AvgAntiRootkit 8614CAD0
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp 8614F740
Device \Driver\fssfltr \Device\fssfltr 8614F740
Device \FileSystem\Mup \Device\Mup 8614CAD0
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp 8614F740
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp 8614F740
Device \FileSystem\RAW \Device\RawDisk 8614CAD0
Device \FileSystem\RAW \Device\RawCdRom 8614CAD0
Device \FileSystem\Mup \Device\WinDfs\Root 8614CAD0
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [1688:1800] 02090000
---- EOF - GMER 1.0.15 ----
Please post next spybot report :)
Ensemble of Wolves
2009-08-12, 19:38
Here you go. :) I didn't know which of the options that you wanted in the report, so I just checked them all.
--- Search result list ---
Win32.TDSS.rtk: [SBI $79B0E3AB] File (File, nothing done)
C:\WINDOWS\system32\drivers\SKYNETdegsnlqh.sys
Properties.size=0
Properties.md5=AA6353E1F7A84692F4E5F4E13535B251
Win32.TDSS.rtk: [SBI $49F1C28A] File (File, nothing done)
C:\WINDOWS\system32\SKYNETxbdpmqrn.dll
Properties.size=0
Properties.md5=336859B6531140B98B71908A1068B77D
Win32.TDSS.rtk: [SBI $49F1C28A] File (File, nothing done)
C:\WINDOWS\system32\SKYNETxobrcctn.dll
Properties.size=0
Properties.md5=5403A8D4BCFABAE93FDFBE5658966245
Win32.TDSS.rtk: [SBI $1A7ABF3C] File (File, nothing done)
C:\WINDOWS\system32\SKYNETmybenxvj.dat
Properties.size=0
Properties.md5=10CB3E90109FCAD44F220D5A0650B94D
Win32.TDSS.rtk: [SBI $1A7ABF3C] File (File, nothing done)
C:\WINDOWS\system32\SKYNETsxypkmyi.dat
Properties.size=0
Properties.md5=98F5B3B94084F8428295F1DF525D238D
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-10 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-07-30 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-04 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-07-14 Includes\Malware.sbi (*)
2009-08-05 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-04 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-04 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-22 Includes\Trojans.sbi (*)
2009-08-05 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Hotfix for Windows XP (KB932716-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Hotfix for Windows XP (KB954708)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB961503)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
--- Startup entries list ---
Located: HK_LM:Run, 13465784
command: C:\Documents and Settings\All Users\Application Data\13465784\13465784.exe
file: C:\Documents and Settings\All Users\Application Data\13465784\13465784.exe
size: 580690
MD5: 7BFD3866102F8F36E62ECA6F9F7E957B
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 2000152
MD5: 384D5440B780BD921399A5697E6E1623
Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 212992
MD5: E9B4D167643611408FFA0C2C34F5A985
Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 919CE09D182D8AAAFCFBC4C40493961D
Located: HK_LM:Run, HPHmon05
command: C:\WINDOWS\system32\hphmon05.exe
file: C:\WINDOWS\system32\hphmon05.exe
size: 483328
MD5: A36CAB365F2942FA8BE8658D176311AD
Located: HK_LM:Run, HPHUPD05
command: C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
file: C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
size: 49152
MD5: C3B064AA819C684CFEC909F16779F836
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0
Located: HK_LM:Run, S3Trayp
command: S3Trayp.exe
file: C:\WINDOWS\system32\S3Trayp.exe
size: 204800
MD5: D51A3CF3CF12E93498261AE2DBA6131B
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642
Located: HK_LM:Run, VTTimer
command: ;;; VTTimer.exe
file: ;;; VTTimer.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Zune Launcher
command: "c:\Program Files\Zune\ZuneLauncher.exe"
file: c:\Program Files\Zune\ZuneLauncher.exe
size: 157312
MD5: 2FF690ACE1B49D891B79E645B6DB95FF
Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: PE_C_ICESHADOW...
command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 143360
MD5: CE8D6FF5BEDDA023F7A1BB3FA34130DE
Located: HK_CU:Run, Aim6
where: S-1-5-21-3534958576-867787100-1923679560-1005...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-3534958576-867787100-1923679560-1005...
command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 143360
MD5: CE8D6FF5BEDDA023F7A1BB3FA34130DE
Located: HK_CU:Run, Bionix Wallpaper 5
where: S-1-5-21-3534958576-867787100-1923679560-1005...
command: "C:\BioniX Wallpaper\Bionix Wallpaper 5.exe"
file: C:\BioniX Wallpaper\Bionix Wallpaper 5.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3534958576-867787100-1923679560-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, winhpdrv
where: S-1-5-21-3534958576-867787100-1923679560-1005...
command: "C:\Documents and Settings\Renee\Application Data\Google\xtgoj6119471.exe"
file: C:\Documents and Settings\Renee\Application Data\Google\xtgoj6119471.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\Renee\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: Startup (user), Folding@Home 5.03.lnk
where: C:\Documents and Settings\Renee\Start Menu\Programs\Startup...
command: C:\Program Files\Folding@Home\winFAH.exe
file: C:\Program Files\Folding@Home\winFAH.exe
size: 323584
MD5: 1D4E6BAC7AC4FBCCCFFC69C3724E3109
Located: Startup (disabled), Microsoft Find Fast (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office\FINDFAST.EXE
file: C:\PROGRA~1\MICROS~2\Office\FINDFAST.EXE
size: 111376
MD5: 6A29FD937E251B4570B8CEB8F9B46EAD
Located: Startup (disabled), Office Startup (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office\OSA.EXE -b
file: C:\PROGRA~1\MICROS~2\Office\OSA.EXE
size: 51984
MD5: D06276D4CAD46CDCEABEFDEB1A0D3C0D
Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 8/12/2009 11:14:16 AM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 5/9/2009 10:02:32 AM
Date (last access): 8/12/2009 11:14:56 AM
Date (last write): 7/29/2009 1:02:34 PM
Filesize: 1111320
Attributes: archive
MD5: 726F21F6723ECEBA37DCF325E1A5FFEC
CRC32: 170FF9EA
Version: 8.5.0.405
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/4/2008 10:02:14 PM
Date (last access): 8/12/2009 10:58:32 AM
Date (last write): 9/15/2008 3:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SEPsearchhelperie.dll
Short name: SEPSEA~1.DLL
Date (created): 5/19/2009 11:36:18 AM
Date (last access): 8/12/2009 11:14:16 AM
Date (last write): 5/19/2009 11:36:18 AM
Filesize: 137600
Attributes: archive
MD5: F655CDD5506FBB4C40C08C9C6A66F7C8
CRC32: 579241EB
Version: 1.3.59.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 1/9/2009 10:46:58 PM
Date (last access): 8/12/2009 11:16:40 AM
Date (last write): 7/25/2009 5:23:02 AM
Filesize: 321312
Attributes: archive
MD5: 9B687688CDBE11E1A77C0037590105FB
CRC32: 7568D9DC
Version: 6.0.150.3
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 2/17/2009 5:11:04 PM
Date (last access): 8/12/2009 11:14:56 AM
Date (last write): 2/17/2009 5:11:04 PM
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6
{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG8\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 6/5/2009 3:49:48 PM
Date (last access): 8/12/2009 10:02:12 AM
Date (last write): 6/16/2009 9:29:06 AM
Filesize: 1004800
Attributes: archive
MD5: B6F1007C1F048A98AAC79632FCFF3EB9
CRC32: 707E355B
Version: 2.506.14.1
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 1/9/2009 10:46:58 PM
Date (last access): 8/12/2009 11:16:14 AM
Date (last write): 7/25/2009 5:23:04 AM
Filesize: 41760
Attributes: archive
MD5: 1E57B1A44C7DFFA1C38534279C14B3CE
CRC32: BA79295C
Version: 6.0.150.3
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live\Toolbar\
Long name: wltcore.dll
Short name:
Date (created): 2/6/2009 6:17:46 PM
Date (last access): 8/12/2009 10:02:14 AM
Date (last write): 2/6/2009 6:17:46 PM
Filesize: 1068904
Attributes: archive
MD5: 28455424E3C8B81661C5A40E18066BB1
CRC32: E5BA354B
Version: 14.0.8064.206
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 1/9/2009 10:47:00 PM
Date (last access): 8/12/2009 11:11:16 AM
Date (last write): 7/25/2009 5:22:44 AM
Filesize: 73728
Attributes: archive
MD5: 55E583817A2012FD75F1F8CF87EE760C
CRC32: 7051D2F4
Version: 6.0.150.3
--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/templates/ieawsdc.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 6/30/2007 7:09:06 PM
Date (last access): 8/10/2009 6:59:14 PM
Date (last write): 6/30/2007 7:09:06 PM
Filesize: 175968
Attributes: archive
MD5: BCD0A5C3C1715C363CB3F321ABE31514
CRC32: DB757059
Version: 12.0.6028.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 7/25/2009 3:00:36 AM
Date (last access): 7/25/2073 5:24:12 AM
Date (last write): 7/25/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 7/25/2009 3:00:36 AM
Date (last access): 8/12/2009 11:31:04 AM
Date (last write): 7/25/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 7/25/2009 3:00:36 AM
Date (last access): 8/12/2009 11:31:04 AM
Date (last write): 7/25/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3
--- Process list ---
PID: 0 ( 0) [System]
PID: 556 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 612 ( 556) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 636 ( 556) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 684 ( 636) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 696 ( 636) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 864 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 960 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1064 ( 684) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1140 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1264 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1348 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1656 ( 684) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1724 (1628) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1924 (1724) C:\WINDOWS\system32\S3Trayp.exe
size: 204800
MD5: D51A3CF3CF12E93498261AE2DBA6131B
PID: 1940 (1724) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 212992
MD5: E9B4D167643611408FFA0C2C34F5A985
PID: 1956 (1724) C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 919CE09D182D8AAAFCFBC4C40493961D
PID: 1988 (1724) C:\WINDOWS\system32\hphmon05.exe
size: 483328
MD5: A36CAB365F2942FA8BE8658D176311AD
PID: 2028 (1724) C:\Program Files\Zune\ZuneLauncher.exe
size: 157312
MD5: 2FF690ACE1B49D891B79E645B6DB95FF
PID: 2040 (1724) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 2000152
MD5: 384D5440B780BD921399A5697E6E1623
PID: 168 (1724) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642
PID: 172 (1724) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 143360
MD5: CE8D6FF5BEDDA023F7A1BB3FA34130DE
PID: 188 (1724) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 308 (1724) C:\Program Files\Folding@Home\winFAH.exe
size: 323584
MD5: 1D4E6BAC7AC4FBCCCFFC69C3724E3109
PID: 372 ( 864) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
size: 905216
MD5: 4D7659E640A60CF69DF6911CDDCF9788
PID: 584 ( 308) C:\Program Files\Folding@Home\FahCore_7c.exe
size: 2138112
MD5: 6AF0FCDBFA6F6A7D7EDD2A51F3E0AD91
PID: 1044 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1084 ( 684) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 297752
MD5: DB338A6BD3976904EB0F8343F51E64EB
PID: 1260 ( 684) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 112325F53AB720CA77825726D427FBDC
PID: 1324 ( 684) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 61440
MD5: 559C9B7800FAC92FC515CD0003D7C631
PID: 1408 ( 684) C:\WINDOWS\system32\S3LoadSv.exe
size: 69632
MD5: 326CD4D89C2B6F0071CA2E10FE98F011
PID: 1076 ( 684) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
size: 240512
MD5: 271077B91D7AD1B616F8AFDFE8E3F981
PID: 1860 (1084) C:\PROGRA~1\AVG\AVG8\avgam.exe
size: 832792
MD5: 309DE2B599871BC38C58B49B2F08EB10
PID: 1832 (1084) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 486680
MD5: 65EA6EB029BB031773473AD9A78A666D
PID: 1872 (1084) C:\PROGRA~1\AVG\AVG8\avgnsx.exe
size: 595736
MD5: A6CF4FF9BE1202800C22EC5A6A7CF4A6
PID: 2056 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2196 ( 684) C:\Program Files\Viewpoint\Common\ViewpointService.exe
size: 24652
MD5: 5F974FDE801C73952770736BECDE11E7
PID: 2328 ( 684) C:\WINDOWS\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 2432 ( 684) c:\WINDOWS\system32\ZuneBusEnum.exe
size: 60032
MD5: D5281109BE06EA1D3C511B6C07F26134
PID: 2488 ( 684) C:\PROGRA~1\AVG\AVG8\avgemc.exe
size: 908056
MD5: B9AE3C63A53396CD669EF8AE9C9CBD85
PID: 2720 (2488) C:\Program Files\AVG\AVG8\avgcsrvx.exe
size: 693016
MD5: 98D6BB2D06986E9E1051F2CBE3CF6E7A
PID: 2868 ( 684) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
size: 262144
MD5: C4EBBBD7165BE535F0BFD06B80601D91
PID: 3368 ( 684) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3596 (1724) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3688 (3596) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3768 (1724) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 1020 (1084) C:\Program Files\AVG\AVG8\avgscanx.exe
size: 761624
MD5: 8841A9A957A88932FE91BD5C40AD8BEB
PID: 1996 (1020) C:\Program Files\AVG\AVG8\avgcsrvx.exe
size: 693016
MD5: 98D6BB2D06986E9E1051F2CBE3CF6E7A
PID: 968 (2328) C:\WINDOWS\system32\SearchProtocolHost.exe
size: 184832
MD5: C4894B3B448B647BEDC9E916D181BDBE
PID: 648 (2328) C:\WINDOWS\system32\SearchFilterHost.exe
size: 87552
MD5: 87889A983C015080FA813D7E32910D1E
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/12/2009 11:31:14 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7C7C95D6-F017-47A1-AD51-4063AF971549}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7C7C95D6-F017-47A1-AD51-4063AF971549}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E63D01FB-3C80-4CA3-BC74-995D28CCF060}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E63D01FB-3C80-4CA3-BC74-995D28CCF060}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCD66BB0-C55A-4E76-B926-B7B0E1376270}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCD66BB0-C55A-4E76-B926-B7B0E1376270}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Ensemble of Wolves
2009-08-12, 19:39
--- Uninstall list ---
(AddressBook)
Adobe Flash Player 10 Plugin 10.0.22.87 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated
AIM 6 (AIM_6)
uninstall cmd: C:\Program Files\AIM6\uninst.exe
(AOL Diagnostics_N)
(AOLOCP_Y)
Audacity 1.2.6 (Audacity_is1)
install location: C:\Program Files\Audacity\
uninstall cmd: "C:\Program Files\Audacity\unins000.exe"
help link: http://audacity.sourceforge.net
(AVG7Uninstall)
AVG 8.5 (AVG8Uninstall)
version (major): 8
version (minor): 5
install location: C:\Program Files\AVG\AVG8
uninstall cmd: C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
publisher: AVG Technologies
(Branding)
CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
publisher: Piriform
VIA Chrome9 HC IGP Family Display 6.14.10.0193 (Chrome9HC)
uninstall cmd: C:\WINDOWS\system32\s3minset.exe -uninf -u 'Chrome9HC' -ver '03/16/2009, 6.14.10.0193'
publisher: S3 Graphics Co., Ltd.
Cnxt 2011 D850 56K V.9x DF Modem (CNXT_MODEM_PCI_HSF)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -I*.INF
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
ERUNT 1.1j (ERUNT_is1)
install location: C:\Program Files\ERUNT\
uninstall cmd: "C:\Program Files\ERUNT\unins000.exe"
publisher: Lars Hederer
help link: http://www.larshederer.homepage.t-online.de/erunt
Finale NotePad 2003a (Finale NotePad 2003a)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2003a\uninstal.log
Folding@Home 5.03 (Folding@Home)
uninstall cmd: C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Folding@Home\UninstallA482.DAT
publisher: PandeGroup
readme: C:\Program Files\Folding@Home\README.TXT
(Fontcore)
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro
(ICW)
Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20071002
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
(IE40)
(IE4Data)
(IE5BAKEX)
Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20071002
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie
(IEData)
(InstallShield Uninstall Information)
VIA Platform Device Manager 1.24 (InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169})
version: 18350080
version (major): 1
version (minor): 24
install date: 20070823
install source: D:\VIA\DRIVER\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
publisher: VIA Technologies, Inc.
comments: VIA Hyperion Pro Setup Program
contact: http://forums.viaarena.com/
help link: http://www.viaarena.com/
help telephone: NULL
readme: NULL
(InstallShield_{B4E09577-AA63-48CB-942D-F92D2DB17EA6})
(KB884016)
(KB884267)
(KB885353)
(KB886612)
(KB887078)
(KB887626)
High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXPSP2)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB888111
(KB888656)
(KB889858)
(KB891122)
Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20071002
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
(KB892313)
(KB893240)
(KB893241)
(KB893803)
(KB895181)
(KB895316)
(KB895572)
(KB897586)
(KB898549)
(KB900399)
(KB902344)
(KB907658)
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20070823
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
(KB911565)
(KB911854)
Hotfix for Windows XP (KB915800-v4) 4 (KB915800-v4)
install date: 20090419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=915800-v4
Security Update for Windows XP (KB923561) 1 (KB923561)
install date: 20090416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923561
Security Update for Windows XP (KB923689) (KB923689)
install date: 20070823
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689
Security Update for Windows XP (KB923789) (KB923789)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923789
Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20070823
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398
Hotfix for Windows Media Format 11 SDK (KB929399) (KB929399)
install date: 20081025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=929399
Hotfix for Windows XP (KB932716-v2) 2 (KB932716-v2)
install date: 20081225
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932716-v2
Security Update for Windows Media Player 11 (KB936782) (KB936782_WMP11)
install date: 20081025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782
Security Update for Windows Media Player 9 (KB936782) (KB936782_WMP9)
install date: 20070823
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782
Security Update for Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7)
install date: 20071005
uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937143
Security Update for Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7)
install date: 20071005
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127
Security Update for Windows XP (KB938464) 1 (KB938464)
install date: 20080910
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938464
Security Update for Windows Internet Explorer 7 (KB939653) 1 (KB939653-IE7)
install date: 20071013
uninstall cmd: "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=939653
Hotfix for Windows Media Player 11 (KB939683) (KB939683)
install date: 20081028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=939683
Windows Search 4.0 04.00.6001.503 (KB940157)
install date: 20090419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=940157
Security Update for Windows XP (KB941569) (KB941569)
install date: 20071211
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941569
Security Update for Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
install date: 20071211
uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=942615
Security Update for Windows Internet Explorer 7 (KB944533) 1 (KB944533-IE7)
install date: 20080213
uninstall cmd: "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=944533
Security Update for Windows XP (KB946648) 1 (KB946648)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=946648
Hotfix for Windows Internet Explorer 7 (KB947864) 1 (KB947864-IE7)
install date: 20080412
uninstall cmd: "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=947864
Security Update for Windows Internet Explorer 7 (KB950759) 1 (KB950759-IE7)
install date: 20080612
uninstall cmd: "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950759
Security Update for Windows XP (KB950760) 1 (KB950760)
install date: 20080612
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950760
Security Update for Windows XP (KB950762) 1 (KB950762)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950762
Security Update for Windows XP (KB950974) 1 (KB950974)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950974
Security Update for Windows XP (KB951066) 1 (KB951066)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951066
Update for Windows XP (KB951072-v2) 2 (KB951072-v2)
install date: 20080813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951072
Security Update for Windows XP (KB951376) 1 (KB951376)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376
Security Update for Windows XP (KB951376-v2) 2 (KB951376-v2)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376
Security Update for Windows XP (KB951698) 1 (KB951698)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951698
Security Update for Windows XP (KB951748) 1 (KB951748)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951748
Update for Windows XP (KB951978) 1 (KB951978)
install date: 20080819
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951978
Security Update for Windows XP (KB952004) 1 (KB952004)
install date: 20090416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952004
Security Update for Windows Media Player (KB952069) (KB952069_WM9)
install date: 20081212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=952069
Hotfix for Windows XP (KB952287) 1 (KB952287)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952287
Security Update for Windows XP (KB952954) 1 (KB952954)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952954
Security Update for Windows Internet Explorer 7 (KB953838) 1 (KB953838-IE7)
install date: 20080813
uninstall cmd: "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953838
Security Update for Windows XP (KB953839) 1 (KB953839)
install date: 20080813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953839
Security Update for Windows Media Player 11 (KB954154) (KB954154_WM11)
install date: 20081025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=954154
Security Update for Windows XP (KB954211) 1 (KB954211)
install date: 20081017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954211
Security Update for Windows XP (KB954459) 1 (KB954459)
install date: 20081112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954459
Hotfix for Windows XP (KB954550-v5) 5 (KB954550-v5)
install date: 20090417
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954550
Security Update for Windows XP (KB954600) 1 (KB954600)
install date: 20081212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954600
Hotfix for Windows XP (KB954708) 1 (KB954708)
install date: 20090419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954708
Security Update for Windows XP (KB955069) 1 (KB955069)
install date: 20081112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=955069
Update for Windows XP (KB955839) 1 (KB955839)
install date: 20081212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=955839
Security Update for Windows Internet Explorer 7 (KB956390) 1 (KB956390-IE7)
install date: 20081017
uninstall cmd: "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956390
Security Update for Windows XP (KB956391) 1 (KB956391)
install date: 20081017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956391
Security Update for Windows XP (KB956572) 1 (KB956572)
install date: 20090416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956572
Security Update for Windows XP (KB956802) 1 (KB956802)
install date: 20081212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956802
Security Update for Windows XP (KB956803) 1 (KB956803)
install date: 20081017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956803
Security Update for Windows XP (KB956841) 1 (KB956841)
install date: 20081017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956841
Security Update for Windows XP (KB957095) 1 (KB957095)
install date: 20081017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=957095
Security Update for Windows XP (KB957097) 1 (KB957097)
install date: 20081112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=957097
Security Update for Windows Internet Explorer 7 (KB958215) 1 (KB958215-IE7)
install date: 20081212
uninstall cmd: "C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958215
Security Update for Windows XP (KB958644) 1 (KB958644)
install date: 20081024
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958644
Security Update for Windows XP (KB958687) 1 (KB958687)
install date: 20090114
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958687
Security Update for Windows XP (KB958690) 1 (KB958690)
install date: 20090311
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958690
Security Update for Windows XP (KB959426) 1 (KB959426)
install date: 20090416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=959426
Critical Update for Windows Media Player 11 (KB959772) (KB959772_WM11)
install date: 20090311
uninstall cmd: "C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=959772
Security Update for Windows XP (KB960225) 1 (KB960225)
install date: 20090311
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960225
Security Update for Windows Internet Explorer 7 (KB960714) 1 (KB960714-IE7)
install date: 20081218
uninstall cmd: "C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960714
Security Update for Windows XP (KB960715) 1 (KB960715)
install date: 20090211
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960715
Security Update for Windows XP (KB960803) 1 (KB960803)
install date: 20090416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960803
Hotfix for Windows XP (KB961118) 1 (KB961118)
install date: 20090419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961118
Security Update for Windows Internet Explorer 7 (KB961260) 1 (KB961260-IE7)
install date: 20090211
uninstall cmd: "C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961260
Security Update for Windows XP (KB961371) 1 (KB961371)
install date: 20090716
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961371
Security Update for Windows XP (KB961373) 1 (KB961373)
install date: 20090416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961373
Security Update for Windows XP (KB961501) 1 (KB961501)
install date: 20090610
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961501
Update for Windows XP (KB961503) 1 (KB961503)
install date: 20090429
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961503
Security Update for Windows Internet Explorer 7 (KB963027) 1 (KB963027-IE7)
install date: 20090416
uninstall cmd: "C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=963027
Security Update for Windows Search 4 - KB963093 (KB963093)
install date: 20090610
uninstall cmd: "C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
Update for Windows XP (KB967715) 1 (KB967715)
install date: 20090225
uninstall cmd: "C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=967715
Security Update for Windows XP (KB968537) 1 (KB968537)
install date: 20090610
uninstall cmd: "C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=968537
Security Update for Windows Internet Explorer 7 (KB969897) 1 (KB969897-IE7)
install date: 20090610
uninstall cmd: "C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=969897
Security Update for Windows XP (KB969898) 1 (KB969898)
install date: 20090610
uninstall cmd: "C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=969898
Security Update for Windows XP (KB970238) 1 (KB970238)
install date: 20090610
uninstall cmd: "C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=970238
Security Update for Windows XP (KB971633) 1 (KB971633)
install date: 20090716
uninstall cmd: "C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=971633
Security Update for Windows Internet Explorer 7 (KB972260) 1 (KB972260-IE7)
install date: 20090729
uninstall cmd: "C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=972260
Security Update for Windows XP (KB973346) 1 (KB973346)
install date: 20090716
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973346
Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20081204
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: http://www.malwarebytes.org
Microsoft .NET Framework 3.5 SP1 (Microsoft .NET Framework 3.5 SP1)
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.5\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=120337
(MobileOptionPack)
Mozilla Firefox (3.0.13) 3.0.13 (en-US) (Mozilla Firefox (3.0.13))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox
(MPlayer2)
Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20081024
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
(NeroMediaHome!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
(NeroRecode!UninstallKey)
uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL
(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL
(NetMeeting)
Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20071002
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
Microsoft Office 97, Standard Edition (Office8.0)
uninstall cmd: C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Std.stf
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Roll (RollerCoaster Tycoon Setup)
uninstall cmd: C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
(SchedulingAgent)
Spyro Dawn of the Dragon Screensaver (Spyro Dawn of the Dragon Screensaver)
uninstall cmd: C:\WINDOWS\system32\Spyro Dawn of the Dragon Screensaver.scr /u
SystemSecurity2009 (SystemSecurity2009)
uninstall cmd: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\System Security\\System Security
VIA/S3G Display Driver (VIA Chrome9 HC IGP Display)
uninstall cmd: VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\dc04i.inf
Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VIA Rhine-Family Fast-Ethernet Adapter (VN_VUIns_Rhine_VIA)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Voyage (Voyage)
uninstall cmd: C:\Program Files\The Adventure Company\Voyage\Uninstall.exe
(WallpaperToy)
(Wdf01000)
(Wdf01001)
(Wdf01005)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Wdf01007)
install date: 20081225
uninstall cmd: "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
Windows Genuine Advantage Validation Tool (KB892130) 1.7.0069.2 (WGA)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
(WIC)
Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768
Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3 20080414.031525 (Windows XP Service Pack)
install date: 20080818
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936929
GIMP 2.4.2 (WinGimp-2.0_is1)
install date: 20080125
install location: C:\Program Files\GIMP-2.0\
uninstall cmd: "C:\Program Files\GIMP-2.0\setup\unins000.exe"
help link: http://groups.yahoo.com/group/gimpwin-users/
GTK+ 2.10.13 runtime environment (WinGTK-2_is1)
install date: 20071006
install location: C:\Program Files\Common Files\GTK\2.0\
uninstall cmd: "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
publisher: Tor Lillqvist
help link: http://gimp-win.sf.net/
Windows Live Essentials 14.0.8064.0206 (WinLiveSuite_Wave3)
install location: C:\Program Files\Windows Live\
uninstall cmd: C:\Program Files\Windows Live\Installer\wlarp.exe
publisher: Microsoft Corporation
help link: http://support.live.com/
Microsoft WinUsb 1.0 (winusb0100)
install date: 20081225
uninstall cmd: "C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
(WMCSetup)
Windows Media Format 11 runtime (WMFDist11)
install date: 20081024
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:
Windows Media Player 11 (wmp11)
install date: 20081024
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:
Microsoft User-Mode Driver Framework Feature Pack 1.7 (Wudf01007)
install date: 20081225
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 6001
Microsoft Zoo Tycoon (Zoo Tycoon 1.0)
uninstall cmd: "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
Zune 03.01.0620.01 (Zune)
install location: c:\Program Files\Zune\
uninstall cmd: c:\Program Files\Zune\ZuneSetup.exe /x
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkID=71730
Zune Language Pack (FR) 03.01.0620.01 ({0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3})
version: 50397804
version (major): 3
version (minor): 1
estimated size: 480
install date: 20081225
install source: c:\4832b2026b5743f4d4\packages\
uninstall cmd: MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkID=71730
kgchlwn 5.03.0000.0002 ({03EDED24-8375-407D-A721-4643D9768BE1})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 209
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgchlwn\
uninstall cmd: MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
ESSSONIC 6.4.0000.0001 ({073F22CE-9A5B-4A40-A604-C7270AC6BF34})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 4041
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sonic\
uninstall cmd: MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Windows Live Messenger 14.0.8064.0206 ({0AAA9C97-74D4-47CE-B089-0B147EF3553C})
version: 234889088
version (major): 14
estimated size: 41423
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\74793b961c9c12c\
uninstall cmd: MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
publisher: Microsoft Corporation
kgchday 5.03.0000.0002 ({11F3F858-4131-4FFA-A560-3FE282933B6E})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 5965
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgchday\
uninstall cmd: MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
ESSPCD 6.04.0000.0001 ({14D4ED84-6A9A-45A0-96F6-1753768C3CB5})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 205
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sysext\ESSpcd\
uninstall cmd: MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
Windows Live Upload Tool 14.0.8014.1029 ({205C6BDD-7B73-42DE-8505-9A093F35A238})
version: 234889038
version (major): 14
estimated size: 225
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\f8ef021c1c9c12b\
uninstall cmd: MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=118310
Platform 1.24 ({20D4A895-748C-4D88-871C-FDB1695B0169})
version: 18350080
version (major): 1
version (minor): 24
install date: 20070823
install source: D:\VIA\DRIVER\
publisher: VIA Technologies, Inc.
comments: VIA Hyperion Pro Setup Program
contact: http://forums.viaarena.com/
help link: http://www.viaarena.com/
help telephone: NULL
readme: NULL
MSVCRT 14.0.1468.721 ({22B775E7-6C42-4FC5-8E10-9A5E3257BD94})
version: 234882492
version (major): 14
estimated size: 1641
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\d989eafe1c9c12b\
uninstall cmd: MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
publisher: Microsoft
Java(TM) 6 Update 15 6.0.150 ({26A24AE4-039D-4CA4-87B4-2F83216011FF})
version: 100663406
version (major): 6
estimated size: 92660
install date: 20090109
install location: C:\Program Files\Java\jre6\
install source: C:\Documents and Settings\Renee\Application Data\Sun\Java\jre1.6.0_11\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre6\README.txt
({26A24AE4-039D-4CA4-87B4-2F83216015FB})
essvatgt 6.04.0000.0001 ({2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 137
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESSvatgt\
uninstall cmd: MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
publisher: EASTMAN KODAK Company
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20070823
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Windows Live Communications Platform 14.0.8064.206 ({3B4E636E-9D65-4D67-BA61-189800823F52})
version: 234889088
version (major): 14
estimated size: 1945
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\e04cd63a1c9c12b\
uninstall cmd: MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
publisher: Microsoft Corporation
Windows Live Photo Gallery 14.0.8064.206 ({3C52E7DA-C431-4239-B66B-1BF703D5B194})
version: 234889088
version (major): 14
estimated size: 32155
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\41de10f21c9c12d\
uninstall cmd: MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
publisher: Microsoft Corporation
help link: http://photogallery.live.com/
ESScore 6.04.0000.0003 ({42938595-0D83-404D-9F73-F8177FDD531A})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 20772
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESScore\
uninstall cmd: MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:
netbrdg 6.04.0000.0001 ({4537EA4B-F603-4181-89FB-2953FC695AB1})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 113
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ess\netbrdg\
uninstall cmd: MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Photosmart 140,240,7200,7600,7700,7900 Series 2.0 ({45B6180B-DCAB-4093-8EE8-6164457517F0})
uninstall cmd: C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
publisher: Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
Microsoft Search Enhancement Pack 1.3.59.0 ({4CBA3D4C-8F51-4D60-B27E-F6B641C571E7})
version: 16973883
version (major): 1
version (minor): 3
estimated size: 762
install date: 20090527
install source: C:\WINDOWS\SoftwareDistribution\Download\d261ac122901a09fbb3161480ae64e69\img\
uninstall cmd: MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
publisher: Microsoft Corporation
Junk Mail filter update 14.0.8064.206 ({4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3})
version: 234889088
version (major): 14
estimated size: 3512
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\8ca1cf8a1c9c12c\
uninstall cmd: MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
publisher: Microsoft Corporation
DigitImg 2.00.0000 ({517B8FB2-26EE-43B0-AE1B-07408860AA69})
version: 33554432
version (major): 2
estimated size: 54271
install date: 20080301
install source: D:\DigitImg\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
skin0001 6.04.0000.0004 ({5316DFC9-CE99-4458-9AB3-E8726EDE0210})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 11425
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\SKIN0001\
uninstall cmd: MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
SHASTA 6.04.0000.0001 ({605A4E39-613C-4A12-B56F-DEFBE6757237})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 3857
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\SHASTA\
uninstall cmd: MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
PSShortcuts 1.00.0000 ({60758250-C8CF-47EB-8CB6-E0C3B84D8207})
version: 16777216
version (major): 1
estimated size: 3018
install date: 20080301
install source: D:\PSShortcuts\
publisher: Hewlett-Packard
fflink 6.02.1001.0001 ({608D2A3C-6889-4C11-9B54-A42F45ACBFDB})
version: 100795369
version (major): 6
version (minor): 2
estimated size: 209
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\fflink\
uninstall cmd: MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Windows Live Mail 14.0.8064.0206 ({63C1109E-D977-49ED-BCE3-D00D0BF187D6})
version: 234889088
version (major): 14
estimated size: 28406
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\c8f8f3501c9c12c\
uninstall cmd: MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
publisher: Microsoft Corporation
ESSBrwr 6.04.0000.0001 ({643EAE81-920C-4931-9F0B-4B343B225CA6})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 264
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sysext\Essbrwr\
uninstall cmd: MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) 8.1.2 ({6846389C-BAC0-4374-808E-B120F86AF5D7})
version: 134283266
version (major): 8
version (minor): 1
estimated size: 8180
install date: 20090525
install location: C:\Program Files\Adobe\Security Update\
install source: C:\Documents and Settings\Renee\Local Settings\Application Data\Adobe\Updater5\Install\reader8rdr-en_US\
uninstall cmd: MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
publisher: Adobe Systems, Inc
comments: Your Comments
contact: Customer Support Department
help link: http://www.Adobe.com
help telephone: 1-555-555-4505
kgckids 6.03.0001.0001 ({693C08A7-9E76-43FF-B11E-9A58175474C4})
version: 100859905
version (major): 6
version (minor): 3
estimated size: 1129
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgckids\
uninstall cmd: MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Windows Live Writer 14.0.8064.0206 ({6A92E5C5-0578-443D-91F3-92ECE5F2CAE2})
version: 234889088
version (major): 14
estimated size: 12148
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\850ff7781c9c12d\
uninstall cmd: MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
publisher: Microsoft Corporation
HP Software Update 1.0.3.1 ({6FA269F8-38CB-4DF7-AA0D-36E3CE789485})
version: 16777219
version (major): 1
estimated size: 1021
install date: 20080301
install source: D:\WEBU\
uninstall cmd: MsiExec.exe /X{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}
publisher: Hewlett-Packard
Microsoft Visual C++ 2005 Redistributable 8.0.56336 ({7299052b-02a4-4627-81f2-1818da5d550d})
version: 134274064
version (major): 8
estimated size: 5330
install date: 20090509
install source: C:\DOCUME~1\Renee\LOCALS~1\Temp\7zS78.tmp\
uninstall cmd: MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
publisher: Microsoft Corporation
Windows Live Family Safety 14.0.8064.206 ({76CD2979-09C0-493A-84B3-8FD97EF4BCEA})
version: 234889088
version (major): 14
estimated size: 6553
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\9e07f8021c9c12d\
uninstall cmd: MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
publisher: Microsoft Corporation
help link: http://feedback.live.com/eform.aspx?productkey=wlfamilysafety
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 8.0.50727.4053 ({770657D0-A123-3C07-8E44-1C83EC895118})
version: 134268455
version (major): 8
estimated size: 109
install date: 20090729
install source: c:\fa5e6673484d6eafaf0172\
uninstall cmd: MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
publisher: Microsoft Corporation
MSXML 4.0 SP2 (KB954430) 4.20.9870.0 ({86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
version: 68429454
version (major): 4
version (minor): 20
estimated size: 2729
install date: 20081111
install source: c:\23dd298cfcdd66d04e480c10\
uninstall cmd: MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/954430
staticcr 6.04.0000.0005 ({8943CE61-53BD-475E-90E1-A580869E98A2})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 21
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\static\
uninstall cmd: MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Microsoft Silverlight 3.0.40723.0 ({89F4137D-6C26-4A84-BDB8-2E5A4BB71E00})
version: 50372371
version (major): 3
estimated size: 35456
install date: 20090731
install location: c:\Program Files\Microsoft Silverlight\
install source: c:\aab31ca00a25a894ab2a1e\
uninstall cmd: MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkID=91955
ESSTOOLS 5.00.0000.0004 ({8A502E38-29C9-49FA-BCFA-D727CA062589})
version: 83886080
version (major): 5
estimated size: 1573
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESSTOOLS\
uninstall cmd: MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Microsoft Sync Framework Runtime Native v1.0 (x86) 1.0.1215.0 ({8A74E887-8F0F-4017-AF53-CBA42211AAA5})
version: 16778431
version (major): 1
estimated size: 2343
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\5ae6c1f21c9c12d\
uninstall cmd: MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
publisher: Microsoft Corporation
contact: MS
kgcvday 5.03.0000.0002 ({8A8664E1-84C8-4936-891C-BC1F07797549})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 2693
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcvday\
uninstall cmd: MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
ESSini 6.04.0000.0001 ({8E92D746-CD9F-4B90-9668-42B74C14F765})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 73
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESSini\
uninstall cmd: MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:
Choice Guard 1.2.87.0 ({8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E})
version: 16908375
version (major): 1
version (minor): 2
estimated size: 186
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\88884fa1c9c12c\
uninstall cmd: MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
publisher: Microsoft Corporation
ESSgui 6.04.0000.0001 ({91517631-A9F3-4B7C-B482-43E0068FD55A})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 7898
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESSgui\
uninstall cmd: MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:
Windows Live Sign-in Assistant 5.000.818.6 ({9422C8EA-B0C6-4197-B8FC-DC797658CA00})
version: 83886898
version (major): 5
estimated size: 1981
install date: 20090305
install source: C:\WINDOWS\SoftwareDistribution\Download\969d5e0decf4405a8c76196232e05be2\img\
uninstall cmd: MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
publisher: Microsoft Corporation
Microsoft Application Error Reporting 12.0.6012.5000 ({95120000-00B9-0409-0000-0000000FF1CE})
version: 201332604
version (major): 12
estimated size: 8935
install date: 20081225
install source: C:\WINDOWS\SoftwareDistribution\Download\bd29afd3f639530bf85ce5815b193bba\img\
publisher: Microsoft Corporation
help link: http://support.microsoft.com
QuickTime 7.2.0.240 ({95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC})
version: 117571584
version (major): 7
version (minor): 2
estimated size: 75806
install date: 20080724
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Renee\LOCALS~1\Temp\IXP153.TMP\
uninstall cmd: MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
Windows Live Toolbar 14.0.8064.206 ({995F1E2E-F542-4310-8E1D-9926F5A279B3})
version: 234889088
version (major): 14
estimated size: 3298
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\6ad3b71e1c9c12d\
uninstall cmd: MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
publisher: Microsoft Corporation
VPRINTOL 6.04.0000.0001 ({999D43F4-9709-4887-9B1A-83EBB15A8370})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 281
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\VPRINTOL\
uninstall cmd: MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
kgcinvt 5.03.0000.0003 ({9BD54685-1496-46A5-AB62-357CD140ED8B})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 2625
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcinvt\
uninstall cmd: MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
kgcmove 6.03.0001.0001 ({A1588373-1D86-4D44-86C9-78ABD190F9CC})
version: 100859905
version (major): 6
version (minor): 3
estimated size: 261
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcmove\
uninstall cmd: MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Windows Live Sync 14.0.8064.206 ({A1BF9950-8CDB-468E-83FA-EACFB00EA7D5})
version: 234889088
version (major): 14
estimated size: 2856
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\f364eaae1c9c12c\
uninstall cmd: MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
publisher: Microsoft Corporation
Segoe UI 14.0.4327.805 ({A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7})
version: 234885351
version (major): 14
estimated size: 1720
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\e76cbd2c1c9c12b\
uninstall cmd: MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
publisher: Microsoft Corp
Microsoft .NET Framework 3.0 Service Pack 2 3.2.30729 ({A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7})
version: 50493449
version (major): 3
version (minor): 2
estimated size: 184293
install date: 20090417
install source: c:\58b841b42e9fe6f384\wcu\dotNetFramework\dotnetfx30\
uninstall cmd: MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=98075
({A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483)
Ensemble of Wolves
2009-08-12, 19:40
LightScribe 1.4.136.1 1.4.136.1 ({A87B11AC-4344-4E5D-8B12-8F471A87DAD9})
version: 17039496
version (major): 1
version (minor): 4
estimated size: 4296
install date: 20070911
install location: C:\Program Files\Common Files\LightScribe\
install source: D:\Installation\Redist\
publisher: http://www.lightscribe.com
comments: LightScribe
contact: LightScribe
help link: http://www.lightscribe.com
help telephone: 1-000-000-0000
Adobe Reader 8.1.2 8.1.2 ({AC76BA86-7AD7-1033-7B44-A81200000003})
version: 134283266
version (major): 8
version (minor): 1
estimated size: 88639
install date: 20090525
install source: C:\Documents and Settings\Renee\Local Settings\Application Data\Adobe\Updater5\Install\reader8rdr-en_US\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: [INSTALLDIR]Reader\Readme.htm
Adobe Reader 8.1.2 Security Update 1 (KB403742) ({AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2)
help link: http://www.adobe.com/go/kb403742
ESSCDBK 6.04.0000.0001 ({AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 457
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sysext\Esscdbk\
uninstall cmd: MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
publisher: EASTMAN KODAK Company
comments: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
OfotoXMI 6.04.0000.0001 ({B162D0A6-9A1D-4B7C-91A5-88FB48113C45})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 1037
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sysext\OFOTOXMI\
uninstall cmd: MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
readme: _
Nero 7 Essentials 7.02.5017 ({B28B351F-1232-46EA-85EF-B8EA91641033})
version: 117576601
version (major): 7
version (minor): 2
estimated size: 414728
install date: 20070911
install location: C:\Program Files\Nero\Nero 7\
install source: D:\Installation\
uninstall cmd: MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033}
publisher: Nero AG
comments: Nero AG
contact: techsupport@nero.com
help link: http://www.nero.com/
HP Memories Disc 1.0.4.805 ({B376402D-58EA-45EA-BD50-DD924EB67A70})
version: 16777220
version (major): 1
estimated size: 23232
install date: 20080301
install source: D:\HPMD\
uninstall cmd: MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
publisher: Hewlett-Packard Company
comments: hp memories disc creator software
help link: http://www.hp.com
help telephone: (208) 323-2551
Spybot - Search & Destroy 1.6.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20090810
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support
CCScore 6.02.1001.0001 ({B4B44FE7-41FF-4DAD-8C0A-E406DDA72992})
version: 100795369
version (major): 6
version (minor): 2
estimated size: 649
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ccs\
uninstall cmd: MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:
readme:
Microsoft Sync Framework Services Native v1.0 (x86) 1.0.1215.0 ({BD64AF4A-8C80-4152-AD77-FCDDF05208AB})
version: 16778431
version (major): 1
estimated size: 1481
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\623d7efa1c9c12d\
uninstall cmd: MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
publisher: Microsoft Corporation
contact: MS
MSXML 4.0 SP2 (KB936181) 4.20.9848.0 ({C04E32E0-0416-434D-AFB9-6969D703A9EF})
version: 68429432
version (major): 4
version (minor): 20
estimated size: 2680
install date: 20080301
install source: c:\3702c7bc3cd2c7aa9d2912f2ae59ebdd\
uninstall cmd: MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/936181
Microsoft .NET Framework 2.0 Service Pack 2 2.2.30729 ({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F})
version: 33716233
version (major): 2
version (minor): 2
estimated size: 187784
install date: 20090417
install source: c:\58b841b42e9fe6f384\wcu\dotNetFramework\dotnetfx20\
uninstall cmd: MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=98073
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481)
Microsoft VC9 runtime libraries 1.0.0 ({C4124E95-5061-4776-8D5D-E3D931C778E1})
version: 16777216
version (major): 1
estimated size: 1439
install date: 20090723
install source: C:\DOCUME~1\Renee\LOCALS~1\Temp\
uninstall cmd: MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
publisher: AOL LLC
comments: MSVC 9 Runtime libraries
contact: AOL LLC
Windows Live Essentials 14.0.8064.206 ({C6CA8874-5F22-4AF0-9BE3-016BF299C536})
version: 234889088
version (major): 14
estimated size: 1254
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\52e366a1c9c12c\
uninstall cmd: MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
publisher: Microsoft Corporation
help link: http://support.live.com/
Microsoft .NET Framework 3.5 SP1 3.5.30729 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9})
version: 50690057
version (major): 3
version (minor): 5
estimated size: 75412
install date: 20090417
install source: C:\DOCUME~1\Renee\LOCALS~1\Temp\IXP0245F.tmp\dotnetfx35\x86\
uninstall cmd: MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
publisher: Microsoft Corporation
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This hotfix is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this hotfix will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/953595.
help link: http://support.microsoft.com/kb/953595
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This hotfix is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this hotfix will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/958484.
help link: http://support.microsoft.com/kb/958484
Kodak EasyShare software ({D32470A1-B10C-4059-BA53-CF0486F68EBC})
uninstall cmd: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_84faf\Setup.exe /APR-REMOVE
publisher: Eastman Kodak Company
SFR 6.04.0000.0001 ({DB02F716-6275-42E9-B8D2-83BA2BF5100B})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 6013
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\Sfr1\
uninstall cmd: MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
publisher: Eastman Kodak Company
comments: _
contact: _
help link: _
help telephone: _
PSUsage 1.20.0000 ({DE4997B5-55AD-4878-97A7-C9FA84FE23C7})
version: 18087936
version (major): 1
version (minor): 20
estimated size: 6286
install date: 20080301
install source: D:\PExpress\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
kgcbaby 5.03.0000.0002 ({E18B549C-5D15-45DA-8D8F-8FD2BD946344})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 2709
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcbaby\
uninstall cmd: MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Agatha Christie - And Then There Were None 1.0 ({E4628D0D-5DC8-49EC-985A-F0C12EDBF1D2})
version: 16777216
install location: C:\Program Files\The Adventure Company\And Then There Were None
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4628D0D-5DC8-49EC-985A-F0C12EDBF1D2}\setup.exe" -l0x9 -uninst
tooltips 6.04.0000.0001 ({E79987F0-0E34-42CC-B8FF-6C860AEEB26A})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 1293
install date: 20080805
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\tooltips\
uninstall cmd: MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
help telephone: 1-555-555-4505
Zune Language Pack (ES) 03.01.0620.01 ({EE4ACABF-531E-419A-9225-B8E0FA4955AF})
version: 50397804
version (major): 3
version (minor): 1
estimated size: 488
install date: 20081225
install source: c:\4832b2026b5743f4d4\packages\
uninstall cmd: MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkID=71730
Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000 ({F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 1783
install date: 20090419
install location: C:\Program Files\Microsoft SQL Server Compact Edition\
install source: C:\Program Files\Common Files\Windows Live\.cache\dfe6d0dc1c9c12c\
uninstall cmd: MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/sql/everywhere
kgcbase 5.03.0000.0004 ({F22C222C-3CE2-4A4B-A83F-AF4681371ABE})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 6893
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcbase\
uninstall cmd: MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
SKINXSDK 6.02.1001.0001 ({F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F})
version: 100795369
version (major): 6
version (minor): 2
estimated size: 6661
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\SKINXSDK\
uninstall cmd: MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
Windows Live Call 14.0.8064.0206 ({F6BD194C-4190-4D73-B1B1-C48C99921BFE})
version: 234889088
version (major): 14
estimated size: 1659
install date: 20090419
install source: C:\Program Files\Common Files\Windows Live\.cache\ed8feada1c9c12b\
uninstall cmd: MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
publisher: Microsoft Corporation
({F90DA605-4E92-11D4-A319-00104BCAB4AB})
WIRELESS 6.04.0000.0001 ({F9593CFB-D836-49BC-BFF1-0E669A411D9F})
version: 100925440
version (major): 6
version (minor): 4
estimated size: 249
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\WIRELESS\
uninstall cmd: MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport
ESSPDock 6.03.0001.0004 ({FCDB1C92-03C6-4C76-8625-371224256091})
version: 100859905
version (major): 6
version (minor): 3
estimated size: 9781
install date: 20080724
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\KDEVICES\PDock\
uninstall cmd: MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:
Zune 03.01.0620.01 ({FF70513F-E3A7-402F-84FB-B7810A064BE2})
version: 50397804
version (major): 3
version (minor): 1
estimated size: 154484
install date: 20081225
install source: c:\4832b2026b5743f4d4\packages\
uninstall cmd: MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkID=71730
({{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}})
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): 6fad2d48.sys
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 6fad2d48.sys
Image path: \??\C:\WINDOWS\System32\drivers\6fad2d48.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: 8FD99680A539792A30E97944FDAECF17
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142592
Image MD5: 8BED39E3C35D6A489438B8141717A557
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AFS2K
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AFS2k
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: 8C515081584A38AA007909CD02020B3D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Aspi32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 34312
Image MD5: 0E5E4957549056E2BF2C49F4F6B601AD
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: B153AFFAC761E7F5FCFA822B9C4E97BC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 96512
Image MD5: 9F3A2F5AA6875C72BF062C712CFA2674
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: 9916C1225104BA14794209CFA8012159
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AVG
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): avg8emc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG8 E-mail Scanner
Object name: LocalSystem
Image path: C:\PROGRA~1\AVG\AVG8\avgemc.exe
Image size: 908056
Image MD5: B9AE3C63A53396CD669EF8AE9C9CBD85
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,avg8wd
Service (registry key): avg8wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG8 WatchDog
Object name: LocalSystem
Image path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Image size: 297752
Image MD5: DB338A6BD3976904EB0F8343F51E64EB
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AvgLdx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG AVI Loader Driver x86
Image path: \SystemRoot\System32\Drivers\avgldx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AvgMfx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Minifilter x86 Resident Driver
Image path: \SystemRoot\System32\Drivers\avgmfx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): AvgRkx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgrkx86.sys
Image path: System32\Drivers\avgrkx86.sys
Image size: 12552
Image MD5: 94A16F829B1456237B7F929198CE2807
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): AvgTdiX
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG8 Network Redirector
Image path: \SystemRoot\System32\Drivers\avgtdix.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): bap9e3d
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss
Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 62976
Image MD5: 4B0A100EAF5C49EF3CCA8C641431EACC
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): CiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 1CFE720EB8D93A7158A4EBC3AB178BDE
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS
Service (registry key): ClipSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: 34CBE729F38138217F9C80212A2A0C82
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE
Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 69632
Image MD5: D87ACAED61E417BBA546CED5E7E36D9C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): CmdIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): ContentFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ContentIndex
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Cpqarray
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): dac2w2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): dac960nt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): DcCam
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT
Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 044452051F3E02E7963599FC8F4F3E25
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): dmadmin
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: E46050330BD42F33609117F861E32D3C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer
Service (registry key): dmboot
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: D992FE1274BDE0F84AD826ACAE022A41
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmio
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: 7C824CF7BBDE77D95C08005717A95F6F
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmload
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): DMusic
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: 8A208DFCF89792A484E76C40E5F50B45
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip
Service (registry key): Dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wired AutoConfig
Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k dot3svc
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Ndisuio,eaphost
Service (registry key): dpti2o
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 8F5FCFF8E8848AFAC920905FBD9D33C8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Extensible Authentication Protocol Service
Description: Provides windows clients Extensible Authentication Protocol Service
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k eapsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ERSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 110592
Image MD5: 65DF52F5B8B6E9BBD183505225C37315
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): FastUserSwitchingCompatibility
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService
Service (registry key): Fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: 92CDD60B6730B9F50F6A1A0C1F8CDC81
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): FET5X86V
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA Rhine-Family Fast-Ethernet Adapter Driver Service
Image path: system32\DRIVERS\fetnd5bv.sys
Image size: 43520
Image MD5: 52FA46AE36CAAFC6E1FF4FD617DFD25D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): FETND5BV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA Rhine-Family Fast Ethernet Adapter Driver Service
Image path: system32\DRIVERS\fetnd5bv.sys
Image size: 43520
Image MD5: 52FA46AE36CAAFC6E1FF4FD617DFD25D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): FETNDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver
Image path: system32\DRIVERS\fetnd5.sys
Image size: 27165
Image MD5: E9648254056BCE81A85380C0C3647DC4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fips
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 129792
Image MD5: B2CF4B0786F8212CB92ED2B50C6DB6B0
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Presentation Foundation Font Cache 3.0.0.0
Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
Object name: NT AUTHORITY\LocalService
Image path: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 46104
Image MD5: 8BA7C024070F2B7FDD98ED8A4BA41789
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): fssfltr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FssFltr
Image path: system32\DRIVERS\fssfltr_tdi.sys
Image size: 55152
Image MD5: 960F5E5E4E1F720465311AC68A99C2DF
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip
Service (registry key): fsssvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live Family Safety
Description: This service enables Family Safety on the computer. If this service is not running, Family Safety will not work.
Object name: LocalSystem
Image path: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
Image size: 533360
Image MD5: 9B1622EBEB31B3411B13382FFCB8737D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0
Service (registry key): Ftdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Gpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: 0A02C63C8B144BD8C86B103DEE7C86A2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA High Definition Audio Service
Image path: system32\drivers\viahduaa.sys
Image size: 201216
Image MD5: 2796390792DF6BBEF04EE07454042114
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 144384
Image MD5: 573C7D0A32852B48F3058CFD8026F511
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): helpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): HidServ
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): hidusb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 10368
Image MD5: CCF82C5EC8A7326C3066DE870C06DAF1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Health Key and Certificate Management Service
Description: Manages health certificates and keys (used by NAP)
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): hpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): HSFHWBS2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSFHWBS2.sys
Image size: 268032
Image MD5: 663B895C3F8464339EACD1D9CF69D661
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): HSF_DP
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSF_DP.sys
Image size: 987904
Image MD5: 9D786F5110B59B5FF8F763BBEB0F2B52
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 264832
Image MD5: F6AACF5BCE2893E0C1754AFEB672E5C9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTPFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): i2omgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52480
Image MD5: 4A0B06AA8943C1E332520F7440C0AA30
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows CardSpace
Description: Securely enables the creation, management, and disclosure of digital identities.
Object name: LocalSystem
Image path: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 881664
Image MD5: C01AC32DC5C03076CFB852CB5DA5229C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Imapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 42112
Image MD5: 083A052659F5310DD8B6A6CB05EDCF8E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): ImapiService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150528
Image MD5: 30DEAF54A9755BB8546168CFE8A6B5E1
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ini910u
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Inport
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntelIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 36352
Image MD5: 8C953733D8F36EB2133F5BB58808B66B
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Ip6Fw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\drivers\ip6fw.sys
Image size: 36608
Image MD5: 3BB22519A194418D5FEC05D800A19AD0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20864
Image MD5: B87AB476DCF76E72010632B5550955F5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpNat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 152832
Image MD5: CC748EA12C6EFFDE940EE98098BF96BB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IPSec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 75264
Image MD5: 23C74D75E36E7158768DD63D92789A91
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: C93C9FF7B04D772627A3646D89F7BF89
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ISAPISearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 37248
Image MD5: 05A299EC56E52649B1CF2FC52D20F2D7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): JavaQuickStarterService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Java Quick Starter
Description: Prefetches JRE files for faster startup of Java applets and applications
Object name: LocalSystem
Image path: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Image size: 153376
Image MD5: 112325F53AB720CA77825726D427FBDC
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): Kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: 463C1EC80CD17420A542B7F36A36F128
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard HID Driver
Image path: system32\DRIVERS\kbdhid.sys
Image size: 14592
Image MD5: 9EF487A186DEA361AA06913A75B3FA99
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): kmixer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 172416
Image MD5: 692BCF44383D056AED41B045A323D378
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): lanmanserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): lanmanworkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Ensemble of Wolves
2009-08-12, 19:41
Service (registry key): lbrtfdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LicenseService
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LightScribeService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LightScribeService Direct Disc Labeling Service
Description: Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
Image size: 61440
Image MD5: 559C9B7800FAC92FC515CD0003D7C631
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): LmHosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): MBAMSwissArmy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MBAMSwissArmy
Image path: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
Image size: 38496
Image MD5: B6F6E3E6670670AD8538B8718B21F7F0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mdmxsdk
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\mdmxsdk.sys
Image size: 12672
Image MD5: 0CEA2D0D3FA284B85ED5B68365114F76
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Service (registry key): Messenger
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS
Service (registry key): mnmdd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): mnmsrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: D18F1F0C101D06A1C1ADF26EED16FCDD
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): Mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 35C9E97194C8CFB8430125F8DBC34D04
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): MountMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mount Point Manager
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): mraid35x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 180608
Image MD5: 11D42BB6206F33FBB3BA0288D3EF81BD
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): MRxSmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 455296
Image MD5: 60AE98742484E7AB80C3C1450E708148
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: A137F1470499A205ABBB9AAFB3B6F2B1
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSIServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: 5879D691E842574A20FE63817CB76DF9
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: D1575E71568F4D9E14CA56B7B0453BF1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 325BB26842FC7CCC1FCCE2C457317F3E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: BAD59648BA099DA4A17680B39730CB3D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: AF5F4F3F14A8EA2C26DE30F7A1E17136
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mup
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Access Protection Agent
Description: Allows windows clients to participate in Network Access Protection
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS System Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 10112
Image MD5: 1AB3D00C991AB086E69DB84B6C0ED78F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 14592
Image MD5: F927A4434C5028758A842943EF1A3849
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91520
Image MD5: EDC1531A49C80614B2CFDA43CA8659AB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34688
Image MD5: 5D81CF9A2F1A3A756B66CF684911CDF0
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 74B2B2F5BEA5E9A3DC021D685551BD3D
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): NetDDE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: B857BA82860D7FF85AE29B095645563B
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM
Service (registry key): NetDDEdsdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: B857BA82860D7FF85AE29B095645563B
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net.Tcp Port Sharing Service
Description: Provides ability to share TCP ports over the net.tcp protocol.
Object name: NT AUTHORITY\LocalService
Image path: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 132096
Image MD5: D34612C5D02D026535B3095D620626AE
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Service (registry key): Nla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd
Service (registry key): NMIndexingService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NMIndexingService
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
Image size: 262144
Image MD5: C4EBBBD7165BE535F0BFD06B80601D91
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): NtLmSsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): NtmsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): NuidFltr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NUID filter driver
Image path: system32\DRIVERS\NuidFltr.sys
Image size: 14736
Image MD5: CF7E041663119E09D2E118521ADA9300
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): NwlnkFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd
Service (registry key): NwlnkFwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: system32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 5575FAF8F97CE5E713D108C2A58D7C7C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): PartMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Partition Manager
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ParVdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"
Service (registry key): PCI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: A219903CCF74233761D92BEF471A07B1
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): PCIDump
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): PCIIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): PDCOMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRELI
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): perc2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): perc2hib
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 110592
Image MD5: 65DF52F5B8B6E9BBD183505225C37315
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec
Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: EFEEC01B1D3CF84F16DDD24D9D9D8F99
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): PSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 09298EC810B07E5D582CB3A3F9255424
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc
Service (registry key): Ptilink
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): PxHelp20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 43872
Image MD5: 49452BFCEC22F36A7A9B9C2181BC3042
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql1080
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Ql10wnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql12160
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1240
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1280
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv
Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 11B4A627BC9614B885C4969BFA5FF8A6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv
Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 5BC962F2654137C9909C3D4603587DEE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Raspti
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 175744
Image MD5: 7AD224AD1A1437FE28D89CF22B17780A
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): RDSessMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 141312
Image MD5: 3C37BF86641BDA977C3BF8A840F3B7FA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): redbook
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57600
Image MD5: F828DD7E1419B6653894A8F97A0094C5
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup
Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: AAED593F84AFA419BBAE8572AF87CF6A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): RSVP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs
Service (registry key): S3G700
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): S3GIGP
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\S3gIGPm.sys
Image size: 561152
Image MD5: 725F8D90ADD19A9718E8FDD5AFB2E682
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): S3LoadSv
Registry path: \SYSTEM\CurrentControlSet\Services\
Description: S3 Graphics service to support hot plug detection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\S3LoadSv.exe
Image size: 69632
Image MD5: 326CD4D89C2B6F0071CA2E10FE98F011
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 86D007E7A654B9A71D1D7D856B104353
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay
Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ScsiPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: %SystemRoot%\system32\drivers\scsiport.sys
Image size: 96384
Image MD5: 76C465F570E90C28942D52CCB2580A10
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SeaPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SeaPort
Description: Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly.
Object name: LocalSystem
Image path: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
Image size: 240512
Image MD5: 271077B91D7AD1B616F8AFDFE8E3F981
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): Secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 20480
Image MD5: 90A3935D05B494A5A39D37E71F09A677
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 0
Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15744
Image MD5: 0F29512CCD6BEAD730039FB4BD2C85CE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 64512
Image MD5: CCA207A8896D4C6A0C9CE29A4AE411A7
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"
Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt
Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Simbad
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Sparrow
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): splitter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6272
Image MD5: AB8B92451ECB048A4D1DE7C3FFCB4A9F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): sr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: 76BB022C2FB6902FD5BDD4F78FC13A5D
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): srservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 333952
Image MD5: 3BB03F2BA89D2BE417206C373D2AF17C
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 3941D127AEF12E93ADDF6FE6EE027E0F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): swmidi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 56576
Image MD5: 8CE882BCC6CF8A62F2B2323D95CB3D01
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SwPrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{8DFB2307-EF12-423C-879E-163D76BEFCD7}
Image size: 5120
Image MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): swwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): symc810
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): symc8xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_hi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_u3
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): sysaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 8B83F3ED0F1688B4958F77CD6D2BF290
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysmonLog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: C7ABBC59B43274B1109DF6B24D617051
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Ensemble of Wolves
2009-08-12, 19:45
Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 361600
Image MD5: 9AEFA14BD6B182D61E3119FA5F436D3D
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec
Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TDSSserv.sys
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: 88155247177638048422893737429D9E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): TosIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: system32\DRIVERS\uagp35.sys
Image size: 44672
Image MD5: D85938F272D1BCF3DB3A31FC0A048928
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ultra
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Update
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 384768
Image MD5: 402DDC88356B1BAC0EE3DD1580C76A31
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): UPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 05365FB38FCA1E98F7A566AAAF5D1815
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 32128
Image MD5: 173F317CE0DB8E21322E71B7E60A27E8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 30208
Image MD5: 65DCF09D0E37D4C6B11B5B0B76D470A7
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB2 Enabled Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 59520
Image MD5: 1AB3CDDE553B6E064D2E754EFE20285C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbscan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Usbscan
Image path: system32\DRIVERS\usbscan.sys
Image size: 15104
Image MD5: A0B8CF9DEB1184FBDD20784A58FA75D4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26368
Image MD5: A32426D9B14A089EAA1D922E0C5801A9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 20608
Image MD5: 26496F9DEE2D787FC3E61AD54821FFE6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VGA Display Controller.
Description: Controls the VGA display adapter to provide basic display capabilities.
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): VIA HD Audio Codec Default
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ViaIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\viaide.sys
Image size: 5376
Image MD5: 3B3EFCDA263B8AC14FDF9CBDD0791B2E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ViBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ViBus.sys
Image size: 16896
Image MD5: FD85C55B66797542A8C8A7348ED0675A
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): videX32
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\videX32.sys
Image size: 9216
Image MD5: 510B5097E81CD36D603D7D5C93820BBD
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Viewpoint Manager Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Viewpoint Manager Service
Description: Ensures Viewpoint 3D and Rich Media Technologies are up to date
Object name: LocalSystem
Image path: "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
Image size: 24652
Image MD5: 5F974FDE801C73952770736BECDE11E7
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): ViPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA SATA IDE Device Driver
Image path: system32\DRIVERS\ViPrt.sys
Image size: 52224
Image MD5: 7C69B1B6DEC5F8584AA352E522AF1476
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): VolSnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 7A9DB3A67C333BF0BD42E42B8596854B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Wanarp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: E20B95BAEDB550F32DD489265C1DA1F6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Mode Driver Frameworks service
Image path: System32\Drivers\wdf01000.sys
Image size: 503008
Image MD5: BBCFEAB7E871CDDAC2D397EE7FA91FDC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): WDICA
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): wdmaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 83072
Image MD5: 6768ACF64B18196494413695F0C3A00F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: MRxDAV
Service (registry key): winachsf
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSF_CNXT.sys
Image size: 731136
Image MD5: 8ADCD6078AFFC4C81F3C3EBB1E9E3A2B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinTrust
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinUSB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinUSB
Image path: system32\DRIVERS\WinUSB.sys
Image size: 39368
Image MD5: FD600B032E741EB6AAB509FC630F7C42
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WmdmPmSN
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Wmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: E0673F1106E62A68D2257E376079F821
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Image size: 913408
Image MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter
Service (registry key): WS2IFSL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 0
Error Control: 0
Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt
Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Search
Description: Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search.
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 439808
Image MD5: 7778BDFA3F6F6FBA0E75B9594098F737
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: TermService
Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Provide communciation services for UMDF components.
Image path: system32\DRIVERS\WudfPf.sys
Image size: 77696
Image MD5: 6FF66513D372D479EF1810223C8D20CE
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): WudfRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework Reflector
Description: Reflect device requests to user-mode driver drivers
Image path: system32\DRIVERS\wudfrd.sys
Image size: 83328
Image MD5: AC13CB789D93412106B0FB6C7EB2BCB6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WudfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay
Service (registry key): WZCSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio
Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): zumbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Zune Bus Enumerator Driver
Image path: system32\DRIVERS\zumbus.sys
Image size: 40832
Image MD5: 85281F709EA678382F370EE1052BBBAC
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): ZuneBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Zune Bus Enumerator
Description: Configures Zune for wireless syncing
Object name: LocalSystem
Image path: c:\WINDOWS\system32\ZuneBusEnum.exe
Image size: 60032
Image MD5: D5281109BE06EA1D3C511B6C07F26134
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): ZuneNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Zune Network Sharing Service
Description: Shares Zune media libraries to Zune devices using Universal Plug and Play
Object name: NT Authority\NetworkService
Image path: "c:\Program Files\Zune\ZuneNss.exe"
Image size: 5117568
Image MD5: 165641EEFD48ADA568CF33B20FAEBB22
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter
Service (registry key): ZuneWlanCfgSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Zune Wireless Configuration Service
Description: Configures Zune for wireless syncing
Object name: LocalSystem
Image path: c:\WINDOWS\system32\ZuneWlanCfgSvc.exe
Image size: 243840
Image MD5: E30EDB6E4D67338C330D9E7E63203D61
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): {7C7C95D6-F017-47A1-AD51-4063AF971549}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
That's the end of the report. In case it helps you diagnose the problem at all, I cannot change my desktop background through the Display Properties menu, but I can right-click an image and set it as the background. Various warnings have been placed as my background, saying things such as, "Warning! You are in danger, there is spyware on your computer," etc.
There was also another security program that I've never seen before that popped up while I was running this Spybot scan. It was trying to run a scan and enable a protection; I kept trying to cancel it and eventually was able to stop the program. I don't think it managed to install anything, but I can't be sure.
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Ensemble of Wolves
2009-08-13, 02:12
Okay, here's the ComboFix log:
ComboFix 09-08-10.06 - Renee 08/12/2009 18:02.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.578 [GMT -5:00]
Running from: c:\documents and settings\Renee\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Renee\Application Data\Google\T-Scan
c:\documents and settings\Renee\Application Data\Google\T-Scan\Thumbs.db
c:\recycler\S-1-5-21-3097797672-2920435415-1320447634-1003
c:\recycler\S-1-5-21-3774489704-3458105732-151601077-1003
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security
c:\windows\system32\critical_warning.html
c:\windows\system32\drivers\SKYNETdegsnlqh.sys
c:\windows\system32\drivers\TDSShtavhoss.sys
c:\windows\system32\SKYNETmybenxvj.dat
c:\windows\system32\SKYNETsxypkmyi.dat
c:\windows\system32\SKYNETxbdpmqrn.dll
c:\windows\system32\SKYNETxobrcctn.dll
c:\windows\system32\TDSSdapkkbom.log
c:\windows\system32\TDSSihxbddyl.dll
c:\windows\system32\TDSSjntiktoi.log
c:\windows\system32\TDSSkrgioyro.log
c:\windows\system32\TDSSkywbvuwq.dll
c:\windows\system32\TDSSycdpulgy.dll
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETlnmnkdlb
-------\Legacy_SKYNETlnmnkdlb
-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.
2009-08-12 22:06 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 16:13 . 2009-08-12 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\13465784
2009-08-11 21:37 . 2009-08-11 21:37 152576 ----a-w- c:\documents and settings\Renee\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 14:39 . 2009-08-11 14:39 -------- d-----w- c:\program files\TSC
2009-08-11 05:02 . 2009-08-11 05:03 -------- d-----w- c:\program files\ERUNT
2009-08-11 04:52 . 2009-08-11 04:52 -------- d-----w- c:\program files\Trend Micro
2009-08-10 23:04 . 2009-08-10 23:04 45344 ----a-w- c:\windows\system32\drivers\bap9e3d.sys
2009-07-29 18:03 . 2009-07-17 15:55 1111320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-29 18:03 . 2009-07-17 15:55 2301720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-28 04:56 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-27 05:04 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-07-27 05:04 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-27 05:04 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-07-27 05:04 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-27 05:04 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-27 05:04 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-25 06:33 . 2009-07-25 06:33 -------- d-----w- c:\program files\CCleaner
2009-07-17 15:55 . 2009-07-17 15:55 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 22:29 . 2007-10-06 15:09 -------- d-----w- c:\documents and settings\Renee\Application Data\gtk-2.0
2009-08-11 21:39 . 2007-09-29 22:15 -------- d-----w- c:\program files\Java
2009-08-11 01:26 . 2008-12-05 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 00:41 . 2008-12-05 03:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-10 00:23 . 2007-09-29 19:16 -------- d-----w- c:\program files\Folding@Home
2009-08-04 21:40 . 2008-07-25 03:29 -------- d-----w- c:\program files\QuickTime
2009-07-31 17:57 . 2009-04-19 16:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 18:02 . 2009-05-09 15:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-29 18:02 . 2009-05-09 15:02 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-29 18:02 . 2007-12-30 19:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-28 04:56 . 2009-07-28 04:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-25 10:23 . 2009-01-10 03:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 04:45 . 2007-09-28 22:45 -------- d-----w- c:\program files\AIM6
2009-07-24 04:45 . 2007-09-28 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-24 04:44 . 2007-09-28 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-07-14 04:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 20:58 . 2008-07-16 17:32 34 ----a-w- c:\documents and settings\Renee\jagex_runescape_preferences.dat
2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 14:19 . 2007-08-23 16:16 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-04 21:03 . 2008-07-05 15:31 227 ----a-w- c:\windows\PowerReg.dat
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 18:38 . 2009-06-08 00:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-05-25 05:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-19 06:36 . 2009-07-24 04:44 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 06:36 . 2009-07-24 04:44 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 06:36 . 2009-07-24 04:44 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 06:36 . 2009-07-24 04:44 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 06:36 . 2009-07-24 04:44 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 06:36 . 2009-07-24 04:44 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 06:36 . 2009-07-24 04:44 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 06:36 . 2009-07-24 04:44 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2005-01-21 00:53 . 2008-12-24 17:23 45056 ------r- c:\program files\SetAttrib.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 14:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 2000152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248]
"S3Trayp"="S3Trayp.exe" - c:\windows\system32\S3Trayp.exe [2008-07-08 204800]
c:\documents and settings\Renee\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Folding@Home 5.03.lnk - c:\program files\Folding@Home\winFAH.exe [2007-9-29 323584]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-29 18:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Renee^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Renee\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Renee^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Renee\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/9/2009 10:02 AM 12552]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [8/23/2007 11:28 AM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [8/23/2007 11:28 AM 52224]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2009 10:02 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2009 10:02 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/9/2009 10:02 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/9/2009 10:02 AM 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/19/2009 3:34 PM 55152]
R2 S3LoadSv;S3LoadSv;c:\windows\system32\s3loadsv.exe [1/20/2009 8:22 AM 69632]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2007 4:21 PM 24652]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [8/23/2007 11:31 AM 561152]
S0 bap9e3d;bap9e3d;\SystemRoot\\SystemRoot\System32\drivers\bap9e3d.sys --> \SystemRoot\\SystemRoot\System32\drivers\bap9e3d.sys [?]
S1 6fad2d48.sys;6fad2d48.sys;\??\c:\windows\System32\drivers\6fad2d48.sys --> c:\windows\System32\drivers\6fad2d48.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Bionix Wallpaper 5 - c:\bionix wallpaper\Bionix Wallpaper 5.exe
HKCU-Run-winhpdrv - c:\documents and settings\Renee\Application Data\Google\xtgoj6119471.exe
HKCU-Run-Aim6 - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Renee\Application Data\Mozilla\Firefox\Profiles\un74q7dt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2009-08-12 18:09
ComboFix-quarantined-files.txt 2009-08-12 23:09
Pre-Run: 139,110,621,184 bytes free
Post-Run: 139,387,912,192 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
212 --- E O F --- 2009-08-12 22:09
Ensemble of Wolves
2009-08-13, 02:14
And here is the new HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:39 PM, on 8/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\S3LoadSv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgupd.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] ;;; VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: S3LoadSv - S3 Graphics Co., Inc. - C:\WINDOWS\system32\S3LoadSv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7170 bytes
Do you recognize this folder?
c:\documents and settings\All Users\Application Data\13465784
Ensemble of Wolves
2009-08-13, 17:15
No, I do not.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Folder::
C:\documents and settings\All Users\Application Data\13465784
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Ensemble of Wolves
2009-08-13, 17:50
When I was running ComboFix, my computer froze at the screen telling me that it was almost done and the location of the log. I couldn't do anything, so I switched my computer off and turned it back on again... I'm not sure if this is the complete log or not; should I create the CFScript.txt file again and run the scan again?
ComboFix 09-08-10.06 - Renee 08/13/2009 9:29:47.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.457 [GMT -5:00]
Running from: C:\Documents and Settings\Renee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Renee\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Renee\LOCALS~1\Temp\catchme.dll
C:\documents and settings\All Users\Application Data\13465784
C:\documents and settings\All Users\Application Data\13465784\13465784
C:\Documents and Settings\Renee\Local Settings\Temp\catchme.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-13 14:14:27 . 2009-07-29 18:02:39 2061592 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-08-13 14:14:26 . 2009-07-29 18:02:31 2000152 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-08-13 14:14:26 . 2009-07-29 18:02:31 1213720 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgfrw.exe
2009-08-13 14:13:01 . 2009-07-29 18:01:10 1471768 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-08-13 14:13:01 . 2009-07-29 18:01:10 1126168 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-08-13 14:13:01 . 2009-07-29 18:01:09 758040 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-08-12 22:06:37 . 2009-07-10 13:27:49 1315328 -c----w- C:\WINDOWS\system32\dllcache\msoe.dll
2009-08-11 21:37:23 . 2009-08-11 21:37:23 152576 ----a-w- C:\Documents and Settings\Renee\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 14:39:09 . 2009-08-11 14:39:34 0 d-----w- C:\Program Files\TSC
2009-08-11 05:02:47 . 2009-08-11 05:03:17 0 d-----w- C:\Program Files\ERUNT
2009-08-11 04:52:21 . 2009-08-11 04:52:21 0 d-----w- C:\Program Files\Trend Micro
2009-08-10 23:04:16 . 2009-08-10 23:04:16 45344 ----a-w- C:\WINDOWS\system32\drivers\bap9e3d.sys
2009-08-05 09:01:48 . 2009-08-05 09:01:48 204800 -c----w- C:\WINDOWS\system32\dllcache\mswebdvd.dll
2009-07-29 18:03:48 . 2009-07-17 15:55:04 1111320 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-29 18:03:47 . 2009-07-17 15:55:04 2301720 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-28 04:56:57 . 2008-04-14 00:11:54 21504 ----a-w- C:\WINDOWS\system32\drivers\hidserv.dll
2009-07-27 05:04:45 . 2008-04-14 00:11:54 21504 -c--a-w- C:\WINDOWS\system32\dllcache\hidserv.dll
2009-07-27 05:04:45 . 2008-04-14 00:11:54 21504 ----a-w- C:\WINDOWS\system32\hidserv.dll
2009-07-27 05:04:43 . 2008-04-13 18:39:48 14592 -c--a-w- C:\WINDOWS\system32\dllcache\kbdhid.sys
2009-07-27 05:04:43 . 2008-04-13 18:39:48 14592 ----a-w- C:\WINDOWS\system32\drivers\kbdhid.sys
2009-07-27 05:04:32 . 2008-04-13 18:45:40 32128 -c--a-w- C:\WINDOWS\system32\dllcache\usbccgp.sys
2009-07-27 05:04:32 . 2008-04-13 18:45:40 32128 ----a-w- C:\WINDOWS\system32\drivers\usbccgp.sys
2009-07-25 06:33:11 . 2009-07-25 06:33:12 0 d-----w- C:\Program Files\CCleaner
2009-07-17 19:01:06 . 2009-07-17 19:01:06 58880 -c----w- C:\WINDOWS\system32\dllcache\atl.dll
2009-07-17 15:55:36 . 2009-07-29 18:02:32 3476760 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgui.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 22:29:23 . 2007-10-06 15:09:07 0 d-----w- C:\Documents and Settings\Renee\Application Data\gtk-2.0
2009-08-11 21:39:49 . 2007-09-29 22:15:02 0 d-----w- C:\Program Files\Java
2009-08-11 01:26:22 . 2008-12-05 03:02:12 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 00:41:09 . 2008-12-05 03:02:12 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-08-10 00:23:10 . 2007-09-29 19:16:50 0 d-----w- C:\Program Files\Folding@Home
2009-08-05 09:01:48 . 2006-02-28 12:00:00 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 21:40:29 . 2008-07-25 03:29:36 0 d-----w- C:\Program Files\QuickTime
2009-07-31 17:57:18 . 2009-04-19 16:32:15 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-07-29 18:02:40 . 2009-05-09 15:02:41 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2009-07-29 18:02:40 . 2009-05-09 15:02:28 335240 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2009-07-29 18:02:40 . 2007-12-30 19:16:36 27784 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2009-07-28 04:56:58 . 2009-07-28 04:56:58 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-25 10:23:00 . 2009-01-10 03:47:20 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-07-24 04:45:32 . 2007-09-28 22:45:57 0 d-----w- C:\Program Files\AIM6
2009-07-24 04:45:14 . 2007-09-28 22:46:12 0 d-----w- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-07-24 04:44:11 . 2007-09-28 22:44:11 0 d-----w- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-07-17 19:01:06 . 2006-02-28 12:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-14 04:43:24 . 2006-02-28 12:00:00 286208 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-07-05 20:58:56 . 2008-07-16 17:32:09 34 ----a-w- C:\Documents and Settings\Renee\jagex_runescape_preferences.dat
2009-06-29 16:12:20 . 2006-02-28 12:00:00 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-06-29 16:12:14 . 2006-02-28 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-29 16:12:14 . 2006-02-28 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-06-16 14:36:30 . 2006-02-28 12:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-16 14:36:30 . 2006-02-28 12:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-12 12:31:39 . 2006-02-28 12:00:00 76288 ----a-w- C:\WINDOWS\system32\telnet.exe
2009-06-10 14:19:38 . 2007-08-23 16:16:20 2066432 ----a-w- C:\WINDOWS\system32\mstscax.dll
2009-06-10 14:13:29 . 2006-02-28 12:00:00 84992 ----a-w- C:\WINDOWS\system32\avifil32.dll
2009-06-10 06:14:49 . 2006-02-28 12:00:00 132096 ----a-w- C:\WINDOWS\system32\wkssvc.dll
2009-06-04 21:03:59 . 2008-07-05 15:31:27 227 ----a-w- C:\WINDOWS\PowerReg.dat
2009-06-03 19:09:37 . 2006-02-28 12:00:00 1291264 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-06-02 18:38:14 . 2009-06-08 00:07:55 1004800 ----a-w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-05-25 05:24:06 . 2008-05-27 03:18:26 350208 ------w- C:\WINDOWS\system32\mssph.dll
2009-05-19 06:36:04 . 2009-07-24 04:44:11 97072 ----a-w- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 06:36:04 . 2009-07-24 04:44:11 2884832 ----a-w- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 06:36:04 . 2009-07-24 04:44:11 28 ----a-w- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 06:36:04 . 2009-07-24 04:44:11 25 ----a-w- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 06:36:04 . 2009-07-24 04:44:11 1484856 ----a-w- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 06:36:04 . 2009-07-24 04:44:11 142040 ----a-w- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 06:36:02 . 2009-07-24 04:44:11 30512 ----a-w- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 06:36:00 . 2009-07-24 04:44:11 111920 ----a-w- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2005-01-21 00:53:22 . 2008-12-24 17:23:46 45056 ------r- C:\Program Files\SetAttrib.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-08-12_23.07.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 14:17:50 . 2009-08-13 14:17:50 16384 C:\WINDOWS\Temp\Perflib_Perfdata_7ec.dat
+ 2009-06-12 12:31:39 . 2009-06-12 12:31:39 76288 C:\WINDOWS\system32\dllcache\telnet.exe
+ 2009-06-10 14:13:29 . 2009-06-10 14:13:29 84992 C:\WINDOWS\system32\dllcache\avifil32.dll
+ 2009-06-10 06:14:49 . 2009-06-10 06:14:49 132096 C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2009-08-13 14:11:30 . 2009-08-13 14:11:31 180224 C:\WINDOWS\ERDNT\AutoBackup\8-13-2009\Users\00000002\UsrClass.dat
+ 2009-08-13 14:11:31 . 2005-10-20 17:02:28 163328 C:\WINDOWS\ERDNT\AutoBackup\8-13-2009\ERDNT.EXE
+ 2009-08-13 14:11:30 . 2009-08-13 14:11:30 9244672 C:\WINDOWS\ERDNT\AutoBackup\8-13-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 14:56:06 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:56:06 1062144 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 14:56:06 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 14:56:06 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 23:05:20 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 13:03:16 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 18:45:44 212992]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 17:40:22 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 12:55:38 483328]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-12-12 18:41:06 157312]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-08-13 14:13:56 2007832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 03:16:38 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 11:24:52 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-25 10:23:12 149280]
"VTTimer"="VTTimer.exe" - C:\WINDOWS\system32\VTTimer.exe [2006-08-03 06:53:02 53248]
"S3Trayp"="S3Trayp.exe" - C:\WINDOWS\system32\S3Trayp.exe [2008-07-08 15:48:16 204800]
C:\Documents and Settings\Renee\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [2007-9-29 323584]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 03:41:34 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-29 18:02:40 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Renee^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=C:\Documents and Settings\Renee\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Renee^Start Menu^Programs^Startup^Office Startup.lnk]
path=C:\Documents and Settings\Renee\Start Menu\Programs\Startup\Office Startup.lnk
backup=C:\WINDOWS\pss\Office Startup.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\drivers\avgrkx86.sys [5/9/2009 10:02:41 AM 12552]
R0 ViBus;ViBus;C:\WINDOWS\system32\drivers\ViBus.sys [8/23/2007 11:28:15 AM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\drivers\ViPrt.sys [8/23/2007 11:28:15 AM 52224]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [5/9/2009 10:02:28 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [5/9/2009 10:02:28 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [5/9/2009 10:02:28 AM 908056]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [5/9/2009 10:02:26 AM 297752]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [4/19/2009 3:34:09 PM 55152]
R2 S3LoadSv;S3LoadSv;C:\WINDOWS\system32\s3loadsv.exe [1/20/2009 8:22:12 AM 69632]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [10/23/2007 4:21:07 PM 24652]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\drivers\S3gIGPm.sys [8/23/2007 11:31:27 AM 561152]
S0 bap9e3d;bap9e3d;\SystemRoot\\SystemRoot\System32\drivers\bap9e3d.sys --> \SystemRoot\\SystemRoot\System32\drivers\bap9e3d.sys [?]
S1 6fad2d48.sys;6fad2d48.sys;\??\C:\WINDOWS\System32\drivers\6fad2d48.sys --> C:\WINDOWS\System32\drivers\6fad2d48.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08:58 PM 533360]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\un74q7dt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
.
That is fine :)
Please go to ESET Online Scanner (http://www.eset.eu/online-scanner) - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
Check the box next to "YES, I accept the Terms of Use."
Click "Start"
Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click "Start". Make sure that the options: Remove found threats is UNCHECKED
Scan unwanted applications is CHECKED
Click "Scan"
Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste the contents of log.txt in your next reply.
Ensemble of Wolves
2009-08-14, 04:06
Hmm, it isn't working for me... once I started the scanner, it said it had to update something like virus definitions, and now it stopped and said, "Can not get update. Is proxy configured?" I don't think I have a proxy; is there another way that this program will work, or else how would I configure a proxy?
Thank you for your patience, I'm sure this is probably elementary to experienced computer experts... ^^;
Then use this instead, please.
Download to the desktop: Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe)
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
Ensemble of Wolves
2009-08-15, 04:02
Alright... I'm not sure if this worked the way it was supposed to. When I was selecting the drives, I could only select the C drive; I couldn't select the D drive. The D drive is just the DVD Ram drive (I don't know if it's the same on every computer or not), so I figured that it wouldn't matter all that much, so I ran the scan anyway. Then later on, I couldn't find the icon that has the pages and the red check mark; the scan only found two files, and both said that they were deleted. The log is also only two lines; it came up as a Microsoft Excel document.
RegUBP2b-Renee.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0043922.reg;C:\System Volume Information\_restore{C091C4EA-08F7-4BA2-880A-456DA6153F2F}\RP495;Trojan.StartPage.1505;Deleted.;
So there's the log... if that's not right, I'll try it again (or whatever you recommend I do). In case that's okay, here's a new HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:14 PM, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\WINDOWS\system32\S3LoadSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Folding@Home\FahCore_7c.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] ;;; VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: S3LoadSv - S3 Graphics Co., Inc. - C:\WINDOWS\system32\S3LoadSv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7891 bytes
Thank you so much for your patience and your help so far! :)
That is fine :)
Still some issues left?
Ensemble of Wolves
2009-08-16, 02:07
Hmm... nothing came up on either AVG, Spybot S&D, or Malwarebytes' Anti-Malware. I can change my background normally again, as well. I haven't seen any signs of the trojan on startup, either; the command windows that automatically opened are gone. =D
The only thing that I've been noticing is that my computer seems to freeze up more often than it used to; could this be related to anything?
Under what kind of circumstances does it usually freeze?
Ensemble of Wolves
2009-08-16, 18:02
I haven't noticed a specific pattern; whenever it happens, I'm usually only running one or two programs, like Mozilla Firefox and MS Paint or something. It froze last night while I was checking my email, and before it froze while I was running ComboFix. I can't recall the circumstances of others. =/
Thank you so much for all of your help so far! =D
I see. How much RAM you have?
Ensemble of Wolves
2009-08-17, 01:56
960 MB.
The background on my computer also keeps getting replaced by a black screen, sometimes partially and sometimes completely. There's also a weird clicking noise (like the noise when you click on a link) that keeps coming up every once in a while, and also, random ads have been popping up in Internet Explorer. This is the weirdest, I think, because I'm not even using IE; it just launches itself and many tabs of the same ad are opened up. Ugh, I thought all these problems were over... xD
So then we are not done.
Please run this next:
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Ensemble of Wolves
2009-08-17, 20:13
The scan didn't find anything... =/ Could my amount of RAM be affecting the computer freezing, or is this a normal amount of RAM? Here's the report anyway:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 17, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 17, 2009 17:23:46
Records in database: 2641619
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 67352
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:36:42
No threats found. Scanned area is clean.
Selected area has been scanned.
And here's the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:43 PM, on 8/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\S3LoadSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Renee\Local Settings\temp\jkos-Renee\binaries\ScanningProcess.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] ;;; VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: S3LoadSv - S3 Graphics Co., Inc. - C:\WINDOWS\system32\S3LoadSv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7984 bytes
Freezing can be due to hardware/driver conflict for example. You have enough RAM for XP.
But those ads are different. Does IE still open on its own?
Ensemble of Wolves
2009-08-18, 00:36
Okay. One thing that I've noticed is it seems to freeze after I try to change my background or screensaver. My background's still completely black, too; I can change the picture to something else, but it doesn't take long before it's all black again, although could that have anything to do with having to shut my computer off after it freezes? I've noticed sometimes that icons that I've moved will return to the original place after shutting it down like this...
It hasn't happened since I last posted. Could things like that just go away on their own, maybe?
It is possible.
Is it OK to redirect you to some windows forum for remaining issues?
Ensemble of Wolves
2009-08-19, 05:53
Sure, that's fine. Thank you so much, Shaba, for taking the time to help me out! :D I really appreciate it! :)
Good :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
I recommend this (http://forums.pcpitstop.com/index.php?) place.
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Ensemble of Wolves
2009-08-21, 17:49
Hi, sorry for the late reply! I had already deleted ComboFix before you posted this; I sent it to the recycle bin. Does it matter that I deleted it like that instead of the way that you showed me?
I downloaded COMODO firewall, OTCleanIt, and followed the System Restore and Internet Explorer instructions. I checked for updates, too, and I already have Malwarebytes' Anti-Malware. =) I can't install the rest of the programs at this moment, but I will, and I'll also read the article.
Thank you so much for all of your help! =D
No that is fine :)
I hope that you stay clean in the future.
Ensemble of Wolves
2009-08-21, 19:56
Okay. :) Thanks!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.