View Full Version : Virtumonde - says it's clean, but computer is still acting strangely
FizzyWater
2009-12-12, 08:36
A few days ago, I opened my computer find most of my start menu shortcuts missing. Outlook and another program (ListPro) I use all the time told me they needed install disks.
I chose to do a Restore in WIndows - for about a week before (I'm afraid I don't remember which date or why I chose that date). Outlook worked for a day and asked for install disk the next day.
I ran my ZoneAlarm (which had been behaving a little oddly - wouldn't update without multiple attempts) and found nothing. I downloaded Housecall and ran that - nothing. Then I remembered I had Spybot S&D installed and ran it - nothing. Realized I hadn't updated it since I first installed it (maybe a year?), so I updated it and - voila! It said I had Virtumonde (and a few minor tracking cookies). I told it to clean it and reran. It said it was clean.
I was hyper-nervous, so I ran it the next day. Okay. The third day - it was back.
Yesterday I ran Spybot S&D again - it still says it's clean. I tried to install Malwarebytes (after renaming the file to something innocuous) and while the installer ran, I got run time automation errors and the program will not run.
I uninstalled it - and every version of Java on the computer (something I read said Virtumonde sometimes attached itself to Java - and ZoneAlarm has been asking every day multiple times a day to allow certain Java programs to run - I kept refusing it, but may have approved it occasionally - I thought it was just the update checker).
I tried again to install Malwarebytes. Still errors. I gave up and came here.
I hope you can help me. Thank you for your willingness to help a stranger!
-*-*-*-*-*-*-*-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:55 AM, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWUPDE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://mcpuk1.jpmorgan.com/llclient/webvpn-amer/winxp/AXXPEE.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228461878891
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webvpn.jpmorganchase.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11220 bytes
Hi FizzyWater
Download at your desktop DDS from one of the links below:
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.
FizzyWater
2009-12-20, 23:11
Thanks for your reply. When this went 4 days unanswered, I thought I'd broken a forum rule (since Spybot S&D was saying clean).
So I dug out my restore disk and have restored my system to its original configuration. I'm in the process of reinstalling my programs...but this time, Spybot S&D is going second, right after my ZoneAlarm.
Thanks for being willing to help me, though.
Thanks for update.
Please post then a fresh HijackThis log and I will give you tips for the future :)
FizzyWater
2009-12-21, 14:00
Cool, thanks! I'd rather not have to do this again - 3 days of backing up, finding old CDs or downloading new versions, and then installing everything...yikes.
And this bug has eaten some of my files, which I'm still discovering (like all my Audible audiobooks disappeared...)
So I've finished installing everything. Here's my new HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:25 AM, on 12/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_SPY.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
O4 - HKLM\..\Run: [ScanSoft PDF Converter 4-reminder] "C:\Program Files\ScanSoft\PDF Converter 4\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [PPScheduler] C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261352851703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13057 bytes
FizzyWater
2009-12-21, 15:08
Before logging off, I decided to do one more run of Spybot S&D...and that d@mned Virtumonde is back.
I am not changing anything else - I will wait until you can look at that HijackThis log.
Then please post spybot report :)
FizzyWater
2009-12-21, 23:21
FYI - the WildTangent items came preinstalled with a "game console" from Toshiba. I don't play the games, so I hadn't decided whether to let Spybot remove them.
I had a late thought - I've had 3 different external hard drive connected to this machine since it started acting up. Should I have them all attached, turned on, etc. and re-run the scan(s)?
The Spybot log is too long for a single post - I went back through the FAQ and "before you post" posts and didn't find anything that addressed this, beyond there being a request not to attach files but to copy logs. So I will break the log into separate posts.
Thanks again for your help!
--- Search result list ---
WildTangent: [SBI $2740DBFD] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath=...;C:\Program Files\WildTangent\Apps\DRM0302Java.jar...
WildTangent: [SBI $3A3BDC07] Program directory (Directory, nothing done)
C:\WINDOWS\wt\
WildTangent: [SBI $98F61EF7] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}
WildTangent: [SBI $6D7AAFCA] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}
WildTangent: [SBI $9922D208] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA
WildTangent: [SBI $C1EB7028] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession
WildTangent: [SBI $C1EB7028] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession.1
WildTangent: [SBI $C1EB7028] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC}
WildTangent: [SBI $DFEDBBEE] Library (File, nothing done)
C:\WINDOWS\wt\webdriver.dll
Properties.size=71
Properties.md5=159E686A0096E54ABBB3267CC9D4366A
Properties.filedate=1118693419
Properties.filedatetext=2005-06-13 15:10:19
WildTangent: [SBI $76830867] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\
WildTangent: [SBI $E30EC8B1] Program directory (Directory, nothing done)
C:\WINDOWS\wt\updater\
WildTangent: [SBI $7E3A8D37] Program directory (Directory, nothing done)
C:\WINDOWS\wt\webdriver\
WildTangent: [SBI $AEEF1F06] Data (File, nothing done)
C:\WINDOWS\wt\data.wts
Properties.size=20
Properties.md5=2D633B34AB52F6078EDDB3CFE33B04B2
Properties.filedate=1118693419
Properties.filedatetext=2005-06-13 15:10:19
WildTangent: [SBI $6599E86A] Program directory (Directory, nothing done)
C:\WINDOWS\wt\updater
WildTangent: [SBI $6599E86A] Program directory (Directory, nothing done)
C:\WINDOWS\wt\webdriver
WildTangent: [SBI $6599E86A] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates
WildTangent: [SBI $72DF1652] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23
WildTangent: [SBI $F4CA786D] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll
Properties.size=102400
Properties.md5=72A441DCB1C0596613EDA7C382ED0155
Properties.filedate=1084546585
Properties.filedatetext=2004-05-14 09:56:25
WildTangent: [SBI $48E52B7A] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll
Properties.size=45056
Properties.md5=AEA5C73F2528CAFD594C89DCF32C58E8
Properties.filedate=1084546574
Properties.filedatetext=2004-05-14 09:56:14
WildTangent: [SBI $70A36532] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll
Properties.size=65536
Properties.md5=B7E1A541EA87F4B8F12B695A6C03A802
Properties.filedate=1084546544
Properties.filedatetext=2004-05-14 09:55:43
WildTangent: [SBI $57AC2B04] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll
Properties.size=155648
Properties.md5=9B9867833D44061192FFE92376F2CB13
Properties.filedate=1084546531
Properties.filedatetext=2004-05-14 09:55:31
WildTangent: [SBI $FA3E7013] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\sound.dll
Properties.size=98304
Properties.md5=2D7FBFED3044B9C31C524EB76F912036
Properties.filedate=1084546568
Properties.filedatetext=2004-05-14 09:56:07
WildTangent: [SBI $33D0A8B3] Data (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded
Properties.size=3564
Properties.md5=29973A433DAC80B74CBEA86AC13474AA
Properties.filedate=1076950168
Properties.filedatetext=2004-02-16 11:49:28
WildTangent: [SBI $3A288182] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll
Properties.size=737280
Properties.md5=7E6B4E1534C10F65A17987542E345073
Properties.filedate=1084546519
Properties.filedatetext=2004-05-14 09:55:19
WildTangent: [SBI $0D95F737] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll
Properties.size=712704
Properties.md5=127D7D0964FA61720237B22ED64BAEFF
Properties.filedate=1084546683
Properties.filedatetext=2004-05-14 09:58:03
WildTangent: [SBI $EF5864B8] Executable (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe
Properties.size=61440
Properties.md5=BEBB42490BADDA6621065DDAADED7B82
Properties.filedate=1083014371
Properties.filedatetext=2004-04-26 16:19:30
WildTangent: [SBI $5E4FE90B] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll
Properties.size=57344
Properties.md5=AC7A95AA3E4EFFB1BBE20210E3EEA16B
Properties.filedate=1083014374
Properties.filedatetext=2004-04-26 16:19:34
WildTangent: [SBI $E754B084] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll
Properties.size=73728
Properties.md5=2563571492C335143441A3EE87A41852
Properties.filedate=1078883844
Properties.filedatetext=2004-03-09 20:57:23
WildTangent: [SBI $34241099] Data (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar
Properties.size=18306
Properties.md5=82528BDACAE76E47F796B399F6DD0FBB
Properties.filedate=1078883847
Properties.filedatetext=2004-03-09 20:57:27
WildTangent: [SBI $12199ED3] Data (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax
Properties.size=53248
Properties.md5=C1E0BAC3E7219ECC7F96DFC7F5EAE167
Properties.filedate=1076953630
Properties.filedatetext=2004-02-16 12:47:10
WildTangent: [SBI $5C2780DF] Configuration file (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini
Properties.size=87
Properties.md5=FE136159718D85E75D65979B0C4D8B8E
Properties.filedate=1076950168
Properties.filedatetext=2004-02-16 11:49:28
WildTangent: [SBI $26C09B1F] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
Properties.size=21504
Properties.md5=FF6BB1A6EE585DDBAEBA56F994EB1743
Properties.filedate=1062717130
Properties.filedatetext=2003-09-04 18:12:09
WildTangent: [SBI $63F4F3FF] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
Properties.size=9566
Properties.md5=9C3100FE47FF22A9BDBD520CB907DDBA
Properties.filedate=1062717229
Properties.filedatetext=2003-09-04 18:13:49
WildTangent: [SBI $804DDEF3] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
Properties.size=24576
Properties.md5=564DEBEE65939D3068EF2AC70C1E4614
Properties.filedate=1062717237
Properties.filedatetext=2003-09-04 18:13:57
WildTangent: [SBI $26BFA74D] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
Properties.size=24576
Properties.md5=612C984F056E5F5884580B750F95F007
Properties.filedate=1062717241
Properties.filedatetext=2003-09-04 18:14:01
WildTangent: [SBI $68513AA0] Web page (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
Properties.size=2798
Properties.md5=0500C26138BDFB0831C5066EAF4C1D48
Properties.filedate=1070495202
Properties.filedatetext=2003-12-03 18:46:42
WildTangent: [SBI $2487DD7F] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
Properties.size=844
Properties.md5=C7E8B84B4F229FEBFE18B8D3AD6C236E
Properties.filedate=1085683244
Properties.filedatetext=2004-05-27 13:40:44
WildTangent: [SBI $F592C3CE] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
Properties.size=6996
Properties.md5=C801DDBDC0716D71DA1C734CE70D3978
Properties.filedate=1085683244
Properties.filedatetext=2004-05-27 13:40:44
WildTangent: [SBI $04E23F08] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll
Properties.size=102400
Properties.md5=72A441DCB1C0596613EDA7C382ED0155
Properties.filedate=1084546585
Properties.filedatetext=2004-05-14 09:56:25
WildTangent: [SBI $B4EDF1CF] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
Properties.size=45056
Properties.md5=AEA5C73F2528CAFD594C89DCF32C58E8
Properties.filedate=1084546574
Properties.filedatetext=2004-05-14 09:56:14
WildTangent: [SBI $8CABBF87] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
Properties.size=65536
Properties.md5=B7E1A541EA87F4B8F12B695A6C03A802
Properties.filedate=1084546544
Properties.filedatetext=2004-05-14 09:55:43
WildTangent: [SBI $ED43828D] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll
Properties.size=167936
Properties.md5=A83BE24AA6EFB1891DC68FB75653C357
Properties.filedate=1085431036
Properties.filedatetext=2004-05-24 15:37:16
WildTangent: [SBI $0FA0FA58] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
Properties.size=32768
Properties.md5=2D89B22FC5958D17C3D454CD48C98A56
Properties.filedate=1083014367
Properties.filedatetext=2004-04-26 16:19:26
WildTangent: [SBI $C5FEC452] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
Properties.size=337
Properties.md5=BEE71411DA6E503607458C7ED72E86DF
Properties.filedate=1083014360
Properties.filedatetext=2004-04-26 16:19:20
WildTangent: [SBI $FABA25A5] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
Properties.size=155648
Properties.md5=9B9867833D44061192FFE92376F2CB13
Properties.filedate=1084546531
Properties.filedatetext=2004-05-14 09:55:31
WildTangent: [SBI $7AF0934D] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll
Properties.size=159744
Properties.md5=8CE609140276B1B22C79D82387E51E62
Properties.filedate=1085431037
Properties.filedatetext=2004-05-24 15:37:17
WildTangent: [SBI $ACC25733] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll
Properties.size=98304
Properties.md5=2D7FBFED3044B9C31C524EB76F912036
Properties.filedate=1084546568
Properties.filedatetext=2004-05-14 09:56:07
WildTangent: [SBI $182877A2] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
Properties.size=3564
Properties.md5=29973A433DAC80B74CBEA86AC13474AA
Properties.filedate=1076950168
Properties.filedatetext=2004-02-16 11:49:28
WildTangent: [SBI $8CB11822] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll
Properties.size=737280
Properties.md5=7E6B4E1534C10F65A17987542E345073
Properties.filedate=1084546519
Properties.filedatetext=2004-05-14 09:55:19
WildTangent: [SBI $8A56CE01] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
Properties.size=844
Properties.md5=FD9F6DD8412FD4C9891EA9C414072ACD
Properties.filedate=1118693421
Properties.filedatetext=2005-06-13 15:10:21
WildTangent: [SBI $2561FC4F] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
Properties.size=9484
Properties.md5=FD686A99F066FD48308F1F634B966EBB
Properties.filedate=1118693421
Properties.filedatetext=2005-06-13 15:10:21
WildTangent: [SBI $17F84302] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
Properties.size=6388
Properties.md5=551E4E0A15FB29CA7FD03B90EEA50FA7
Properties.filedate=1118693421
Properties.filedatetext=2005-06-13 15:10:21
WildTangent: [SBI $DBF5CD46] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll
Properties.size=712704
Properties.md5=127D7D0964FA61720237B22ED64BAEFF
Properties.filedate=1084546683
Properties.filedatetext=2004-05-14 09:58:03
WildTangent: [SBI $0950EEBC] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
Properties.size=264641
Properties.md5=64AA44B87E94D6846F9904DE406BB9A2
Properties.filedate=1085431037
Properties.filedatetext=2004-05-24 15:37:17
WildTangent: [SBI $02247FE3] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini
Properties.size=251
Properties.md5=989566D38D32E38030E5BBD16EE18F4B
Properties.filedate=1085431037
Properties.filedatetext=2004-05-24 15:37:17
WildTangent: [SBI $4D7964E3] Executable (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe
Properties.size=61440
Properties.md5=BEBB42490BADDA6621065DDAADED7B82
Properties.filedate=1083014371
Properties.filedatetext=2004-04-26 16:19:30
WildTangent: [SBI $748358C8] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
Properties.size=57344
Properties.md5=AC7A95AA3E4EFFB1BBE20210E3EEA16B
Properties.filedate=1083014374
Properties.filedatetext=2004-04-26 16:19:34
WildTangent: [SBI $5CA3FF5D] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
Properties.size=73728
Properties.md5=2563571492C335143441A3EE87A41852
Properties.filedate=1078883844
Properties.filedatetext=2004-03-09 20:57:23
WildTangent: [SBI $7191D734] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
Properties.size=18306
Properties.md5=82528BDACAE76E47F796B399F6DD0FBB
Properties.filedate=1078883847
Properties.filedatetext=2004-03-09 20:57:27
WildTangent: [SBI $E8D62D17] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll
Properties.size=53248
Properties.md5=37304A3EEFDBA83F61DBD9F7BCD291B2
Properties.filedate=1076953629
Properties.filedatetext=2004-02-16 12:47:09
WildTangent: [SBI $57AC597E] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
Properties.size=53248
Properties.md5=C1E0BAC3E7219ECC7F96DFC7F5EAE167
Properties.filedate=1076953630
Properties.filedatetext=2004-02-16 12:47:10
WildTangent: [SBI $DC390771] Configuration file (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
Properties.size=87
Properties.md5=FE136159718D85E75D65979B0C4D8B8E
Properties.filedate=1076950168
Properties.filedatetext=2004-02-16 11:49:28
WildTangent: [SBI $2BEC8AF7] Web page (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
Properties.size=6925
Properties.md5=86A03C6D54DADFD1BA48AB64439B83FC
Properties.filedate=1085431037
Properties.filedatetext=2004-05-24 15:37:17
WildTangent: [SBI $C6EC39EE] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
Properties.size=20
Properties.md5=2D633B34AB52F6078EDDB3CFE33B04B2
Properties.filedate=1118693419
Properties.filedatetext=2005-06-13 15:10:19
WildTangent: [SBI $61C460B4] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
Properties.size=71
Properties.md5=159E686A0096E54ABBB3267CC9D4366A
Properties.filedate=1118693419
Properties.filedatetext=2005-06-13 15:10:19
WildTangent: [SBI $9DA91D1A] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
Properties.size=71
Properties.md5=159E686A0096E54ABBB3267CC9D4366A
Properties.filedate=1118693419
Properties.filedatetext=2005-06-13 15:10:19
WildTangent: [SBI $692D7608] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
Properties.size=22
Properties.md5=7C70F401580BB7195DCCCC120EC048C6
Properties.filedate=1084546737
Properties.filedatetext=2004-05-14 09:58:57
WildTangent: [SBI $19E548FB] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
Properties.size=844
Properties.md5=CEB79DDC0D6F746762994494677F5694
Properties.filedate=1118693422
Properties.filedatetext=2005-06-13 15:10:21
WildTangent: [SBI $F1CDDC45] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
Properties.size=6772
Properties.md5=8F757AA75637802DAB0D78B6A0908F79
Properties.filedate=1118693422
Properties.filedatetext=2005-06-13 15:10:21
WildTangent: [SBI $D096B74C] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
Properties.size=98304
Properties.md5=57C1F42E6C8CF8E0ED62F84870BF1652
Properties.filedate=1125427860
Properties.filedatetext=2005-08-30 13:50:59
WildTangent: [SBI $46E91277] Web page (File, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html
Properties.size=2768
Properties.md5=9A9B8B3B8570863FE79634F3F28D0936
Properties.filedate=1129829271
Properties.filedatetext=2005-10-20 12:27:51
WildTangent: [SBI $9CBE777F] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo
Properties.size=868
Properties.md5=F421F49630F2A3A9E4722DC882B881FC
Properties.filedate=1130277928
Properties.filedatetext=2005-10-25 17:05:28
WildTangent: [SBI $1BA2197E] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas
Properties.size=7132
Properties.md5=0019EDA5FBD2258ACCBEEA7DC3D4A994
Properties.filedate=1130277929
Properties.filedatetext=2005-10-25 17:05:28
WildTangent: [SBI $AF3105ED] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts
Properties.size=22
Properties.md5=7C70F401580BB7195DCCCC120EC048C6
Properties.filedate=1084546737
Properties.filedatetext=2004-05-14 09:58:57
WildTangent: [SBI $33EF52D1] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\
WildTangent: [SBI $712CFF7C] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\wtupdater\
WildTangent: [SBI $B8D31319] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\wtwebdriver\
WildTangent: [SBI $46FA3174] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\
WildTangent: [SBI $5BB5BCDB] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\
WildTangent: [SBI $420FC500] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\
WildTangent: [SBI $9B9A301B] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\
WildTangent: [SBI $AEA200D6] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\
WildTangent: [SBI $17519F1E] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\
WildTangent: [SBI $0166288F] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\
WildTangent: [SBI $EE84C73B] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\
WildTangent: [SBI $2D970569] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\
WildTangent: [SBI $989A2343] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\
WildTangent: [SBI $53D6EE96] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\
WildTangent: [SBI $5B12A850] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\
WildTangent: [SBI $686A4944] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\
WildTangent: [SBI $106C8F12] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\
WildTangent: [SBI $9D7B5572] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\
WildTangent: [SBI $BB43DE42] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\
WildTangent: [SBI $8D754529] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\
WildTangent: [SBI $140672DA] Program directory (Directory, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\
Virtumonde.sci: [SBI $BA5DD7C5] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-12-15 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-12-15 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-12-15 Includes\HijackersC.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2009-12-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-15 Includes\Malware.sbi (*)
2009-12-15 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-12-15 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-12-15 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-12-15 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2009-12-15 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB953295)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB953297)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB888316
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB894553
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB895678
/ Media Center 2005 / SP3: Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB975364)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB976325)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB953295)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB969947)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Security Update for Windows XP (KB971486)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Security Update for Windows XP (KB973525)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Hotfix for Windows XP (KB976098-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB976325)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88203
MD5: F2B869D0B4B765F573BB7B7F80B09DC3
Located: HK_LM:Run, DMXLauncher
command: "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
file: C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
size: 113400
MD5: F6AF3A8B024D1F5354A894FFFCD32953
Located: HK_LM:Run, eBook Library Launcher
command: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
file: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
size: 906640
MD5: 1FC3E49C3726F60224F2B60BE1DB938A
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: E822BA2DB5811E6C8491E24C710D3455
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 2738657127E7C3D08399D3943D0C5C0E
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 98304
MD5: 58D794455A6CEA851D13274224E42730
Located: HK_LM:Run, IndexSearch
command: "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
file: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
size: 40960
MD5: 6DDD793C25E712C5E35CBB3DAAAB1378
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 602182
MD5: D4830448B45CDD45F4285DC6E152764F
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 667718
MD5: 5A6ACFF04D39D4C16F1FF52682C3B1B0
Located: HK_LM:Run, ISW
command: "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
file: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
size: 730480
MD5: 79BED8EF8B113BEF852B99A7574367B6
Located: HK_LM:Run, kmw_run.exe
command: kmw_run.exe
file: C:\WINDOWS\system32\kmw_run.exe
size: 106496
MD5: 5EE1AD8304F6F9C1FC3AC9B1223F9890
Located: HK_LM:Run, LtMoh
command: C:\Program Files\ltmoh\Ltmoh.exe
file: C:\Program Files\ltmoh\Ltmoh.exe
size: 184320
MD5: 33FBA26946FB3BF16294561C97B35E76
Located: HK_LM:Run, MSKDetectorExe
command: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
file: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
size: 1121792
MD5: A5F0EF1A69F6707F27E53EE54B8F8AC4
Located: HK_LM:Run, MSWheel
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file: NDSTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, OpwareSE4
command: "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
file: C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
size: 69632
MD5: 98C9D8B03A6DEC5975A0E19EE2685CF5
Located: HK_LM:Run, PadTouch
command: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
file: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, PaperPort PTD
command: "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
file: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
size: 36864
MD5: DDCF01E33C9A8BF6AAAFD0B7E86D9AAE
Located: HK_LM:Run, PDF4 Registry Controller
command: "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
file: C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe
size: 40960
MD5: FE51D962B75031C2E8099666F2FA174E
Located: HK_LM:Run, Pinger
command: c:\toshiba\ivp\ism\pinger.exe /run
file: c:\toshiba\ivp\ism\pinger.exe
size: 151552
MD5: FA8D59CD0B55A489A3CF237ACF6F3D46
Located: HK_LM:Run, PPort11reminder
command: "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
file: C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe
size: 1404928
MD5: 57376E0176551D49F139809CFFAD1DCF
Located: HK_LM:Run, RoxioDragToDisc
command: "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
file: C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
size: 1133304
MD5: 1D702767080FBFB3D38E7A62ECF713A6
Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 228088
MD5: D65BFDC789444821453EA0CBF77B1B57
Located: HK_LM:Run, ScanSoft PDF Converter 4-reminder
command: "C:\Program Files\ScanSoft\PDF Converter 4\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\ereg.ini"
file: C:\Program Files\ScanSoft\PDF Converter 4\Ereg\ereg.exe
size: 1404928
MD5: D60FC68A7DC340B2BECE7BE0BE443709
Located: HK_LM:Run, SmoothView
command: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
file: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021E0887AE43636F583E649AFEB3C767
Located: HK_LM:Run, SSBkgdUpdate
command: "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
file: C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
size: 155648
MD5: 1C3CA3E7807F915933BB4E08E599DDAB
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761945
MD5: 53DCD7CEF78CC06692400B339336233B
Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 82009
MD5: 3AE31B86B4B3CE39885414F9AFD83D97
Located: HK_LM:Run, TDispVol
command: TDispVol.exe
file: C:\WINDOWS\system32\TDispVol.exe
size: 73728
MD5: FC554C13105AD3FA35AB49943DF021B2
Located: HK_LM:Run, TFncKy
command: TFncKy.exe
file: TFncKy.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, THotkey
command: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
file: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 352256
MD5: 2C0970FBC5A9FB5633B8D80671B3B5C9
Located: HK_LM:Run, TPSMain
command: TPSMain.exe
file: C:\WINDOWS\system32\TPSMain.exe
size: 282624
MD5: 1812D1BB1FAD95017C613F927EAC8147
Located: HK_LM:Run, Tvs
command: C:\Program Files\Toshiba\Tvs\TvsTray.exe
file: C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: 74387D88985987ACDF294CCA1622640E
Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 1037192
MD5: 8DFE7E9DFA11CCF6C4B5D6303A791039
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, CTSyncU.exe
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
file: C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
size: 868352
MD5: 9B21347A00F9D8E9BB2E2928C45D9995
Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: "C:\PROGRA~1\MICROS~4\wcescomm.exe"
file: C:\PROGRA~1\MICROS~4\wcescomm.exe
size: 1200128
MD5: 0D667F8B21D7975C663F35D7AF3C9BDB
Located: HK_CU:Run, ISUSPM
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 218032
MD5: 43D083268A0919F3527A2837390BAF63
Located: HK_CU:Run, PPScheduler
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
file: C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
size: 98304
MD5: 8B2F2D4A86B526F944C5DE93649E450A
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3571388858-1336072035-3301721608-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3571388858-1336072035-3301721608-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-3571388858-1336072035-3301721608-500...
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
Located: Startup (common), eBook USB Driver.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
file: C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
size: 42552
MD5: 940F49B9DF79B5557DBFBD0B8C21ED10
Located: Startup (common), ListProAlarms.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
file: C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
size: 124000
MD5: 133E26FDBA8E9148A183688CF39A86B0
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Startup (common), RAMASST.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\system32\RAMASST.exe
file: C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152AD2CCAB0265EAB9711755F484
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
***more to come***
FizzyWater
2009-12-21, 23:26
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88203
MD5: F2B869D0B4B765F573BB7B7F80B09DC3
Located: HK_LM:Run, DMXLauncher
command: "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
file: C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
size: 113400
MD5: F6AF3A8B024D1F5354A894FFFCD32953
Located: HK_LM:Run, eBook Library Launcher
command: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
file: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
size: 906640
MD5: 1FC3E49C3726F60224F2B60BE1DB938A
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: E822BA2DB5811E6C8491E24C710D3455
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 2738657127E7C3D08399D3943D0C5C0E
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 98304
MD5: 58D794455A6CEA851D13274224E42730
Located: HK_LM:Run, IndexSearch
command: "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
file: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
size: 40960
MD5: 6DDD793C25E712C5E35CBB3DAAAB1378
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 602182
MD5: D4830448B45CDD45F4285DC6E152764F
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 667718
MD5: 5A6ACFF04D39D4C16F1FF52682C3B1B0
Located: HK_LM:Run, ISW
command: "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
file: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
size: 730480
MD5: 79BED8EF8B113BEF852B99A7574367B6
Located: HK_LM:Run, kmw_run.exe
command: kmw_run.exe
file: C:\WINDOWS\system32\kmw_run.exe
size: 106496
MD5: 5EE1AD8304F6F9C1FC3AC9B1223F9890
Located: HK_LM:Run, LtMoh
command: C:\Program Files\ltmoh\Ltmoh.exe
file: C:\Program Files\ltmoh\Ltmoh.exe
size: 184320
MD5: 33FBA26946FB3BF16294561C97B35E76
Located: HK_LM:Run, MSKDetectorExe
command: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
file: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
size: 1121792
MD5: A5F0EF1A69F6707F27E53EE54B8F8AC4
Located: HK_LM:Run, MSWheel
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file: NDSTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, OpwareSE4
command: "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
file: C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
size: 69632
MD5: 98C9D8B03A6DEC5975A0E19EE2685CF5
Located: HK_LM:Run, PadTouch
command: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
file: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, PaperPort PTD
command: "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
file: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
size: 36864
MD5: DDCF01E33C9A8BF6AAAFD0B7E86D9AAE
Located: HK_LM:Run, PDF4 Registry Controller
command: "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
file: C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe
size: 40960
MD5: FE51D962B75031C2E8099666F2FA174E
Located: HK_LM:Run, Pinger
command: c:\toshiba\ivp\ism\pinger.exe /run
file: c:\toshiba\ivp\ism\pinger.exe
size: 151552
MD5: FA8D59CD0B55A489A3CF237ACF6F3D46
Located: HK_LM:Run, PPort11reminder
command: "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
file: C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe
size: 1404928
MD5: 57376E0176551D49F139809CFFAD1DCF
Located: HK_LM:Run, RoxioDragToDisc
command: "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
file: C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
size: 1133304
MD5: 1D702767080FBFB3D38E7A62ECF713A6
Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 228088
MD5: D65BFDC789444821453EA0CBF77B1B57
Located: HK_LM:Run, ScanSoft PDF Converter 4-reminder
command: "C:\Program Files\ScanSoft\PDF Converter 4\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\ereg.ini"
file: C:\Program Files\ScanSoft\PDF Converter 4\Ereg\ereg.exe
size: 1404928
MD5: D60FC68A7DC340B2BECE7BE0BE443709
Located: HK_LM:Run, SmoothView
command: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
file: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021E0887AE43636F583E649AFEB3C767
Located: HK_LM:Run, SSBkgdUpdate
command: "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
file: C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
size: 155648
MD5: 1C3CA3E7807F915933BB4E08E599DDAB
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761945
MD5: 53DCD7CEF78CC06692400B339336233B
Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 82009
MD5: 3AE31B86B4B3CE39885414F9AFD83D97
Located: HK_LM:Run, TDispVol
command: TDispVol.exe
file: C:\WINDOWS\system32\TDispVol.exe
size: 73728
MD5: FC554C13105AD3FA35AB49943DF021B2
Located: HK_LM:Run, TFncKy
command: TFncKy.exe
file: TFncKy.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, THotkey
command: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
file: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 352256
MD5: 2C0970FBC5A9FB5633B8D80671B3B5C9
Located: HK_LM:Run, TPSMain
command: TPSMain.exe
file: C:\WINDOWS\system32\TPSMain.exe
size: 282624
MD5: 1812D1BB1FAD95017C613F927EAC8147
Located: HK_LM:Run, Tvs
command: C:\Program Files\Toshiba\Tvs\TvsTray.exe
file: C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: 74387D88985987ACDF294CCA1622640E
Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 1037192
MD5: 8DFE7E9DFA11CCF6C4B5D6303A791039
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, CTSyncU.exe
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
file: C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
size: 868352
MD5: 9B21347A00F9D8E9BB2E2928C45D9995
Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: "C:\PROGRA~1\MICROS~4\wcescomm.exe"
file: C:\PROGRA~1\MICROS~4\wcescomm.exe
size: 1200128
MD5: 0D667F8B21D7975C663F35D7AF3C9BDB
Located: HK_CU:Run, ISUSPM
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 218032
MD5: 43D083268A0919F3527A2837390BAF63
Located: HK_CU:Run, PPScheduler
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
file: C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
size: 98304
MD5: 8B2F2D4A86B526F944C5DE93649E450A
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-3571388858-1336072035-3301721608-1005...
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3571388858-1336072035-3301721608-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3571388858-1336072035-3301721608-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-3571388858-1336072035-3301721608-500...
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
Located: Startup (common), eBook USB Driver.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
file: C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
size: 42552
MD5: 940F49B9DF79B5557DBFBD0B8C21ED10
Located: Startup (common), ListProAlarms.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
file: C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
size: 124000
MD5: 133E26FDBA8E9148A183688CF39A86B0
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Startup (common), RAMASST.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\system32\RAMASST.exe
file: C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152AD2CCAB0265EAB9711755F484
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} (ZoneAlarm Toolbar Registrar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ZoneAlarm Toolbar Registrar
CLSID name: ZoneAlarm Toolbar Registrar
Path: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\
Long name: TrustCheckerIEPlugin.dll
Short name: TRUSTC~1.DLL
Date (created): 10/14/2009 8:30:44 AM
Date (last access): 12/21/2009 3:27:46 PM
Date (last write): 10/14/2009 8:30:44 AM
Filesize: 578928
Attributes: archive
MD5: 367A59A3FD91982685A9927A7FD803B3
CRC32: DBA63E86
Version: 1.5.53.4
{CE7C3CF0-4B15-11D1-ABED-709549C10000} (IEHlprObjClass)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: IEHlprObjClass
description: ShopNav
classification: Confirmed as malware
known filename: Iehelper.dll<br>Ubmon.dll
info link: http://www.urlblaze.com/
info source: TonyKlein
Path: C:\Program Files\Kensington\MouseWorks\
Long name: IE_SPY.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 12/21/2009 4:46:48 AM
Date (last access): 12/21/2009 3:38:04 PM
Date (last write): 12/21/2009 4:46:48 AM
Filesize: 41760
Attributes: archive
MD5: C9EDE29F223A27873E187D9FB6045EA6
CRC32: 5951C3E0
Version: 6.0.170.4
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 12/21/2009 4:46:50 AM
Date (last access): 12/21/2009 3:31:06 PM
Date (last write): 12/21/2009 4:46:50 AM
Filesize: 73728
Attributes: archive
MD5: DEE8F03D1EACE0C8F914A2C76568EA32
CRC32: 53F8F67C
Version: 6.0.170.4
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein
--- ActiveX list ---
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261352851703
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 8/6/2009 7:23:26 PM
Date (last access): 12/21/2009 3:33:52 PM
Date (last write): 8/6/2009 7:23:26 PM
Filesize: 215904
Attributes: archive
MD5: 67265EC468DC51EE0BE82D1AF1E50B52
CRC32: E76134D4
Version: 7.4.7600.226
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 12/21/2009 4:46:50 AM
Date (last access): 12/21/2009 12:13:46 PM
Date (last write): 12/21/2009 4:46:50 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_04.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2005 6:52:58 AM
Date (last access): 12/21/2009 12:13:38 PM
Date (last write): 6/3/2005 7:09:54 AM
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 12/21/2009 4:46:50 AM
Date (last access): 12/21/2009 4:01:34 PM
Date (last write): 12/21/2009 4:46:50 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 12/21/2009 4:46:50 AM
Date (last access): 12/21/2009 4:01:34 PM
Date (last write): 12/21/2009 4:46:50 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf
Codebase: https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10d.ocx
Short name:
Date (created): 10/27/2009 10:31:12 PM
Date (last access): 12/21/2009 12:39:00 PM
Date (last write): 10/27/2009 10:31:12 PM
Filesize: 3982240
Attributes: readonly archive
MD5: C5AA69ED6CE6F2962A79F03039A87084
CRC32: 498BBDE7
Version: 10.0.42.34
--- Process list ---
PID: 0 ( 0) [System]
PID: 824 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 880 ( 824) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 904 ( 824) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 948 ( 904) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 960 ( 904) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1168 ( 948) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1236 ( 948) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1400 ( 948) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1460 ( 948) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 114753
MD5: 56DED3ADE453272E6A0AD582D945D1A4
PID: 1536 ( 948) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 540745
MD5: 6C5155CC0E805C7BE6028BFF7AC14524
PID: 1648 ( 948) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1860 ( 948) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1912 ( 948) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 2384240
MD5: F8C283CA4F542283B36B6A09E7362E16
PID: 1340 (1300) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1956 ( 948) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
size: 476528
MD5: 879A0211BD911FC4B411B1D14559A791
PID: 192 (1956) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
size: 730480
MD5: 79BED8EF8B113BEF852B99A7574367B6
PID: 264 ( 948) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1784 ( 948) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 196 ( 948) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
size: 40960
MD5: 3CB0CC8879956C187E87E18634EE5164
PID: 508 ( 948) C:\WINDOWS\system32\DVDRAMSV.exe
size: 110592
MD5: C9FFBD6B8EDC46CD3D13E3C6DB914FB7
PID: 560 ( 948) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: B03BCD810A2EE089FA08E47B5200BE31
PID: 580 ( 948) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 864 ( 948) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 39133291CB607BDD87CFC565A4A1E7A5
PID: 1192 ( 948) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1424 ( 948) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 217164
MD5: 1B2857EF12D79A9F9ADBA14B0637CBF8
PID: 2192 ( 948) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2216 ( 948) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
size: 40960
MD5: 486A64AABD88E4E174681E89E9736BC9
PID: 2320 ( 948) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
size: 35328
MD5: 90861642FD6D8FAFB1408EE26FA93CB4
PID: 2356 ( 948) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: 9651E5D850B6F6BD7C77C70AA06F02BF
PID: 2428 ( 948) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2888 ( 948) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 3264 ( 948) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2484 ( 948) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2588 (1340) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
size: 188416
MD5: DE7ADBA97297AB81C6E11652AFFFD674
PID: 2688 (1340) C:\WINDOWS\system32\TDispVol.exe
size: 73728
MD5: FC554C13105AD3FA35AB49943DF021B2
PID: 2752 (1340) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761945
MD5: 53DCD7CEF78CC06692400B339336233B
PID: 2640 (1340) C:\WINDOWS\system32\igfxtray.exe
size: 98304
MD5: 58D794455A6CEA851D13274224E42730
PID: 2088 (1340) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: E822BA2DB5811E6C8491E24C710D3455
PID: 2404 (1340) C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 2738657127E7C3D08399D3943D0C5C0E
PID: 2052 (1340) C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
PID: 2992 (1340) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 352256
MD5: 2C0970FBC5A9FB5633B8D80671B3B5C9
PID: 3096 (2752) C:\Program Files\Synaptics\SynTP\Toshiba.exe
size: 151552
MD5: 47AF6F1C5BB854376B164C574CCEF481
PID: 3156 (1340) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 82009
MD5: 3AE31B86B4B3CE39885414F9AFD83D97
PID: 3124 (1340) C:\WINDOWS\AGRSMMSG.exe
size: 88203
MD5: F2B869D0B4B765F573BB7B7F80B09DC3
PID: 3348 (1340) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 978944
MD5: F1596B4720E67B478357C21682D8163A
PID: 3376 (1340) C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: 74387D88985987ACDF294CCA1622640E
PID: 3444 (1340) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021E0887AE43636F583E649AFEB3C767
PID: 3472 (1340) C:\toshiba\ivp\ism\pinger.exe
size: 151552
MD5: FA8D59CD0B55A489A3CF237ACF6F3D46
PID: 3404 (1168) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 3536 (1340) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 667718
MD5: 5A6ACFF04D39D4C16F1FF52682C3B1B0
PID: 3596 (1340) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 602182
MD5: D4830448B45CDD45F4285DC6E152764F
PID: 3772 (3388) C:\WINDOWS\system32\TPSBattM.exe
size: 45056
MD5: 1822A66A82433F83195B170592F8A7D8
PID: 1092 (1340) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 1037192
MD5: 8DFE7E9DFA11CCF6C4B5D6303A791039
PID: 2164 (1340) C:\WINDOWS\system32\kmw_run.exe
size: 106496
MD5: 5EE1AD8304F6F9C1FC3AC9B1223F9890
PID: 2112 (1340) C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
size: 113400
MD5: F6AF3A8B024D1F5354A894FFFCD32953
PID: 2108 (1168) C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
size: 397381
MD5: 0335FD5493864EAC41785FA92C3D5E1D
PID: 1700 (2164) C:\WINDOWS\system32\KMW_SHOW.EXE
size: 172032
MD5: 544D442B606CC3E600E16B02FD94DB86
PID: 2680 (1340) C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
size: 69632
MD5: 98C9D8B03A6DEC5975A0E19EE2685CF5
PID: 3652 (1340) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
size: 36864
MD5: DDCF01E33C9A8BF6AAAFD0B7E86D9AAE
PID: 3468 (1340) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
PID: 3584 (1340) C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
size: 906640
MD5: 1FC3E49C3726F60224F2B60BE1DB938A
PID: 3628 (1340) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 3820 (1340) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
PID: 2696 (1340) C:\PROGRA~1\MICROS~4\wcescomm.exe
size: 1200128
MD5: 0D667F8B21D7975C663F35D7AF3C9BDB
PID: 3932 (1340) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 218032
MD5: 43D083268A0919F3527A2837390BAF63
PID: 1496 (1340) C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
size: 868352
MD5: 9B21347A00F9D8E9BB2E2928C45D9995
PID: 2128 (1340) C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
size: 42552
MD5: 940F49B9DF79B5557DBFBD0B8C21ED10
PID: 876 (1340) C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
size: 124000
MD5: 133E26FDBA8E9148A183688CF39A86B0
PID: 1384 (1168) C:\PROGRA~1\MICROS~4\rapimgr.exe
size: 180224
MD5: 3649EA61AAC1C48B7D282CB61421C15A
PID: 3476 (1340) C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152AD2CCAB0265EAB9711755F484
PID: 3180 (1092) C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
size: 870672
MD5: 673FAF38AAC29170528EAAAA121525A8
PID: 476 (1340) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908248
MD5: 5CDA7A97056E559D2872B462F1FF46AF
PID: 3672 (2608) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3576 (1340) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3624 (1340) C:\WINDOWS\system32\notepad.exe
size: 69120
MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/21/2009 4:01:34 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.toshibadirect.com/dpdstart
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
GemMaster Mystic (12133444-BF36-4d4e-B7FB-A3424C645DE4)
uninstall cmd: "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) 08/08/2006 1.0.03.08080 (75070B1806113224B16C70296B90DD1AD8A53479)
uninstall cmd: rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\PRSUSB_0200B6D60DA90847167AFB40E87ADFDB0591D0A1\PRSUSB.inf
publisher: Sony Corporation
(AddressBook)
Adobe Flash Player 10 ActiveX 10.0.42.34 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/
Adobe Flash Player 10 Plugin 10.0.42.34 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated
AudibleManager 2089882838.2089882900.2090328352.2089882858 (AudibleManager)
uninstall cmd: C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
publisher: Audible, Inc.
Otto (B3EE3001-DC24-4cd1-8743-5692C716659F)
uninstall cmd: "C:\Program Files\EnglishOtto\uninstallotto.exe"
Canon CanoScan LiDE 70 User Registration (Canon CanoScan LiDE 70 User Registration)
uninstall cmd: C:\Program Files\Canon\IJEREG\CanoScan LiDE 70\UNINST.EXE
Canon CanoScan Toolbox 5.0 (CanoScan Toolbox 5.0)
install location: C:\Program Files\Canon\CanoScan Toolbox Ver5.0
uninstall cmd: "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
(Connection Manager)
(Creative Sync Manager (Unicode))
uninstall cmd: "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
(Creative Video Converter)
uninstall cmd: "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
Desktop Dialer (Desktop Dialer)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
Adobe Digital Editions (Digital Editions)
uninstall cmd: "C:\Program Files\Adobe\Adobe Digital Editions\uninstall.exe"
(DirectAnimation)
(DirectDrawEx)
DivX Plus DirectShow Filters (DivX Plus DirectShow Filters)
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
uninstall cmd: C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
publisher: DivX, Inc.
(DXM_Runtime)
(eBook Publisher)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\eBook Technologies\eBook Publisher\Uninst.isu"
ESPNMotion 2.1.6.0011 (ESPNMotion)
uninstall cmd: C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
publisher: ESPN Internet Ventures
FLV Player 2.0 (build 25) 2.0 (build 25) (FLV Player)
uninstall cmd: C:\Program Files\FLV Player\uninst.exe
publisher: Martijn de Visser
(Fontcore)
Forté Agent 4.2 (Forte Agent)
uninstall cmd: C:\PROGRA~1\Agent\UNWISE.EXE C:\PROGRA~1\Agent\INSTALL.LOG
publisher: Forté Internet Software, Inc.
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro
Hoyle Mahjong Tiles (Hoyle Mahjong Tiles)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HMJONG00\Uninst.isu
(ICW)
(IDNMitigationAPIs)
(IE40)
(IE4Data)
(IE5BAKEX)
(ie7)
Windows Internet Explorer 8 20090308.140743 (ie8)
install date: 20091220
uninstall cmd: "C:\WINDOWS\ie8\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie
(IEData)
ListPro 5.0 Windows Mobile & Windows PC 5.0 (Ilium Software ListPro_is1)
install date: 20091221
install location: C:\Program Files\Ilium Software\ListPro\
uninstall cmd: "C:\Program Files\Ilium Software\ListPro\unins000.exe"
publisher: Ilium Software
help link: http://www.iliumsoft.com/
(InstallShield Uninstall Information)
Texas Instruments PCIxx21/x515/xx12 drivers. 1.16.0000 (InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E})
version: 17825792
version (major): 1
version (minor): 16
estimated size: 640
install date: 20060215
install source: c:\PCMCIA Driver.temp\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
publisher: Texas Instruments Inc.
comments: TI PCIxx21/PCIx515/xx12 Software components
contact: Customer Support Department
help link: Please contact your vendor directly
help telephone: ...
(Intel® Integrated Performance Primitives 1.1)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
Jigsaws Galore (Jigsaws Galore_is1)
install location: C:\Program Files\Jigsaws\
uninstall cmd: "C:\Program Files\Jigsaws\unins000.exe"
publisher: Gray Design Associates
help link: http://www.dgray.com
(KB884016)
(KB885884)
High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXPSP2)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB888111
Windows XP Media Center Edition 2005 KB888316 (KB888316)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
publisher: Microsoft Corporation
Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20091220
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
(KB893803)
Windows Media Player 10 Hotfix - KB894476 (KB894476)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894476
Windows XP Media Center Edition 2005 KB894553 (KB894553)
uninstall cmd: C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894553
Windows XP Media Center Edition 2005 KB895678 (KB895678)
uninstall cmd: C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=895678
Update Rollup 2 for Windows XP Media Center Edition 2005 (KB900325)
uninstall cmd: C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900325
Hotfix for Windows Media Player 10 (KB903157) (KB903157)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903157
Update for Windows Media Player 10 (KB910393) (KB910393)
install date: 20060216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=910393
Update for Windows Media Player 10 (KB913800) (KB913800)
install date: 20060513
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=913800
Windows XP Media Center Edition 2005 KB914548 (KB914548)
install date: 20060513
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914548
Security Update for Windows XP (KB923561) 1 (KB923561)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923561
Security Update for Windows XP (KB923689) (KB923689)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689
Security Update for Windows Media Player 10 (KB936782) (KB936782_WMP10)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782
Security Update for Windows XP (KB941569) (KB941569)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941569
Security Update for Windows XP (KB946648) 1 (KB946648)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=946648
Security Update for Windows XP (KB950762) 1 (KB950762)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950762
Security Update for Windows XP (KB950974) 1 (KB950974)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950974
Security Update for Windows XP (KB951066) 1 (KB951066)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951066
Security Update for Windows XP (KB951376-v2) 2 (KB951376-v2)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376
Security Update for Windows XP (KB951748) 1 (KB951748)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951748
Update for Windows XP (KB951978) 1 (KB951978)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951978
Security Update for Windows XP (KB952004) 1 (KB952004)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952004
Security Update for Windows Media Player (KB952069) (KB952069_WM9)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=952069
Hotfix for Windows XP (KB952287) 1 (KB952287)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952287
Security Update for Windows XP (KB952954) 1 (KB952954)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952954
Microsoft .NET Framework 1.0 Hotfix (KB953295) (KB953295)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
Security Update for Windows Media Player (KB954155) (KB954155_WM9)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=954155
Hotfix for Windows XP (KB954550-v5) 5 (KB954550-v5)
install date: 20091220
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954550
Security Update for Windows XP (KB955069) 1 (KB955069)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=955069
Update for Windows XP (KB955759) 1 (KB955759)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=955759
Security Update for Windows XP (KB956572) 1 (KB956572)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956572
Security Update for Windows XP (KB956744) 1 (KB956744)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956744
Security Update for Windows XP (KB956802) 1 (KB956802)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956802
***more to come***
FizzyWater
2009-12-21, 23:30
Security Update for Windows XP (KB956803) 1 (KB956803)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956803
Security Update for Windows XP (KB956844) 1 (KB956844)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956844
Security Update for Windows XP (KB957097) 1 (KB957097)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=957097
Security Update for Windows XP (KB958644) 1 (KB958644)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958644
Security Update for Windows XP (KB958687) 1 (KB958687)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958687
Security Update for Windows XP (KB958869) 1 (KB958869)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958869
Security Update for Windows XP (KB959426) 1 (KB959426)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=959426
Security Update for Windows XP (KB960225) 1 (KB960225)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960225
Security Update for Windows XP (KB960803) 1 (KB960803)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960803
Security Update for Windows XP (KB960859) 1 (KB960859)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960859
Hotfix for Windows XP (KB961118) 1 (KB961118)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961118
Security Update for Windows XP (KB961371-v2) 2 (KB961371-v2)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961371
Security Update for Windows XP (KB961501) 1 (KB961501)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961501
Update for Windows XP (KB967715) 1 (KB967715)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=967715
Update for Windows XP (KB968389) 1 (KB968389)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=968389
Security Update for Windows Media Player (KB968816) (KB968816_WM9)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=968816
Security Update for Windows XP (KB969059) 1 (KB969059)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=969059
Security Update for Windows XP (KB969947) 1 (KB969947)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=969947
Security Update for Windows XP (KB970238) 1 (KB970238)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=970238
Security Update for Windows XP (KB970430) 1 (KB970430)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=970430
Security Update for Windows XP (KB971486) 1 (KB971486)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=971486
Security Update for Windows XP (KB971557) 1 (KB971557)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=971557
Security Update for Windows XP (KB971633) 1 (KB971633)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=971633
Security Update for Windows XP (KB971657) 1 (KB971657)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=971657
Update for Windows XP (KB971737) 1 (KB971737)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=971737
Security Update for Windows Internet Explorer 8 (KB971961) 1 (KB971961-IE8)
install date: 20091220
uninstall cmd: "C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=971961
Security Update for Windows XP (KB973354) 1 (KB973354)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973354
Security Update for Windows XP (KB973507) 1 (KB973507)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973507
Security Update for Windows XP (KB973525) 1 (KB973525)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973525
Security Update for Windows Media Player (KB973540) (KB973540_WM9)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=973540
Update for Windows XP (KB973687) 1 (KB973687)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973687
Windows XP Media Center Edition 2005 KB973768 (KB973768)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973768
Update for Windows XP (KB973815) 1 (KB973815)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973815
Security Update for Windows XP (KB973869) 1 (KB973869)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973869
Security Update for Windows XP (KB973904) 1 (KB973904)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=973904
Security Update for Windows XP (KB974112) 1 (KB974112)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=974112
Security Update for Windows XP (KB974318) 1 (KB974318)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=974318
Security Update for Windows XP (KB974392) 1 (KB974392)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=974392
Security Update for Windows XP (KB974571) 1 (KB974571)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=974571
Security Update for Windows XP (KB975025) 1 (KB975025)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=975025
Update for Windows Internet Explorer 8 (KB975364) 1 (KB975364-IE8)
install date: 20091220
uninstall cmd: "C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=975364
Security Update for Windows XP (KB975467) 1 (KB975467)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=975467
Hotfix for Windows XP (KB976098-v2) 2 (KB976098-v2)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=976098
Security Update for Windows XP (KB976325) 1 (KB976325)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=976325
Security Update for Windows Internet Explorer 8 (KB976325) 1 (KB976325-IE8)
install date: 20091220
uninstall cmd: "C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=976325
(KBKB895200)
(KBKB895961)
Microsoft .NET Framework 1.1 Security Update (KB953297) (M953297)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Mega Solitaire (Mega Solitaire)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Palladium Interactive\Mega Solitaire\Uninst.isu"
Micrografx Picture Publisher 7 (Micrografx Picture Publisher 7)
uninstall cmd: C:\WINDOWS\mgxclean.exe pp70.app
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Microsoft .NET Framework 3.5 SP1 (Microsoft .NET Framework 3.5 SP1)
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.5\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=120337
(MobileOptionPack)
Mozilla Firefox (3.5.6) 3.5.6 (en-US) (Mozilla Firefox (3.5.6))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(NetMeeting)
(NLSDownlevelMapping)
NoteTab Pro 6 (Remove only) 6.12 (NoteTab Pro 6_is1)
install date: 20091221
install location: C:\Program Files\NoteTab Pro 6\
uninstall cmd: "C:\Program Files\NoteTab Pro 6\unins000.exe"
publisher: Fookes Holding Ltd
help link: http://www.notetab.com/support.php
(OutlookExpress)
TOSHIBA PC Diagnostic Tool (PC Diagnostic Tool)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Picasa 2 2.0 (Picasa2)
uninstall cmd: "C:\Program Files\Picasa2\Uninstall.exe"
publisher: Google, Inc.
help link: http://www.picasa.com/
TOSHIBA Power Saver 7.03.07.I (Power Saver)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Intel(R) PROSet/Wireless Software 10.01.0000 (ProInst)
install location: C:\WINDOWS\Installer\iProInst.exe
uninstall cmd: C:\WINDOWS\Installer\iProInst.exe
publisher: Intel Corporation
comments: Intel(R) PROSet/Wireless installation package
contact: Intel Customer Support
help link: http://support.intel.com
Intel(R) PRO Network Connections Drivers (PROSet)
uninstall cmd: Prounstl.exe
Python 2.6 pycrypto-2.0.1 (pycrypto-py2.6)
uninstall cmd: "C:\Python26\Removepycrypto.exe" -u "C:\Python26\pycrypto-wininst.log"
QuickPar 0.9 0.9 (QuickPar)
uninstall cmd: C:\Program Files\QuickPar\uninst.exe
publisher: Peter B. Clements
QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
(SchedulingAgent)
SightSpeed (remove only) 5.0 (5020) (SightSpeed)
version (major): 5
install location: C:\Program Files\SightSpeed
uninstall cmd: "C:\Program Files\SightSpeed\uninst.exe"
publisher: SightSpeed Inc.
help link: http://www.sightspeed.com
Synaptics Pointing Device Driver 8.2.9.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
publisher: Synaptics
The Print Shop Signature Greetings 1.0 (The Print Shop Signature Greetings 1.0)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\The Print Shop Products\The Print Shop Signature Greetings 1.0\DeIsL1.isu" -c"C:\The Print Shop Products\The Print Shop Signature Greetings 1.0\psfinst.dll"
TOSHIBA Game Console (TOSHIBA Game Console)
install location: C:\Program Files\WildTangent\Apps\TOSHIBA Game Console
uninstall cmd: "C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\Uninstall.exe"
publisher: WildTangent
comments: OEM setup version TOSH0201
help link: http://support.wildgames.com
TOSHIBA Software Modem 2.1.62 (SM2162ALD04) (TOSHIBA Software Modem)
uninstall cmd: Tosmreg -U
TOSHIBA TV Tuner 4.0.12.73 4.0.12.73 (TOSHIBA TV Tuner)
uninstall cmd: C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
publisher: AVerMedia TECHNOLOGIES, Inc.
µBook 0.9g (uBook)
uninstall cmd: C:/Program Files/GowerPoint.com/µBook/uninstall.exe
Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VLC media player 1.0.3 1.0.3 (VLC media player)
install location: C:\Program Files\VideoLAN\VLC
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team
Windows Genuine Advantage Validation Tool (KB892130) 1.7.0069.2 (WGA)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
(WIC)
WildTangent Web Driver (WildTangent CDA)
uninstall cmd: C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3 20080414.031525 (Windows XP Service Pack)
install date: 20091220
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936929
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
Blasterball 2 Revolution WT004723 (WT004723)
install location: C:\Program Files\Toshiba Games\Blasterball 2 Revolution
uninstall cmd: "C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
Polar Golfer WT004829 (WT004829)
install location: C:\Program Files\Toshiba Games\Polar Golfer
uninstall cmd: "C:\Program Files\Toshiba Games\Polar Golfer\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
FATE WT006066 (WT006066)
install location: C:\Program Files\Toshiba Games\FATE
uninstall cmd: "C:\Program Files\Toshiba Games\FATE\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
Blackhawk Striker 2 WT006448 (WT006448)
install location: C:\Program Files\TOSHIBA Games\Blackhawk Striker 2
uninstall cmd: "C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
Polar Bowler WT006527 (WT006527)
install location: C:\Program Files\TOSHIBA Games\Polar Bowler
uninstall cmd: "C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
Penguins! WT009503 (WT009503)
install location: C:\Program Files\TOSHIBA Games\Penguins!
uninstall cmd: "C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
Chuzzle Deluxe WT009952 (WT009952)
install location: C:\Program Files\TOSHIBA Games\Chuzzle Deluxe
uninstall cmd: "C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
Mah Jong Quest WT009953 (WT009953)
install location: C:\Program Files\TOSHIBA Games\Mah Jong Quest
uninstall cmd: "C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
SCRABBLE WT009954 (WT009954)
install location: C:\Program Files\TOSHIBA Games\SCRABBLE
uninstall cmd: "C:\Program Files\TOSHIBA Games\SCRABBLE\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
Bejeweled 2 Deluxe WT010043 (WT010043)
install location: C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe
uninstall cmd: "C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Toshiba
ZENcast Organizer (ZENcast Organizer)
uninstall cmd: "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009
ZoneAlarm Security Suite 9.1.008.000 (ZoneAlarm Security Suite)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm
ZoneAlarm Toolbar (ZoneAlarm Toolbar)
install location: C:\Program Files\CheckPoint\ZAForceField
uninstall cmd: C:\Program Files\CheckPoint\ZAForceField\Uninstall.exe
publisher: Check Point Software Technologies
TOSHIBA Speech System SR Engine(U.S.) Version1.0 ({008D69EB-70FF-46AB-9C75-924620DF191A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
ScanSoft PaperPort 11 11.0.0000 ({02E73E50-6513-4802-8600-B5A5BA185BE3})
version: 184549376
version (major): 11
estimated size: 235163
install date: 20091221
install location: C:\Program Files\ScanSoft\PaperPort\
install source: D:\PaperPort\
uninstall cmd: MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3}
publisher: Nuance Communications, Inc.
comments: PaperPort 11.0
help link: http://www.nuance.com
Roxio RecordNow Tools 3.5.0 ({0394CDC8-FABD-4ED8-B104-03393876DFDF})
version: 50659328
version (major): 3
version (minor): 5
estimated size: 366
install date: 20091220
install location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Tools\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\RCP_TOOLS_35\
uninstall cmd: MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
publisher: Roxio
eBook Publisher 2.2 ({08181B55-E62D-419A-98F1-1F9BD235669D})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 1352
install date: 20091221
install location: C:\Program Files\eBook Technologies\eBook Publisher\
install source: C:\Program Files\eBook Technologies\eBook Publisher\{08181B55-E62D-419A-98F1-1F9BD235669D}\
publisher: eBook Technologies, Inc.
contact: Customer Support Department
help link: http://www.eBookTechnologies.com
help telephone: 1-555-555-4505
Roxio DVD Info Pro 4.6 ({0D330013-4A99-46D6-83C6-2C959C68DBFF})
version: 67502080
version (major): 4
version (minor): 6
estimated size: 4172
install date: 20091221
install location: C:\Program Files\Roxio\DVD Info Pro\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\DVDINFOPRO_46\
uninstall cmd: MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
publisher: Roxio
Roxio RecordNow Data 3.5.0 ({0D397393-9B50-4C52-84D5-77E344289F87})
version: 50659328
version (major): 3
version (minor): 5
estimated size: 994
install date: 20091220
install location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Data\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\RCP_DATA_35\
uninstall cmd: MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
publisher: Roxio
mLogView 5.40.0000 ({0E2B0B41-7E08-4F9F-B21F-41C4133F43B7})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 616
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
CanoScan LiDE 70 ({1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411)
uninstall cmd: "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411 /L0x0009
Roxio EasyArchive 3.5.0 ({11F93B4B-48F0-4A4E-AE77-DFA96A99664B})
version: 50659328
version (major): 3
version (minor): 5
estimated size: 1567
install date: 20091220
install location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\EasyArchive\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\RCP_EASYARCHIVE_35\
uninstall cmd: MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
publisher: Roxio
TOSHIBA Assist ({12B3A009-A080-4619-9A2A-C6DB151D8D67})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
eBook USB Driver 3.0.0.0 ({134EBB5C-7B48-4702-B25D-89B6EC4A1FDC})
version: 50331648
install date: 20091221
install location: C:\Program Files\eBook Technologies\eBook USB Driver
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\bye5.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{134EBB5C-7B48-4702-B25D-89B6EC4A1FDC}\setup.exe" -l0x9 -uninst -removeonly
publisher: eBook Technologies
DivX Converter 7.1.0 ({13F3917B56CD4C25848BDC69916971BB})
install location: C:\Program Files\DivX\DivX Converter
publisher: DivX, Inc.
Diet + Exercise Assistant Desktop 7.00.0000 ({158DC053-8BFA-4991-9B85-7AC5F7CA60A0})
version: 117440512
version (major): 7
estimated size: 11437
install date: 20091221
install source: C:\WINDOWS\Downloaded Installations\{7DB14A29-1214-4B9A-BC2B-52F29A5A1FE2}\
uninstall cmd: MsiExec.exe /X{158DC053-8BFA-4991-9B85-7AC5F7CA60A0}
publisher: Keyoe, Inc.
help link: http://www.keyoe.com
AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX\AutoUpdate
Microsoft Money 2004 12.0.80 ({1D643CD4-4DD6-11D7-A4E0-000874180BB3})
version: 201326672
version (major): 12
estimated size: 141707
install date: 20091220
install location: C:\Program Files\Microsoft Money\
install source: D:\
uninstall cmd: MsiExec.exe /I{1D643CD4-4DD6-11D7-A4E0-000874180BB3}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money 2004
help link: http://support.microsoft.com
help telephone: (800) 936-5700
mProSafe 9.00.0000 ({23FB368F-1399-4EAC-817C-4B83ECBE3D83})
version: 150994944
version (major): 9
estimated size: 340
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
Mind Quiz 1.0 ({24BE40BB-BB08-4725-A13A-C81DF5CB1DD5})
install date: 12/21/2009
install location: C:\Program Files\Ubisoft
install source: D:
uninstall cmd: "C:\Program Files\Ubisoft\Mind Quiz\Uninstall.exe" "C:\Program Files\Ubisoft\Mind Quiz\Install.log" -u
publisher: Ubisoft
Java(TM) 6 Update 17 6.0.170 ({26A24AE4-039D-4CA4-87B4-2F83216017FF})
version: 100663466
version (major): 6
estimated size: 93224
install date: 20091221
install location: C:\Program Files\Java\jre6\
install source: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_17\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre6\README.txt
ScanSoft OmniPage SE 4.0 15.00.0020 ({29D851C2-048C-4B5E-8D1F-25D473342BB5})
version: 251658260
version (major): 15
estimated size: 155098
install date: 20091221
install location: C:\Program Files\ScanSoft\OmniPageSE4.0\
install source: D:\OMNIPAGE\OMNIPAGE\
uninstall cmd: MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
publisher: ScanSoft, Inc.
comments: SE, OP0444010
contact: Customer Support Department
help link: http://www.scansoft.com/support
help telephone: -
Roxio Drag-to-Disc 9.1 ({2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668})
version: 151060480
version (major): 9
version (minor): 1
estimated size: 9471
install date: 20091221
install location: C:\Program Files\Roxio\Drag-to-Disc\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\D2D32_91\
uninstall cmd: MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
publisher: Roxio
InterVideo WinDVD Creator 2 2.0.14.376 ({2FCE4FC5-6930-40E7-A4F1-F862207424EF})
version (major): 2
install location: C:\Program Files\InterVideo\WCreator2
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
contact: support@intervideo.com
help link: http://www.intervideo.com/jsp/Support.jsp
Roxio Update Manager 6.0.0 ({30465B6C-B53F-49A1-9EBA-A3F187AD502E})
version: 100663296
version (major): 6
estimated size: 3695
install date: 20091220
install location: C:\Program Files\Roxio\Update Manager\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\UPDATEMANAGER_MSI\
uninstall cmd: MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
publisher: Roxio
Presto! PageManager 7.15.13 7.15.13E ({307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D})
version: 118423565
install date: 20091221
install location: C:\Program Files\NewSoft\Presto! PageManager 7.15
install source: D:\PRESTOPM\PRESTOPM\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}\PMSetup.exe" -l0x9 anything -removeonly
publisher: NewSoft
eBook Publisher 2.0 ({31563DC4-DE51-4C73-8E3D-987CB43E05A2})
version: 33554432
install date: 20091221
install location: C:\Program Files\eBook Technologies\eBook Publisher
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\bye22.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31563DC4-DE51-4C73-8E3D-987CB43E05A2}\setup.exe" -l0x9 -uninst -removeonly
publisher: eBook Technologies
help link: http://www.eBookTechnologies.com
J2SE Runtime Environment 5.0 Update 4 1.5.0.40 ({3248F0A8-6813-11D6-A77B-00B0D0150040})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 154917
install date: 20060216
install source: C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_04\README.txt
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20060215
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Roxio Activation Module 1.0 ({35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0})
version: 16777216
version (major): 1
estimated size: 8321
install date: 20091221
install location: C:\Program Files\Common Files\Roxio Shared\DLLShared\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\ACTIVATION_103\
uninstall cmd: MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
publisher: Roxio
({3CF0858D-1AC5-4308-9DE7-AD15288A8BDC})
GEB eBook Librarian 1.2.367 ({3DDA9F24-CDA9-4689-9968-4823C096D2CF})
version: 16908655
version (major): 1
version (minor): 2
estimated size: 5956
install date: 20091221
install source: C:\Documents and Settings\Michelle\My Documents\Laptop Backup\Software to Reinstall\GEB Librarian\
uninstall cmd: MsiExec.exe /I{3DDA9F24-CDA9-4689-9968-4823C096D2CF}
publisher: breeno.org
contact: breeno.org
mIWA 5.40.0000 ({3E9D596A-61D4-4239-BD19-2DB984D2A16F})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 1061
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 ({3FBF6F99-8EC6-41B4-8527-0A32241B5496})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
DivX Version Checker 7.1.0.9 ({3FC7CBBC4C1E11DCA1A752EA55D89593})
install location: C:\Program Files\DivX\DivX Updater
publisher: DivX, Inc.
TOSHIBA Software Upgrades ({425A2BC2-AA64-4107-9C29-484245BBEA05})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
7.15.13 ({4269E12F-3405-48E9-83A5-A2BBAA23FDFA})
version: 118423565
install date: 20091221
install location: C:\Program Files\NewSoft\Presto! PageManager 7.15
install source: D:\PRESTOPM\PRESTOPM\common\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4269E12F-3405-48E9-83A5-A2BBAA23FDFA}\setup.exe" -l0x9 -removeonly
publisher: NewSoft
TIPCI 1.16.0000 ({4497AFF6-98C4-4F49-B073-F48F42BCBF9E})
version: 17825792
version (major): 1
version (minor): 16
estimated size: 640
install date: 20060215
install source: c:\PCMCIA Driver.temp\
publisher: Texas Instruments Inc.
comments: TI PCIxx21/PCIx515/xx12 Software components
contact: Customer Support Department
help link: Please contact your vendor directly
help telephone: ...
eReader 3.0.3 ({453C9E55-80DF-4BD2-9885-52A1FB0D9382})
version: 50331651
version (major): 3
estimated size: 8551
install date: 20091221
install source: C:\Documents and Settings\Michelle\My Documents\Laptop Backup\Software to Reinstall\eReader\
uninstall cmd: MsiExec.exe /I{453C9E55-80DF-4BD2-9885-52A1FB0D9382}
publisher: Palm Digital Media
comments: eReader
contact: Motricity
help link: http://www.ereader.com/support/
Office 2003 Trial Assistant 1.0.0 ({47D2103B-FD51-4017-9C20-DD408B17D726})
version: 16777216
version (major): 1
estimated size: 1316
install date: 20060216
install source: C:\WORKSSETUP\ASSIST\
uninstall cmd: MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
publisher: Microsoft
comments: Office 2003 Trial Assistant
contact: Ioan Grigoreanu
TOSHIBA SD Memory Card Format ({48CF9A66-5F03-4025-ABD0-B3A3FA095A59})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
OverDrive Media Console 3.2.3 ({567C5FE9-17AC-4D5D-99FD-1AC0FC43977C})
version: 50462723
version (major): 3
version (minor): 2
estimated size: 9711
install date: 20091221
install source: C:\Documents and Settings\Michelle\My Documents\Laptop Backup\Software to Reinstall\OverDrive\
uninstall cmd: MsiExec.exe /I{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}
publisher: OverDrive, Inc.
comments: OverDrive Media Console Setup
contact: OverDrive, Inc.
help link: http://www.overdrive.com
Kensington MouseWorks ({57764780-E33B-11D1-96ED-00A024A83A15})
uninstall cmd: C:\Program Files\Kensington\MouseWorks\KMW_UN.EXE
publisher: Kensington Technology Group
comments: MouseWorks has an 'Update' button on the Kensington tab of the Control Panel.
help link: http://support.kensington.com
help telephone: 1-800-535-4242
VC80CRTRedist - 8.0.50727.4053 1.1.0 ({5EE7D259-D137-4438-9A5F-42F432EC0421})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1663
install date: 20091221
install source: C:\Program Files\Common Files\DivX Shared\
uninstall cmd: MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
publisher: DivX, Inc
comments: Install VC80 C++ Runtimes
contact: DivX, Inc
Roxio RecordNow Copy 3.5.0 ({619CDD8A-14B6-43A1-AB6C-0F4EE48CE048})
version: 50659328
version (major): 3
version (minor): 5
estimated size: 662
install date: 20091220
install location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Copy\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\RCP_COPY_35\
uninstall cmd: MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
publisher: Roxio
({62369F2F77534556AEF4C58152E3BDE5})
Xingtone Ringtone Maker 4.2.19 ({625304B0-2976-473B-AD81-5CA376093F03})
version: 67239955
install date: 20091220
install location: C:\Program Files\Xingtone\Xingtone Ringtone Maker
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\byeC4.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{625304B0-2976-473B-AD81-5CA376093F03}\setup.exe" -l0x9 -removeonly
publisher: Xingtone
help link: http://www.xingtone.com/help.php
TOSHIBA Zooming Utility ({64212898-097F-4F3F-AECA-6D34A7EF82DF})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
TOSHIBA Hotkey Utility 1.00.01ST ({64DD71BC-3109-4C88-9AD3-D5422644B722})
version: 16777217
install location: C:\Program Files\TOSHIBA\TOSHIBA Hotkey Utility
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
Roxio Express Labeler 3 2.1.0 ({6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 17301
install date: 20091221
install location: C:\Program Files\Roxio\Express Labeler 3\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\EXPRESSLABELER_31\
uninstall cmd: MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
publisher: Roxio
TOSHIBA TouchPad ON/Off Utility 1.00.01ST ({69BE47C2-36FE-4397-8199-85D8EAE69982})
version: 16777217
install location: C:\Program Files\TOSHIBA\TOSHIBA TouchPad ON/Off Utility
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
ScanSoft PDF Converter 4 4.00.0000 ({6C6D024B-BBD8-49B0-B755-D930B3A87868})
version: 67108864
version (major): 4
estimated size: 78169
install date: 20091221
install location: C:\Program Files\ScanSoft\PDF Converter 4\
install source: C:\PDF Converter 4\PDFConverter\
uninstall cmd: MsiExec.exe /I{6C6D024B-BBD8-49B0-B755-D930B3A87868}
publisher: Nuance, Inc
contact: Customer Support Department
help link: http://www.nuance.com
help telephone: 1-800-654-1187
Microsoft Works 08.05.0818 ({6D52C408-B09A-4520-9B18-475B81D393F1})
version: 134546226
version (major): 8
version (minor): 5
estimated size: 278005
install date: 20091220
install source: C:\WORKSSETUP\MSWORKS\
uninstall cmd: MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
publisher: Microsoft Corporation
comments: Microsoft Works 8.0 installation.
help link: http://go.microsoft.com/fwlink/?LinkId=6831
help telephone:
7.1.0 ({7585478E9D9B42108671C12F8714CEFE})
install location: C:\Program Files\DivX\DivX Converter
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.
Roxio Content 9 9.1.006 ({787F2DC2-1699-44FA-A72F-9107166AF9CC})
version: 151060486
version (major): 9
version (minor): 1
estimated size: 351916
install date: 20091221
install location: C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft7.tmp\
uninstall cmd: MsiExec.exe /X{787F2DC2-1699-44FA-A72F-9107166AF9CC}
publisher: Roxo, Inc.
TOSHIBA Utilities 1.00.07ST ({78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C})
version: 16777223
install location: C:\Program Files\TOSHIBA\TOSHIBA Utilities
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
Roxio XingTones 4.2 ({79922D4F-BF47-42A2-902E-EF81B7A3750D})
version: 67239936
version (major): 4
version (minor): 2
estimated size: 7388
install date: 20091220
install location: C:\Program Files\Roxio\XingTones\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\XINGTONES_42\
uninstall cmd: MsiExec.exe /I{79922D4F-BF47-42A2-902E-EF81B7A3750D}
publisher: Roxio
DivX Codec 6.9.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX\DivX Codec
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.
Roxio RecordNow Audio 3.5.0 ({83FFCFC7-88C6-41C6-8752-958A45325C82})
version: 50659328
version (major): 3
version (minor): 5
estimated size: 1252
install date: 20091221
install location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Audio\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\RCP_AUDIO_35\
uninstall cmd: MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
publisher: Roxio
ArcSoft PhotoStudio 5.5 ({85309D89-7BE9-4094-BB17-24999C6118FC})
version (major): 5
version (minor): 5
install location: C:\Program Files\ArcSoft\PhotoStudio 5.5
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
publisher: ArcSoft
MSXML 4.0 SP2 (KB954430) 4.20.9870.0 ({86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
version: 68429454
version (major): 4
version (minor): 20
estimated size: 1455
install date: 20091220
install source: c:\62b23ea47428b34f96bf38\
uninstall cmd: MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/954430
Roxio BDAV Plugin 3.3.0 ({880AF49C-34F7-4285-A8AD-8F7A3D1C33DC})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 51125
install date: 20091220
install location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\BDAV\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\RCP_BDAV_35\
uninstall cmd: MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
publisher: Roxio
Intel(R) Graphics Media Accelerator Driver 6.14.10.4436 ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
DivX Player 7.2.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX\DivX Player
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivX, Inc.
TOSHIBA Virtual Sound ({8B12BA86-ADAC-4BA6-B441-FFC591087252})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
mPfMgr 5.40.0000 ({8B928BA1-EDEC-4227-A2DA-DD83026C36F5})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 1388
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Microsoft Money 2004 System Pack 12.0.80 ({8C64E145-54BA-11D6-91B1-00500462BE80})
version: 201326672
version (major): 12
estimated size: 2132
install date: 20091220
install location: C:\WINDOWS\system32\
install source: D:\
uninstall cmd: MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
publisher: Microsoft
comments: Installs system components used by Microsoft Money 2004.
help link: http://support.microsoft.com
help telephone: (800) 936-5700
mHelp 5.40.0000 ({8C6BB412-D3A8-4AAE-A01B-35B681789D68})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 276
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
publisher: Intel
comments: Help Files
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
Sonic CinePlayer Decoder Pack 4.2.0 ({8D337F77-BE7F-41A2-A7CB-D5A63FD7049B})
version: 67239936
version (major): 4
version (minor): 2
estimated size: 38153
install date: 20091221
install location: C:\Program Files\Common Files\Sonic Shared\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\CPDECODERPACK_42\
uninstall cmd: MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
publisher: Sonic Solutions
Microsoft Access 2002 10.0.6626.0 ({90150409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 433073
install date: 20091221
install source: D:\
uninstall cmd: MsiExec.exe /I{90150409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM
Microsoft Excel 2002 10.0.6626.0 ({90160409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 350705
install date: 20091221
install source: D:\
uninstall cmd: MsiExec.exe /I{90160409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM
Microsoft Word 2002 10.0.6626.0 ({901B0409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 355866
install date: 20091221
install source: D:\
uninstall cmd: MsiExec.exe /I{901B0409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM
mPfWiz 5.40.0000 ({90B0D222-8C21-4B35-9262-53B042F18AF9})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 784
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Microsoft Outlook 2002 10.0.6626.0 ({911A0409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 352387
install date: 20091221
install source: D:\OUTLOOK\
uninstall cmd: MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM
InterVideo WinDVD for TOSHIBA 5.0-B11.561 ({91810AFC-A4F8-4EBA-A5AA-B198BBC81144})
version (major): 5
install location: C:\Program Files\InterVideo\WinDVD
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
contact: support@intervideo.com
help link: http://www.intervideo.com/jsp/Support.jsp
Roxio Easy Media Creator 9 Suite 9.1.068 ({938B1CD7-7C60-491E-AA90-1F1888168240})
version: 151060548
version (major): 9
version (minor): 1
estimated size: 508754
install date: 20091221
install location: C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\EMC_91\
uninstall cmd: MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
publisher: Roxio
comments: Master installer for The Digital Media Suite
contact: http://support.roxio.com
help link: http://support.roxio.com
mZConfig 5.40.0000 ({94658027-9F16-4509-BBD7-A59FE57C3023})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 630
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Sonic Encoders 1.00 ({9941F0AA-B903-4AF4-A055-83A9815CC011})
version: 16777216
version (major): 1
estimated size: 4045
install date: 20060513
install source: c:\TOSHIBA\Sonic Encoders\
uninstall cmd: MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
publisher: Sonic Solutions
mXML 5.40.0000 ({9CC89556-3578-48DD-8408-04E66EBEF401})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 23730
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
DVD-RAM Driver 5.0.2.5 ({9D765FA6-F2BC-40AF-8145-50808F9BDF4E})
version: 83886082
install location: C:\Program Files\DVD-RAM\WinXP\DVD-RAM Driver
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
CD/DVD Drive Acoustic Silencer 1.00.008 ({9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
publisher: TOSHIBA
PRS-500 USB driver 1.0.00.08110 ({A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2})
version: 16777216
version (major): 1
estimated size: 16
install date: 20091221
install location: C:\Program Files\Sony\Sony Reader\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\{4FDB3126-F506-4919-9C4C-C02E12D878BB}\
uninstall cmd: MsiExec.exe /X{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}
publisher: Sony
Microsoft .NET Framework 3.0 Service Pack 2 3.2.30729 ({A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7})
version: 50493449
version (major): 3
version (minor): 2
estimated size: 184293
install date: 20091220
install source: c:\7019befadc80a22450\dotnetfx30\
uninstall cmd: MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=98075
({A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483)
TOSHIBA Controls ({A6690C0E-B96E-4F0F-A8EB-D5B332454AC6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
H.264 Decoder 1.1.0 ({A96E97134CA649888820BCDE5E300BBD})
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
publisher: DivX, Inc.
MKV Splitter 1.0.1 ({AAC389499AEF40428987B3D30CFC76C9})
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
publisher: DivX, Inc.
Roxio Media Experience 3.5 ({AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B})
version: 50659328
version (major): 3
version (minor): 5
estimated size: 95072
install date: 20091220
install location: C:\Program Files\Roxio\Media Experience\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\SDMX_352\
uninstall cmd: MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
publisher: Roxio
help link: http://support.sonic.com/
Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 62959
install date: 20060216
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
ScanSoft PDF Create! 3.0 3.01.0000 ({AD1D8B40-F83C-41CA-BA08-9DB8D1653316})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 12712
install date: 20091221
install location: C:\PROGRA~1\ScanSoft\PAPERP~1\PDFC!\
install source: D:\PAPERP~A\PDFCRE~7\1033\
uninstall cmd: MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}
publisher: ScanSoft, Inc.
contact: Customer Support Department
help link: http://www.scansoft.com/support
AAC Decoder 7.1.0 ({AEF9DC35ADDF4825B049ACBFD1C6EB37})
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
publisher: DivX, Inc.
Mobipocket Creator 4.2 4.2.41 ({AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B})
version: 67239977
version (major): 4
version (minor): 2
estimated size: 18193
install date: 20091221
install source: C:\Documents and Settings\Michelle\My Documents\Laptop Backup\Software to Reinstall\Mobipocket\
uninstall cmd: MsiExec.exe /I{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}
publisher: Mobipocket.com
comments: Mobipocket Publishing software
contact: Mobipocket.com
help link: http://www.mobipocket.com/support
DivX Converter 7.1.0 ({B13A7C41581B411290FBC0395694E2A9})
install location: C:\Program Files\DivX\DivX Converter
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.
Microsoft ActiveSync 4.0 4.1.4841.0 ({B208806F-A231-4FA0-AB3F-5C1B8979223E})
version: 67179241
version (major): 4
version (minor): 1
estimated size: 14975
install date: 20091220
install source: C:\WINDOWS\Downloaded Installations\{8BB9063D-AC31-428D-8C46-E8ED667C2AE9}\
uninstall cmd: MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
publisher: Microsoft Corporation
Spybot - Search & Destroy 1.6.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20091220
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support
Microsoft Reader ({B6F7DBE7-2FE2-458F-A738-B10832746036})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
DivX Plus Web Player 2.0.0 ({B7050CBDB2504B34BC2A9CA0A692CC29})
install location: C:\Program Files\DivX\DivX Plus Web Player
uninstall cmd: C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
publisher: DivX,Inc.
calibre 0.6.29 ({BD0E1014-FE40-49B1-A641-C2CF79DC2BB9})
version: 393245
version (minor): 6
estimated size: 90195
install date: 20091221
install source: C:\Documents and Settings\Michelle\My Documents\Laptop Backup\Software to Reinstall\
uninstall cmd: MsiExec.exe /I{BD0E1014-FE40-49B1-A641-C2CF79DC2BB9}
publisher: Kovid Goyal
TOSHIBA ConfigFree 5.90.05 ({BDD83DC9-BEE9-4654-A5DA-CC46C250088D})
version: 89784325
install location: C:\Program Files\TOSHIBA\ConfigFree
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
Microsoft .NET Framework 2.0 Service Pack 2 2.2.30729 ({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F})
version: 33716233
version (major): 2
version (minor): 2
estimated size: 189597
install date: 20091220
install source: c:\7019befadc80a22450\dotnetfx20\
uninstall cmd: MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=98073
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043)
({C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417)
SD Secure Module 1.0.3 ({C45F4811-31D5-4786-801D-F79CD06EDD85})
version: 16777219
version (major): 1
estimated size: 52
install date: 20060215
install location: C:\Program Files\TOSHIBA Coporation\SD Secure Module\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is6\
uninstall cmd: MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
publisher: TOSHIBA Corporation
Roxio Creator 9 Home 3.5.0 ({C8B0680B-CDAE-4809-9F91-387B6DE00F7C})
version: 50659328
version (major): 3
version (minor): 5
estimated size: 21804
install date: 20091220
install location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\RCP_CORE_35\
uninstall cmd: MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
publisher: Roxio
Reader Library by Sony 3.1.00.12040 ({CB2A8585-BF48-462A-81F7-3C565646F5D4})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 89994
install date: 20091221
install location: C:\Program Files\Sony\Reader\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\{7F5590E6-D7DE-467C-A9AB-6684A86B8977}\
uninstall cmd: MsiExec.exe /X{CB2A8585-BF48-462A-81F7-3C565646F5D4}
publisher: Sony Corporation
help link: http://www.sony.net
***more to come***
FizzyWater
2009-12-21, 23:32
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 75784
install date: 20091220
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Microsoft .NET Framework 3.5 SP1 3.5.30729 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9})
version: 50690057
version (major): 3
version (minor): 5
estimated size: 75592
install date: 20091220
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\IXP00C93.tmp\dotnetfx35\x86\
uninstall cmd: MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
publisher: Microsoft Corporation
({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This hotfix is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this hotfix will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/953595.
help link: http://support.microsoft.com/kb/953595
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This hotfix is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this hotfix will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/958484.
help link: http://support.microsoft.com/kb/958484
({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/963707.
help link: http://support.microsoft.com/kb/963707
Bluetooth Stack for Windows by Toshiba v4.00.23(T) ({CEBB6BFB-D708-4F99-A633-BC2600E01EF6})
version: 67108864
version (major): 4
estimated size: 28790
install date: 20060215
install location: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
install source: E:\MCECOMPO\BT\
uninstall cmd: MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
ActivePerl 5.8.8 Build 822 5.8.822 ({D0E5A0E6-5947-4F21-B8AE-5129D153083B})
version: 84411190
version (major): 5
version (minor): 8
estimated size: 51499
install date: 20091221
install location: C:\Perl\
install source: C:\Documents and Settings\Michelle\My Documents\Laptop Backup\Software to Reinstall\Scripting Languages\
uninstall cmd: MsiExec.exe /I{D0E5A0E6-5947-4F21-B8AE-5129D153083B}
publisher: ActiveState
help link: http://www.activestate.com/Support/index.html
Python 2.6.4 2.6.4150 ({e7394a0f-3f80-45b1-87fc-abcd51893246})
version: 33951798
version (major): 2
version (minor): 6
estimated size: 50468
install date: 20091221
install source: C:\Documents and Settings\Michelle\My Documents\Laptop Backup\Software to Reinstall\Scripting Languages\
uninstall cmd: MsiExec.exe /I{E7394A0F-3F80-45B1-87FC-ABCD51893246}
publisher: Python Software Foundation
mCore 5.40.0000 ({E81667C6-2856-46D6-ABEA-6A2F42166779})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 5401
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Mobipocket Reader 6.0 6.0.580 ({ED386A62-2BA2-4544-A723-5DFFDC283F6A})
version: 100663876
version (major): 6
estimated size: 10132
install date: 20091221
install source: C:\Documents and Settings\Michelle\My Documents\Laptop Backup\Software to Reinstall\Mobipocket\
uninstall cmd: MsiExec.exe /I{ED386A62-2BA2-4544-A723-5DFFDC283F6A}
publisher: Mobipocket.com
comments: eBook Reader
contact: Mobipocket.com
help link: http://www.mobipocket.com/support
TOSHIBA Speech System Applications ({EE033C1F-443E-41EC-A0E2-559B539A4E4D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
mMHouse 5.40.0000 ({F0BFC7EF-9CF8-44EE-91B0-158884CD87C5})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 1416
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Realtek High Definition Audio Driver 2.02 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 33685504
install date: 20060215
install location: C:\Program Files\Realtek\InstallShield\
install source: c:\Audio.temp\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
publisher: Realtek Semiconductor Corp.
Toshiba Media Center Game Console 1.0.0 ({F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA})
version: 16777216
version (major): 1
estimated size: 16624
install date: 20060513
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsrD.tmp\
uninstall cmd: MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}
publisher: WildTangent
comments: Toshiba Media Center Game Console
contact: WildTangent
Roxio SightSpeed 4.6 ({F5467B7C-C929-4C1A-B4E9-E7C376E2DF08})
version: 67502080
version (major): 4
version (minor): 6
estimated size: 5985
install date: 20091220
install location: C:\Program Files\Roxio\SightSpeed\
install source: C:\DOCUME~1\Michelle\LOCALS~1\Temp\pft78.tmp\SIGHTSPEED_46\
uninstall cmd: MsiExec.exe /I{F5467B7C-C929-4C1A-B4E9-E7C376E2DF08}
publisher: Roxio
mDrWiFi 5.40.0000 ({F6090A17-0967-4A8A-B3C3-422A1B514D49})
version: 86507520
version (major): 5
version (minor): 40
estimated size: 366
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
MSXML 4.0 SP2 (KB973688) 4.20.9876.0 ({F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
version: 68429460
version (major): 4
version (minor): 20
estimated size: 2833
install date: 20091220
install source: c:\997d3cc320be136964a3\
uninstall cmd: MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/973688
Toshiba Registration 1.00.0000 ({F6C405D2-C50D-4D10-B89E-73A233A14D74})
version: 16777216
version (major): 1
estimated size: 3403
install date: 20060513
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_isB6\
uninstall cmd: MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
publisher: Toshiba
comments: Your Comments
contact: Toshiba
help link: www.toshiba.com
help telephone: ***IS_STRING_NOT_DEFINED***
mWlsSafe 9.00.0000 ({FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4})
version: 150994944
version (major): 9
estimated size: 344
install date: 20091219
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: 8FD99680A539792A30E97944FDAECF17
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Embedded Controller Driver
Image path: system32\DRIVERS\ACPIEC.sys
Image size: 11648
Image MD5: 9859C0F6936E723E4892D7141B1327D5
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142592
Image MD5: 8BED39E3C35D6A489438B8141717A557
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AegisP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AEGIS Protocol (IEEE 802.1x) v3.4.9.0
Description: AEGIS Protocol (IEEE 802.1x) v3.4.9.0
Image path: system32\DRIVERS\AegisP.sys
Image size: 21275
Image MD5: 12DAFD934641DCF61E446313BC261EC2
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AgereSoftModem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TOSHIBA V92 Software Modem
Image path: system32\DRIVERS\AGRSM.sys
Image size: 1122656
Image MD5: B3192376C7A3814B5341EFC2202022F8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: 8C515081584A38AA007909CD02020B3D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Arp1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: system32\DRIVERS\arp1394.sys
Image size: 60800
Image MD5: B5B8A80875C1DEDEDA8B02765642C32F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASCTRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASCTRM
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_1.1.4322
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 34312
Image MD5: 0E5E4957549056E2BF2C49F4F6B601AD
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: B153AFFAC761E7F5FCFA822B9C4E97BC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 96512
Image MD5: 9F3A2F5AA6875C72BF062C712CFA2674
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: 9916C1225104BA14794209CFA8012159
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss
Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 62976
Image MD5: 1F4260CC5B42272D71F79E570A27A4FE
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): CFSvcs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ConfigFree Service
Object name: LocalSystem
Image path: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
Image size: 40960
Image MD5: 3CB0CC8879956C187E87E18634EE5164
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): Changer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): CiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 1CFE720EB8D93A7158A4EBC3AB178BDE
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS
Service (registry key): ClipSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: 34CBE729F38138217F9C80212A2A0C82
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE
Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 69632
Image MD5: D87ACAED61E417BBA546CED5E7E36D9C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Control Method Battery Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 13952
Image MD5: 0F6C187D38D98F8DF904589A5F94D411
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): CmdIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 10240
Image MD5: 6E4C9F21F0FAE8940661144F41B13203
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): ContentFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ContentIndex
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Cpqarray
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): dac2w2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): dac960nt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT
Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 044452051F3E02E7963599FC8F4F3E25
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): DLABMFSM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLABMFSM.SYS
Image size: 35800
Image MD5: F334299A3BA04206825AA9FCDDB93906
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLABOIOM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLABOIOM.SYS
Image size: 33112
Image MD5: 9DF7FD7A31AA4444B20DD8A93C185C0A
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLACDBHM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLACDBHM.SYS
Image size: 14840
Image MD5: 7C7B0EBB364E016735B3AAAD3347DE81
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 0
Service (registry key): DLADResM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLADResM.SYS
Image size: 9368
Image MD5: 706350858342059C9EA81F06E37F4E72
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLAIFS_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLAIFS_M.SYS
Image size: 108696
Image MD5: 3AA7958756330169881C3F47EEA37BCC
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLAOPIOM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLAOPIOM.SYS
Image size: 27416
Image MD5: 5A2B563FC4E10639ECB0569E48B942C0
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLAPoolM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLAPoolM.SYS
Image size: 16568
Image MD5: 15A737AF1DAD3AF3D202350DA5D820C0
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLARTL_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLARTL_M.SYS
Image size: 30296
Image MD5: 4C1F0E1AA60D4CE1D508C118B16866DF
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0
Service (registry key): DLAUDFAM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLAUDFAM.SYS
Image size: 94296
Image MD5: DF4E0C57E52F5E4D91609E5BDBD50863
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DLAUDF_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLAUDF_M.SYS
Image size: 98648
Image MD5: 02C51B8A38B50A0DA4AF7C1EB7484270
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): dmadmin
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: E46050330BD42F33609117F861E32D3C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer
Service (registry key): dmboot
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: D992FE1274BDE0F84AD826ACAE022A41
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: 7C824CF7BBDE77D95C08005717A95F6F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): dmload
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): dmserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): DMusic
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: 8A208DFCF89792A484E76C40E5F50B45
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip
Service (registry key): Dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wired AutoConfig
Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k dot3svc
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Ndisuio,eaphost
Service (registry key): dpti2o
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 8F5FCFF8E8848AFAC920905FBD9D33C8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): DRVMCDB
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DRVMCDB.SYS
Image size: 99848
Image MD5: 99B8D4FDA8DB7F61EEAC6170355F7D6E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 0
Service (registry key): DRVNDDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DRVNDDM.SYS
Image size: 52168
Image MD5: 5446F12F7157A1944CFD417085EBB62A
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0
Service (registry key): DVD-RAM_Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DVD-RAM_Service
Object name: LocalSystem
Image path: C:\WINDOWS\system32\DVDRAMSV.exe
Image size: 110592
Image MD5: C9FFBD6B8EDC46CD3D13E3C6DB914FB7
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): E100B
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO Network Connection Driver
Image path: system32\DRIVERS\e100b325.sys
Image size: 163328
Image MD5: 2646883E6DD867CD872D5B51B6036710
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): e1express
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO/1000 PCI Express Network Connection Driver
Image path: system32\DRIVERS\e1e5132.sys
Image size: 179200
Image MD5: E1FA10ED8F9F700C1BE1EAE05A80EF57
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Extensible Authentication Protocol Service
Description: Provides windows clients Extensible Authentication Protocol Service
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k eapsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Media Center Receiver Service
Description: Media Center Service for TV and FM broadcast reception
Object name: LocalSystem
Image path: C:\WINDOWS\eHome\ehRecvr.exe
Image size: 237568
Image MD5: B03BCD810A2EE089FA08E47B5200BE31
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Media Center Scheduler Service
Object name: LocalSystem
Image path: C:\WINDOWS\eHome\ehSched.exe
Image size: 102912
Image MD5: A53243709439AC2A4C216B817F8D7411
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): ERSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 110592
Image MD5: 65DF52F5B8B6E9BBD183505225C37315
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): EvtEng
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Event Log
Description: Manages the event trace messages for all the components of Intel(R) PROSet/Wireless software.
Object name: LocalSystem
Image path: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Image size: 114753
Image MD5: 56DED3ADE453272E6A0AD582D945D1A4
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): Fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): FastUserSwitchingCompatibility
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService
Service (registry key): Fax
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fax
Description: Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
Object name: LocalSystem
Image path: %systemroot%\system32\fxssvc.exe
Image size: 267776
Image MD5: E97D6A8684466DF94FF3BC24FB787A07
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler
Service (registry key): Fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): Fips
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 129792
Image MD5: B2CF4B0786F8212CB92ED2B50C6DB6B0
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Presentation Foundation Font Cache 3.0.0.0
Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
Object name: NT AUTHORITY\LocalService
Image path: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 46104
Image MD5: 8BA7C024070F2B7FDD98ED8A4BA41789
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0
Service (registry key): Ftdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Gpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: 0A02C63C8B144BD8C86B103DEE7C86A2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 144384
Image MD5: 573C7D0A32852B48F3058CFD8026F511
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): helpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): HidServ
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 10368
Image MD5: CCF82C5EC8A7326C3066DE870C06DAF1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Health Key and Certificate Management Service
Description: Manages health certificates and keys (used by NAP)
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): hpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
***more to come***
FizzyWater
2009-12-21, 23:34
Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 265728
Image MD5: F80A415EF82CD06FFAF0D971528EAD38
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTPFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): i2omgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52480
Image MD5: 4A0B06AA8943C1E332520F7440C0AA30
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): ialm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ialmnt5.sys
Image size: 1353820
Image MD5: BC1F1FF8D5800398937966CDB0A97FDC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Image size: 73728
Image MD5: 6F95324909B502E2651442C1548AB12F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows CardSpace
Description: Securely enables the creation, management, and disclosure of digital identities.
Object name: LocalSystem
Image path: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 881664
Image MD5: C01AC32DC5C03076CFB852CB5DA5229C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Imapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 42112
Image MD5: 083A052659F5310DD8B6A6CB05EDCF8E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): ImapiService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150528
Image MD5: 30DEAF54A9755BB8546168CFE8A6B5E1
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ini910u
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Inport
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntcAzAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for Realtek HD Audio (WDM)
Image path: system32\drivers\RtkHDAud.sys
Image size: 4123136
Image MD5: B12A9FC49CD2765A43829D834F518AED
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IntelIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 36352
Image MD5: 8C953733D8F36EB2133F5BB58808B66B
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Ip6Fw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\drivers\ip6fw.sys
Image size: 36608
Image MD5: 3BB22519A194418D5FEC05D800A19AD0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20864
Image MD5: B87AB476DCF76E72010632B5550955F5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpNat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 152832
Image MD5: CC748EA12C6EFFDE940EE98098BF96BB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IPSec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 75264
Image MD5: 23C74D75E36E7158768DD63D92789A91
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: C93C9FF7B04D772627A3646D89F7BF89
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ISAPISearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 37248
Image MD5: 05A299EC56E52649B1CF2FC52D20F2D7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): ISWKL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ZoneAlarm Toolbar ISWKL
Image path: \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
Image size: 25208
Image MD5: 6C614B6FD20194835C77346F6C34156E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): IswSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ZoneAlarm Toolbar IswSvc
Object name: LocalSystem
Image path: "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe"
Image size: 476528
Image MD5: 879A0211BD911FC4B411B1D14559A791
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: ISWKL
Service (registry key): Iviaspi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IVI ASPI Shell
Image path: system32\drivers\iviaspi.sys
Image size: 21060
Image MD5: F59C3569A2F2C464BB78CB1BDCDCA55E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): JavaQuickStarterService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Java Quick Starter
Description: Prefetches JRE files for faster startup of Java applets and applications
Object name: LocalSystem
Image path: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Image size: 153376
Image MD5: 39133291CB607BDD87CFC565A4A1E7A5
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): Kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: 463C1EC80CD17420A542B7F36A36F128
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): kl1
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: kl1
Image path: System32\DRIVERS\kl1.sys
Image size: 128016
Image MD5: 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): KLIF
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kaspersky Lab Driver
Description: Kaspersky Lab Interceptor and Filter
Image path: system32\DRIVERS\klif.sys
Image size: 317072
Image MD5: A11C971434468FA05815EEC8228D63FD
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): kmixer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 172416
Image MD5: 692BCF44383D056AED41B045A323D378
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): KMW_KBD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kensington Input Devices Class filter driver
Image path: System32\DRIVERS\KMW_KBD.sys
Image size: 5248
Image MD5: 02D3F7ADA256D3DD08F3CB910D124CC3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): KMW_SYS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kensington MouseWorks Mouse filter driver
Image path: system32\DRIVERS\KMW_SYS.sys
Image size: 90752
Image MD5: 2AA6FEE645780AE93EAE6A12984B60D3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): KMW_USB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kensington MouseWorks USB filter driver
Image path: system32\DRIVERS\KMW_USB.sys
Image size: 9984
Image MD5: A1BC2790E9DB2367087EEE82FAA7086E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): KR10N
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\KR10N.sys
Image size: 204160
Image MD5: 00C1EA8DECF810B8ECCB5C5A8186A96E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): lanmanserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): lanmanworkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): lbrtfdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LicenseService
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LmHosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): McrdSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Media Center Extender Service
Object name: NT AUTHORITY\LocalService
Image path: C:\WINDOWS\ehome\mcrdsvc.exe
Image size: 99328
Image MD5: DF0A511F38F16016BF658FCA0090CB87
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,SSDPSRV
Service (registry key): MDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Machine Debug Manager
Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
Image size: 322120
Image MD5: 11F714F85530A2BD134074DC30E99FCA
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): meiudf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: meiudf
Image path: System32\Drivers\meiudf.sys
Image size: 102384
Image MD5: 7EFAC183A25B30FB5D64CC9D484B1EB6
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): Messenger
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS
Service (registry key): MHN
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MHN
Description: Multimedia Home Networking (MHN) is a networking platform for Audio Video (AV) streaming applications on IP home networks. MHN enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications by providing mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs,mhndrv
Service (registry key): MHNDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MHN driver
Description: Multimedia Home Network component driver
Image path: system32\DRIVERS\mhndrv.sys
Image size: 11008
Image MD5: 7F2F1D2815A6449D346FCCCBC569FBD6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mnmdd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): mnmsrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: D18F1F0C101D06A1C1ADF26EED16FCDD
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): Mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 35C9E97194C8CFB8430125F8DBC34D04
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): MountMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mount Point Manager
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): mraid35x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 180608
Image MD5: 11D42BB6206F33FBB3BA0288D3EF81BD
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): MRxSmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 455296
Image MD5: 60AE98742484E7AB80C3C1450E708148
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: A137F1470499A205ABBB9AAFB3B6F2B1
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSIServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: 5879D691E842574A20FE63817CB76DF9
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: D1575E71568F4D9E14CA56B7B0453BF1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 325BB26842FC7CCC1FCCE2C457317F3E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: BAD59648BA099DA4A17680B39730CB3D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: AF5F4F3F14A8EA2C26DE30F7A1E17136
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mup
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Access Protection Agent
Description: Allows windows clients to participate in Network Access Protection
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS System Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 10112
Image MD5: 1AB3D00C991AB086E69DB84B6C0ED78F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 14592
Image MD5: F927A4434C5028758A842943EF1A3849
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91520
Image MD5: EDC1531A49C80614B2CFDA43CA8659AB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34688
Image MD5: 5D81CF9A2F1A3A756B66CF684911CDF0
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 74B2B2F5BEA5E9A3DC021D685551BD3D
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): NetDDE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: B857BA82860D7FF85AE29B095645563B
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM
Service (registry key): NetDDEdsdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: B857BA82860D7FF85AE29B095645563B
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Service (registry key): Netdevio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TOSHIBA Network Device Usermode I/O Protocol
Description: TOSHIBA Network Device Usermode I/O Protocol
Image path: system32\DRIVERS\netdevio.sys
Image size: 12032
Image MD5: 1265EB253ED4EBE4ACB3BD5F548FF796
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net.Tcp Port Sharing Service
Description: Provides ability to share TCP ports over the net.tcp protocol.
Object name: NT AUTHORITY\LocalService
Image path: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 132096
Image MD5: D34612C5D02D026535B3095D620626AE
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Service (registry key): NIC1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 Net Driver
Image path: system32\DRIVERS\nic1394.sys
Image size: 61824
Image MD5: E9E47CFB2D461FA0FC75B7A74C6383EA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Nla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd
Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): NtLmSsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): NtmsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): NwlnkFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd
Service (registry key): NwlnkFwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Image path: system32\DRIVERS\ohci1394.sys
Image size: 61696
Image MD5: CA33832DF41AFB202EE7AEB05145922F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PartMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Partition Manager
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ParVdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"
Service (registry key): PCI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: A219903CCF74233761D92BEF471A07B1
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): PCIDump
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): PCIIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\pcmcia.sys
Image size: 120192
Image MD5: 9E89EF60E9EE05E3F2EEF2DA7397F1C1
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): PDCOMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRELI
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): perc2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): perc2hib
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Pfc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Padus ASPI Shell
Image path: system32\drivers\pfc.sys
Image size: 10368
Image MD5: 444F122E68DB44C0589227781F3C8B3F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 110592
Image MD5: 65DF52F5B8B6E9BBD183505225C37315
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec
Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: EFEEC01B1D3CF84F16DDD24D9D9D8F99
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): PSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 09298EC810B07E5D582CB3A3F9255424
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc
Service (registry key): Ptilink
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): PxHelp20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 43528
Image MD5: D86B4A68565E444D76457F14172C875A
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql1080
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Ql10wnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql12160
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1240
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1280
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv
Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 11B4A627BC9614B885C4969BFA5FF8A6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv
Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 5BC962F2654137C9909C3D4603587DEE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Raspti
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 175744
Image MD5: 7AD224AD1A1437FE28D89CF22B17780A
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): rdpdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196224
Image MD5: 15CABD0F7C00C47C70124907916AF3F1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): RDSessMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 141312
Image MD5: 3C37BF86641BDA977C3BF8A840F3B7FA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): redbook
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57600
Image MD5: F828DD7E1419B6653894A8F97A0094C5
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): RegSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Registry Service
Description: Intel(R) PROSet/Wireless Registry Service
Object name: LocalSystem
Image path: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Image size: 217164
Image MD5: 1B2857EF12D79A9F9ADBA14B0637CBF8
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup
Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Roxio UPnP Renderer 9
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio UPnP Renderer 9
Object name: LocalSystem
Image path: "C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe"
Image size: 88824
Image MD5: 55085B2DF88B223CE0864628A353F544
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0
Service (registry key): Roxio Upnp Server 9
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio Upnp Server 9
Object name: LocalSystem
Image path: "C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe"
Image size: 359160
Image MD5: 86BFD0ED87A22B398022245A7FE24B09
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): RoxLiveShare9
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LiveShare P2P Server 9
Description: Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"
Image size: 310008
Image MD5: 29DED64293AD159DEBE01EA9B79AA968
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Depends On services: RPCSS
Service (registry key): RoxMediaDB9
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RoxMediaDB9
Description: Roxio RoxMediaDB9 Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
Image size: 1010424
Image MD5: 1B162B53FA9B68DE5D13620D35A2C6B0
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0
Service (registry key): RoxWatch9
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio Hard Drive Watcher 9
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
Image size: 166648
Image MD5: B6F6AB759F95C6AB1A5E8A5DD8CCCD7F
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
***more to come***
FizzyWater
2009-12-21, 23:34
Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: AAED593F84AFA419BBAE8572AF87CF6A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): RSVP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs
Service (registry key): RxFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RxFilter
Description: RxFilter mini-filter driver
Image path: system32\DRIVERS\RxFilter.sys
Image size: 57592
Image MD5: 80F00F0D624DC28A121C5CB7790B467A
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On services: FltMgr
Depends On group: ""
Service (registry key): S24EventMonitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Service
Description: Wireless Management Service for Intel(R) PROSet/Wireless
Object name: LocalSystem
Image path: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Image size: 540745
Image MD5: 6C5155CC0E805C7BE6028BFF7AC14524
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: s24trans,EvtEng
Service (registry key): s24trans
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WLAN Transport
Description: WLAN Transport
Image path: system32\DRIVERS\s24trans.sys
Image size: 13568
Image MD5: 1CC074E0D48383D4E9BFFC6A26C2A58A
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 86D007E7A654B9A71D1D7D856B104353
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay
Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ScsiPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: %SystemRoot%\system32\drivers\scsiport.sys
Image size: 96384
Image MD5: 76C465F570E90C28942D52CCB2580A10
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): sdbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\sdbus.sys
Image size: 79232
Image MD5: 8D04819A3CE51B9EB47E5689B44D43C4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 20480
Image MD5: 90A3935D05B494A5A39D37E71F09A677
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 0
Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: system32\DRIVERS\sffdisk.sys
Image size: 11904
Image MD5: 0FA803C64DF0914B41F807EA276BF2A6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: system32\DRIVERS\sffp_sd.sys
Image size: 11008
Image MD5: C17C331E435ED8737525C86A7557B3AC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: system32\DRIVERS\sfloppy.sys
Image size: 11392
Image MD5: 8E6B8C671615D126FDC553D1E2DE5562
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt
Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Simbad
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Sony SCSI Helper Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Sony SCSI Helper Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe"
Image size: 73728
Image MD5: 3BB48F7E33C2B76184DDF233000C09CD
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): Sparrow
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): splitter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6272
Image MD5: AB8B92451ECB048A4D1DE7C3FFCB4A9F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): sr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: 76BB022C2FB6902FD5BDD4F78FC13A5D
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): srservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 333952
Image MD5: 3BB03F2BA89D2BE417206C373D2AF17C
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: HTTP
Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): stllssvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: stllssvr
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
Image size: 73728
Image MD5: 4173A9CD59F15A64F54B3242C3232731
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): SVRPEDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SVRPEDRV
Image path: \??\C:\SYSPREP\PEDrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 3941D127AEF12E93ADDF6FE6EE027E0F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): swmidi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 56576
Image MD5: 8CE882BCC6CF8A62F2B2323D95CB3D01
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SwPrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{655C292E-E3E6-43EE-822F-34E3ABD19DC9}
Image size: 5120
Image MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): Swupdtmr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Swupdtmr
Object name: LocalSystem
Image path: c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
Image size: 40960
Image MD5: 486A64AABD88E4E174681E89E9736BC9
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): swwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): symc810
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): symc8xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_hi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_u3
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): SynTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 191936
Image MD5: E295FFFFF3AAF9A6A40B29497901908F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sysaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 8B83F3ED0F1688B4958F77CD6D2BF290
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysmonLog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: C7ABBC59B43274B1109DF6B24D617051
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): TAPPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TOSHIBA Application Service
Description: TOSHIBA Application Service for Common Module
Object name: LocalSystem
Image path: "C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe"
Image size: 35328
Image MD5: 90861642FD6D8FAFB1408EE26FA93CB4
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): tbiosdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Toshiba Logical Tbios Device
Image path: system32\DRIVERS\tbiosdrv.sys
Image size: 9472
Image MD5: 7147B0575BCC93A6AB7D5C90F47C0B9F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 361600
Image MD5: 9AEFA14BD6B182D61E3119FA5F436D3D
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec
Service (registry key): Tcpip6
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): TcUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TC USB Kernel Driver
Image path: System32\Drivers\tcusb.sys
Image size: 28800
Image MD5: FC6FE02F400308606A911640E72326B5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: 88155247177638048422893737429D9E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): THotkey
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): tifm21
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\tifm21.sys
Image size: 162560
Image MD5: 244CFBFFDEFB77F3DF571A8CD108FC06
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TlntSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\tlntsvr.exe
Image size: 73216
Image MD5: DB7205804759FF62C34E3EFD8A4CC76A
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP
Service (registry key): TosIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Tosrfcom
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): tosrfec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth ACPI from TOSHIBA
Image path: system32\DRIVERS\tosrfec.sys
Image size: 9344
Image MD5: CC069342EE0EAE55B32A0AE99CF6185C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): TVALD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Toshiba Mobile PC Service
Image path: system32\DRIVERS\NBSMI.sys
Image size: 6144
Image MD5: 676DB15DDF2E0FF6EC03068DEA428B8B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Tvs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TOSHIBA Virtual Sound with SRS technologies
Image path: system32\DRIVERS\Tvs.sys
Image size: 43392
Image MD5: CC6763889198EF975B143D49789BCFA9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): Udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): ultra
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): UMWdf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Object name: NT AUTHORITY\LocalService
Image path: C:\WINDOWS\system32\wdfmgr.exe
Image size: 38912
Image MD5: 9651E5D850B6F6BD7C77C70AA06F02BF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): Update
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 384768
Image MD5: 402DDC88356B1BAC0EE3DD1580C76A31
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): UPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 05365FB38FCA1E98F7A566AAAF5D1815
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): USB
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 30208
Image MD5: 65DCF09D0E37D4C6B11B5B0B76D470A7
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 59520
Image MD5: 1AB3CDDE553B6E064D2E754EFE20285C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26368
Image MD5: A32426D9B14A089EAA1D922E0C5801A9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 20608
Image MD5: 26496F9DEE2D787FC3E61AD54821FFE6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usb_rndisx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB RNDIS Adapter
Image path: system32\DRIVERS\usb8023x.sys
Image size: 12800
Image MD5: B6CC50279D6CD28E090A5D33244ADC9A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VGA Display Controller.
Description: Controls the VGA display adapter to provide basic display capabilities.
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): ViaIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): VolSnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): vsdatant
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: vsdatant
Image path: System32\vsdatant.sys
Image size: 486280
Image MD5: 1045D05BBD5170565927D7653346C961
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: TCPIP
Service (registry key): vsmon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TrueVector Internet Monitor
Description: Monitors internet traffic and generates alerts for disallowed access.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
Image size: 2384240
Image MD5: F8C283CA4F542283B36B6A09E7362E16
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: Afd,RpcSs,CryptSvc,vsdatant
Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 7A9DB3A67C333BF0BD42E42B8596854B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): w39n51
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO/Wireless 3945ABG Adapter Driver
Image path: system32\DRIVERS\w39n51.sys
Image size: 1428096
Image MD5: B1F126E7E28877106D60E6FF3998D033
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Wanarp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: E20B95BAEDB550F32DD489265C1DA1F6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): wanatw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (ATW)
Image path: system32\DRIVERS\wanatw4.sys
Image size: 33588
Image MD5: 0A716C08CB13C3A8F4F51E882DBF7416
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WDICA
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): wdmaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 83072
Image MD5: 6768ACF64B18196494413695F0C3A00F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: MRxDAV
Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinTrust
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmdmPmSN
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Wmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: E0673F1106E62A68D2257E376079F821
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WpdUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WpdUsb
Image path: System32\Drivers\wpdusb.sys
Image size: 18944
Image MD5: BBAEACA1FFA3C86361CF0998474F6C3A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WS2IFSL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 0
Error Control: 0
Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt
Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): WZCSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio
Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): {2E7FD95B-6076-4EE3-815E-AAE3A7C28EE5}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {378510B8-4A4E-4C2F-9BFF-A23305D456D9}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {8948999E-312E-4A42-B723-8AB81BE5E69C}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {A88635C1-457E-4F1A-9416-E4F1FC58C373}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {EC465975-FD61-4917-8AFC-E9874D7B6ADC}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {FD09C546-52AC-4BB4-9230-7F957BE83EB8}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
FizzyWater
2009-12-22, 08:43
It occurred to me the log in the initial email was from the system before I started over and reinstalled everything.
So I'm posting a new one.
I have done as requested in the "before you post" message and disabled TeaTimer and created a Registry backup.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:30 AM, on 12/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_SPY.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
O4 - HKLM\..\Run: [ScanSoft PDF Converter 4-reminder] "C:\Program Files\ScanSoft\PDF Converter 4\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [PPScheduler] C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261352851703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 12841 bytes
So you have reinstalled windows?
FizzyWater
2009-12-22, 22:12
I used the CD/DVDs I got with the computer to completely reset the computer to out-of-the-box new. That includes Windows XP and ran Windows Update until it told me there were no more fixes to install. I immediately re-installed ZoneAlarm and Spybot S&D, then I spent two days reinstalling software. Some from CDs, some saved to external hard drives. All purchased or legally free (I don't do warez).
Since I was installing one software program after another, I'll admit I wasn't paying too close attention to the "warnings" from Spybot TeaTime and ZoneAlarm - and now I'm wondering if I approved one I shouldn't have.
But when you're installing software, they all tend to ask for permission to install things at startup, to allow TMP files to talk to the internet, etc. I don't exactly know how you can tell the difference between what the software really needs and what
FizzyWater
2009-12-22, 22:28
Sorry, I hit enter too soon...
...it's hard to tell what's legit when installing new software.
The other issue may be, I have external hard drives with my software backups on them. One of the (many) sites I've been looking at to get rid of this bug said not to use external drives that were attached to the computer while it was infected.
But if I run anti-virus/anti-spyware scans on those drives, why aren't they safe? I have been assuming - because this is a "browser helper object" - that I've somehow managed to download this thing while visiting a website. Can it be attached to software I've purchased and downloaded?
One site mentioned "editpad.exe" as a possible culprit used by this Trojan. I remember that my NotepadPro file had been replaced by that file before reinstalled everything. And, I noticed a copy of that file in my "WinUtils" folder (which is just a file containing very old, small programs I've collected over the years). I have no idea at this point whether it was in my original collection or if it was put them maliciously, other than the fact the file date is 2000.
But I'm beginning to wonder if I'm going to have to start over , again, and reinstall software only that I've downloaded. But does that mean my external drives (and all my saved files) are toast?? Is there no way to scan them to make sure they're clean?
FizzyWater
2009-12-23, 07:23
Can I at least let Spybot try to remove it? Or use one of the other remover tools?
I haven't wanted to take any action - unlike last time - until I got some instructions here.
Sorry, I never got any email notification from this.
Editpad.exe is legit.
What does spybot find now.
FizzyWater
2010-01-02, 10:54
Since I got no response here, and I really needed to use the computer, I started over a third time. I looked at some of your other responses to threads on this forum, and saw the comments you attach when someone finally has a clean computer.
So this time, after using the initial restore disks from Toshiba, I did the following:
Re-installed my antivirus/antispyware (Zone Alarm)
Redownloaded and reinstalled Spybot Search & Destroy (with TeaTimer resident, and immunization turned on)
Redownloaded and installed MalwareBytes (in the previous two attempts, it would not install)
Ran the MWB deep scan and deleted two very old "utility" programs that, while not the Virtumonde file, still came up as problems
Reviewed the Microsoft IE settings, per your instructions (IE 8 appears to be installing with your suggested settings as defaults already)
And since then, I've been reinstalling software, one program at a time, and running either Spybot S&D or MalwareBytes after each install.
Interestingly, it was after the reinstall of Microsoft Office 2002 (and the subsequent software updates from Windows Update) or Microsoft Money 2004 when I once again got the error message that Virtumonde.sci was back! I was almost sick - I didn't think I'd have to check between the installs of bought-and-paid-for versions of Microsoft products! But between Spybot S&D and MalwareBytes, it appears I've managed to kill it.
I am still reinstalling software - have about 15 programs to go - and Spybot has been paying attention (it killed a process in Nuance's ScanSoft program). But other than that, I am getting clean messages.
I haven't decided whether to install Spyware Blaster yet, although I have downloaded it. I'd like to read a little more about what it will do first.
And I've downloaded Secunia and will install and run it after I've finished installing all my programs.
This has been a hairy experience and one I hope never to have to repeat! I'm giving some thought to signing up for the Malware Removal University training over at bleepingcomputer to learn to read these logs and to be able to help my friends and family (who already come to me with their computer questions).
One immediate question I would ask is: would you suggest purchasing the MalwareBytes license?
Malwarebytes paid version has real-time protection. Spybot Teatimer is similar (MBAM is more advanced however) but free. So I see no reason.
FizzyWater
2010-01-04, 10:36
Thanks for your help.