View Full Version : undeletable trojans
jbaldari
2006-08-04, 08:14
As per the sticky, I ran the following tests and scanners:
Spybot S&D (log appended)
Lavasoft Ad-Aware (log appended)
Trend Micro Web-based (failed, no log option)
Norton Anti-Virus Corporate (log appended)
Hijack This (log appended)
As you can see from the logs below, no matter how many times they are removed, they respawn. Any advice would be greatly appreciated. I have not utilized hijack this other than to build the logfile below. I did turn off two startup options in msconfig: dcdcab07.exe & ipwins.exe
--- Search result list ---
Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.FirewallOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Windows Security Center.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-07-31 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-07-28 Includes\Cookies.sbi (*)
2006-07-28 Includes\Dialer.sbi (*)
2006-07-28 Includes\Hijackers.sbi (*)
2006-07-28 Includes\Keyloggers.sbi (*)
2006-07-28 Includes\Malware.sbi (*)
2006-07-28 Includes\PUPS.sbi (*)
2006-07-28 Includes\Revision.sbi (*)
2006-07-28 Includes\Security.sbi (*)
2006-07-28 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-07-28 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB916281
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918439
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
--- Startup entries list ---
Located: HK_LM:Run, AdobeVersionCue
command: C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
file: C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
size: 1732608
MD5: 8751eecd35d50ef8ae038401b307e642
Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64c4c17bf6a40ff1cd21205e6fd415b8
Located: HK_LM:Run, DiskeeperSystray
command: "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
file: C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
size: 319488
MD5: 7d2a30ec96b9e5c37f889f8a724405be
Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 158208
MD5: 4fd22142f54692463a7b98b7de175573
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, NWEReboot
command:
file:
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864f6543c97a7e1b78505d2f1c
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
size: 32881
MD5: bed6eddbf28db980aa8d3a42d4a05586
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
file: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
size: 90112
MD5: 4b954730657f43b88a308c41fe570331
Located: HK_CU:RunOnce, NeroHomeFirstStart
command: C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe
file: C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe
size: 208896
MD5: 519678bbd5363c5d4cb29585d34a712f
Located: Startup (common), Acrobat Assistant.lnk
command: C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
file: C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, jkhhh
command: C:\WINDOWS\system32\jkhhh.dll
file: C:\WINDOWS\system32\jkhhh.dll
size: 573492
MD5: 1e39800de37cd156ddf62b5abf89dba8
Located: System.ini, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 45056
MD5: 4f08576da1c93a5ec62eb2ad6ec3d084
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, winowl32
command: winowl32.dll
file: winowl32.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{A20389F9-C833-4926-AD6A-248600BBED97} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: jkhhh.dll
Short name:
Date (created): 7/30/2006 8:19:20 PM
Date (last access): 8/3/2006 5:23:38 PM
Date (last write): 7/30/2006 8:19:24 PM
Filesize: 573492
Attributes: hidden sysfile
MD5: 1E39800DE37CD156DDF62B5ABF89DBA8
CRC32: BA29EDBD
--- ActiveX list ---
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5)
DPF name:
CLSID name: Trend Micro ActiveX Scan Agent 6.5
Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 8/1/2006 6:41:22 PM
Date (last access): 8/3/2006 7:50:16 AM
Date (last write): 8/1/2006 6:41:22 PM
Filesize: 379392
Attributes: archive
MD5: 3F69F21DA7641F5CBA2AA4D672EAAE21
CRC32: 52E22400
Version: 6.5.3.8
{74CD40EA-EF77-4BAD-808A-B5982DA73F20} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf
Codebase: http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
{EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
DPF name:
CLSID name: QDiagHUpdateObj Class
Installer: C:\WINDOWS\Downloaded Program Files\qdiagh.inf
Codebase: http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
description:
classification: Open for discussion
known filename: qdiagh.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: qdiagh.ocx
Short name:
Date (created): 11/30/2004 2:10:08 PM
Date (last access): 8/3/2006 9:33:56 AM
Date (last write): 11/30/2004 2:10:08 PM
Filesize: 824416
Attributes: archive
MD5: F74D5AEFB89DEDC35B2295ED424A7CDF
CRC32: 25AD1A25
Version: 1.0.1.326
--- Process list ---
PID: 0 ( 0) [System]
PID: 160 ( 4) \SystemRoot\System32\smss.exe
PID: 212 ( 160) \??\C:\WINDOWS\system32\csrss.exe
PID: 236 ( 160) \??\C:\WINDOWS\system32\winlogon.exe
PID: 280 ( 236) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 292 ( 236) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 448 ( 280) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 512 ( 280) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 564 ( 280) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 844 ( 816) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 992 ( 844) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1024 ( 844) C:\WINDOWS\system32\winmine.exe
size: 119808
MD5: 9C45D38B74634C9DED60BEC640C5C3CA
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/3/2006 5:49:42 PM
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Shockwave Player 10.1.3.18 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave
Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\WINDOWS\system32\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
publisher: Adobe Systems, Inc.
Age of Mythology (Age of Mythology 1.0)
uninstall cmd: "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology - The Titans Expansion (Age of Mythology Expansion Pack 1.0)
uninstall cmd: "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
ATI - Software Uninstall Utility 6.14.10.1015 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver 8.263-060607a-033678C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bejeweled 2 Deluxe 1.0 (Bejeweled 2 Deluxe 1.0)
uninstall cmd: C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Big Money Deluxe 1.12z (Big Money Deluxe 1.12z)
uninstall cmd: C:\Program Files\PopCap Games\Big Money Deluxe\UnGins.exe "C:\Program Files\PopCap Games\Big Money Deluxe\install.log"
(Branding)
(Connection Manager)
Creative DVD Audio Plugin for Audigy Series (CTDVDAudio Plugin)
uninstall cmd: "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Diablo II (Diablo II)
uninstall cmd: C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
(Fontcore)
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
hp instant support 5.0.2.4.asst_classic.asst_install (hp instant support)
uninstall cmd: C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
publisher: Motive Communications, Inc.
HP Photo and Imaging 2.0 - hp psc 1200 series (HP PSC 1200 Series)
uninstall cmd: C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Sid Meier's Pirates! 2.00.0000 (InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68})
version: 33554432
version (major): 2
estimated size: 1307565
install date: 20060721
install location: C:\Program Files\Firaxis Games\Sid Meier's Pirates!\
install source: E:\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
publisher: Firaxis Games
comments: Your Comments
contact: Customer Support Department
help link: http://www.firaxis.com
help telephone: 1-555-555-4505
VIA Platform Device Manager 1.21 (InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169})
version: 18153472
version (major): 1
version (minor): 21
install date: 20060720
install source: D:\VIA_HyperionPro_V509A\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
publisher: VIA Technologies, Inc.
comments: VIA Hyperion Pro Setup Program
contact: http://forums.viaarena.com/
help link: http://www.viaarena.com/
help telephone: NULL
readme: NULL
QuickTime 7.1 (InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 71343
install date: 20060721
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Caliber\LOCALS~1\Temp\_is515\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
(cont.)
jbaldari
2006-08-04, 08:15
(cont.)
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
(KB884016)
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows Media Format SDK Hotfix - KB891122 (KB891122)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891122
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Hotfix for Windows XP (KB896344) 2 (KB896344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Update for Windows XP (KB904942) 2 (KB904942)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB908531) 2 (KB908531)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Microsoft Base Smart Card Cryptographic Service Provider Package (KB909520)
uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Update for Windows XP (KB911280) 2 (KB911280)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280
Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567
Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Security Update for Windows XP (KB913433) (KB913433)
uninstall cmd: C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913433
Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580
Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388
Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389
Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281
Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595
Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159
Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283
Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344
Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734
Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953
LiveUpdate 1.80 (Symantec Corporation) 1.80.19.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
MathCue.Business 4th ed - Student (MathCue.Business 4th ed - Student)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\mcbiz4\uninstal.log
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(MsJavaVM)
(NetMeeting)
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
(SchedulingAgent)
(Shockwave)
Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20060721
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
Windows Genuine Advantage Notifications (KB905474) 1.5.0540.0 (WgaNotify)
install date: 20060721
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
WinSCP 3.8.2 3.8.2 (winscp3_is1)
install location: C:\Program Files\WinSCP3\
uninstall cmd: "C:\Program Files\WinSCP3\unins000.exe"
publisher: Martin Prikryl
help link: http://winscp.net/forum/
Windows Media Connect (WMCSetup)
uninstall cmd: "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=47544
MSXML4 Parser 1.0.0 ({01501EBA-EC35-4F9F-8889-3BE346E5DA13})
version: 16777216
version (major): 1
estimated size: 1269
install date: 20060722
install source: C:\PROGRA~1\MI9A48~1\AGEOFM~1\
uninstall cmd: MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
publisher: Microsoft Game Studios
contact: Microsoft Game Studios
1.0.1 ({01958032-9877-4118-B87F-9EFA74B3F15F})
version: 16777217
version (major): 1
version (minor): 1
install location: C:\Program Files\Adobe\Adobe Version Cue
install source: e:\ADOBEC~2\ADOBEV~A
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
publisher: Adobe Systems, Inc.
jbaldari
2006-08-04, 08:16
(cont.)
Macromedia Dreamweaver MX 2004 7.0 ({05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A})
version (major): 7
install location: C:\Program Files\Macromedia\Dreamweaver MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: http://www.macromedia.com/go/dreamweaver_support/
Symantec AntiVirus Client 8.1.0.825 ({0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 14743
install date: 20060730
install source: C:\DOCUME~1\Caliber\LOCALS~1\Temp\~SMI6F5D\SYMANT~1.MSI\
uninstall cmd: MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
publisher: Symantec Corporation
contact:
help link: http://www.symantec.com
help telephone:
readme: 0
ATI Catalyst Control Center 1.2.2349.28584 ({12452C5A-32E2-40C6-808D-DA4FB6DC35A5})
version: 16910637
version (major): 1
version (minor): 2
estimated size: 67664
install date: 20060720
install source: C:\ATI\SUPPORT\6-6_xp-2k_dd_ccc_wdm_enu_33678\ACE\
uninstall cmd: MsiExec.exe /I{12452C5A-32E2-40C6-808D-DA4FB6DC35A5}
comments: Free technical support for ATI products, available 24 hours a day through our customer care webform.
contact: Customer Support Department
help link: http://www.ati.com/support/
help telephone: 1-877-284-1564
Sid Meier's Pirates! 2.00.0000 ({1632FD86-1BA4-4FC4-8B25-A8C655D63F68})
version: 33554432
version (major): 2
estimated size: 1307565
install date: 20060721
install location: C:\Program Files\Firaxis Games\Sid Meier's Pirates!\
install source: E:\
publisher: Firaxis Games
comments: Your Comments
contact: Customer Support Department
help link: http://www.firaxis.com
help telephone: 1-555-555-4505
InterVideo WinDVD 5 5.3-B5.28 ({1B399A41-C1D0-40A2-9E4F-095868EFAF01})
version (major): 5
version (minor): 3
install location: C:\Program Files\InterVideo\DVD5
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
contact: support@intervideo.com
help link: http://www.intervideo.com/jsp/Support.jsp
Platform 1.21 ({20D4A895-748C-4D88-871C-FDB1695B0169})
version: 18153472
version (major): 1
version (minor): 21
install date: 20060720
install source: D:\VIA_HyperionPro_V509A\
publisher: VIA Technologies, Inc.
comments: VIA Hyperion Pro Setup Program
contact: http://forums.viaarena.com/
help link: http://www.viaarena.com/
help telephone: NULL
readme: NULL
Macromedia Flash MX 2004 7 ({2F353D44-73BB-4971-B31D-F7642E9E9531})
install location: C:\Program Files\Macromedia\Flash MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/go/flash_support
WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20060720
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
CS ({416DFEDD-9F1B-4EFC-AF70-FCA891AE0251})
version: 50331648
version (major): 3
install location: C:\Program Files\Adobe\Adobe InDesign CS
install source: e:\ADOBEC~2\ADOBEI~6\
uninstall cmd: RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
publisher: Adobe Systems Incorporated
FloorPlan 3D v6 6.0 ({4573AC44-BEDA-11D4-AA41-00C0DF245F7E})
version: 100663296
version (major): 6
estimated size: 93584
install date: 20060721
install source: F:\
uninstall cmd: MsiExec.exe /I{4573AC44-BEDA-11D4-AA41-00C0DF245F7E}
publisher: IMSI
help link: http://www.imsisoft.com
help telephone: 555-555-1234
Nero 7 Premium 7.00.0087 ({4781569D-5404-1F26-4B2B-6DF444441031})
version: 117440599
version (major): 7
estimated size: 301219
install date: 20060721
install location: C:\Program Files\Nero\Nero 7\
install source: G:\Downloads\Nero 7 Ultra Edition\Nero Premium v7.0.0.0 + KeyGenerator\Nero 7 Premium\
uninstall cmd: MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
publisher: Nero AG
comments: Nero AG
contact: techsupport@nero.com
help link: http://www.nero.com/
eTools 1.00.0000 ({513627E7-A590-4A20-A7D5-F5A58E5B363F})
version: 16777216
version (major): 1
estimated size: 40148
install date: 20060721
install source: C:\DOCUME~1\Caliber\LOCALS~1\Temp\_is62E\
uninstall cmd: MsiExec.exe /I{513627E7-A590-4A20-A7D5-F5A58E5B363F}
publisher: Wizards of the Coast
comments: Your Comments
contact: Customer Support Department
help link: http://www.wizards.com/
help telephone: 1.800.250.7589
readme: Readme.txt
HP Photo and Imaging 2.0 - All-in-One Drivers 1.10.0000 ({6ECB39BD-73C2-44DD-B1A0-898207C58D8B})
version: 17432576
version (major): 1
version (minor): 10
estimated size: 50725
install date: 20060721
install location: C:\Program Files\Hewlett-Packard\Digital Imaging\
install source: E:\
uninstall cmd: MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:
Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 215524
install date: 20060721
install source: C:\DOCUME~1\Caliber\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation
Java 2 Runtime Environment, SE v1.4.2_05 1.4.2_05 ({7148F0A8-6813-11D6-A77B-00B0D0142050})
version (major): 1
version (minor): 4
estimated size: 110772
install date: 20060724
install source: C:\Documents and Settings\Caliber\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt
Majestic Chess 1.01.0003 ({7CDD0F65-641F-4637-888A-208713EE0ED6})
version: 16842755
version (major): 1
version (minor): 1
estimated size: 175525
install date: 20060721
install source: E:\MajesticChess\
uninstall cmd: MsiExec.exe /X{7CDD0F65-641F-4637-888A-208713EE0ED6}
publisher: Fluent Entertainment
help telephone: 000-000-0000
readme: C:\Program Files\Majestic Chess\\readme.txt
Warhammer 40,000: Dawn Of War - Gold Edition 1.40 ({83F12F73-D52E-40C0-93B1-463C311C4E17})
version: 19398656
version (major): 1
version (minor): 40
estimated size: 2696661
install date: 20060721
install location: C:\Program Files\THQ\Dawn Of War\
install source: E:\
uninstall cmd: MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
publisher: THQ
contact: d
Microsoft Office Professional Edition 2003 11.0.7969.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 790043
install date: 20060721
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM
Microsoft Office FrontPage 2003 11.0.7969.0 ({90170409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 370060
install date: 20060721
install source: E:\
uninstall cmd: MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM
Microsoft Office Visio Professional 2003 11.0.7969.0 ({90510409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 386831
install date: 20060721
install source: E:\
uninstall cmd: MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Visio11\1033\VIREADME.HTM
Microsoft Office 2003 Web Components 11.0.7969.0 ({90A40409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 9757
install date: 20060721
install source: E:\
uninstall cmd: MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
11 ({91A4AD99-69CE-4745-97B7-0E0DFBECFDE5})
version: 184549376
version (major): 11
install location: C:\Program Files\Adobe\Adobe Illustrator CS
install source: "e:\ADOBEC~2\ADOBEI~5"
uninstall cmd: RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
publisher: Adobe Systems, Inc.
Macromedia FreeHand MXa 11.0.1 ({939740B5-0064-4779-854A-8C1086181C05})
install location: C:\Program Files\Macromedia\FreeHand MXa
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/go/freehand_support
HP Photo and Imaging 2.0 - All-in-One 1.10.0000 ({9867A917-5D17-40DE-83BA-BEA5293194B1})
version: 17432576
version (major): 1
version (minor): 10
estimated size: 543946
install date: 20060721
install location: C:\Program Files\Hewlett-Packard\Digital Imaging\
install source: E:\
uninstall cmd: MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:
Macromedia Extension Manager 1.5 ({A5BA14E0-7384-11D4-BAE7-00409631A2C8})
version (major): 1
version (minor): 5
install location: C:\Program Files\Macromedia\Extension Manager
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: http://www.macromedia.com/go/exchange/
006.000.000 ({AC76BA86-1033-0000-7760-000000000001})
version: 100663296
version (major): 6
estimated size: 243282
install date: 20060721
install location: C:\Program Files\Adobe\Adobe Acrobat 6.0
install source: e:\ADOBEC~2\ADOBEA~2.0\
uninstall cmd: MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
publisher: Adobe Systems
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Adobe Acrobat 6.0Readme.htm
QuickTime 7.1 ({C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 71343
install date: 20060721
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Caliber\LOCALS~1\Temp\_is515\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
hp psc 1200 series 1.10.0000 ({C900EF06-2E76-49C7-8DB0-41F629B21DC5})
version: 17432576
version (major): 1
version (minor): 10
estimated size: 6009
install date: 20060721
install source: C:\Program Files\Hewlett-Packard\Digital Imaging\product\
uninstall cmd: MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:
Marvell Miniport Driver 6.30 ({C950420B-4182-49EA-850A-A6A2ABF06C6B})
version: 102629376
version (major): 6
version (minor): 30
estimated size: 504
install date: 20060720
install location: C:\Program Files\Marvell\Miniport Driver\
install source: C:\DOCUME~1\Caliber\LOCALS~1\Temp\_is3\
uninstall cmd: MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
publisher: Marvell Semiconductor Inc.
help link: http://www.marvell.com/yukon/support
readme: C:\Program Files\Marvell\Miniport Driver\SetupYukonWin.txt
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60751
install date: 20060728
install source: C:\DOCUME~1\Caliber\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
InterVideo WinRip ({D32D4182-DE6C-457E-838C-8D7B9CE332BA})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D32D4182-DE6C-457E-838C-8D7B9CE332BA}\setup.exe" REMOVEALL
CS ({D3E4251D-8364-4698-B0E0-A7C799384403})
version (major): 7
install location: C:\Program Files\Adobe\Adobe GoLive CS
install source: e:\ADOBEC~2\ADOBEG~4
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
publisher: Adobe Systems, Inc.
Adobe Creative Suite 1.1.1 ({D52ECEBC-9B20-41A5-81C4-A62DE2367419})
version (major): 1
version (minor): 1
install location: C:\Program Files\Adobe
uninstall cmd: C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
publisher: Adobe Systems,Inc.
Diskeeper Professional Edition 10.0.608 ({D6111BDE-3D23-403E-96BD-3CE416101B16})
version: 167772768
version (major): 10
estimated size: 15216
install date: 20060721
install location: C:\Program Files\Diskeeper Corporation\Diskeeper\
install source: C:\WINDOWS\Downloaded Installations\DiskeeperProUpd\{5096D9BE-924D-4999-92B8-F498238F1ECC}\
uninstall cmd: MsiExec.exe /X{D6111BDE-3D23-403E-96BD-3CE416101B16}
publisher: Diskeeper Corporation
comments: Disk Defragmenter
contact: Technical Support
help link: http://www.diskeeper.com/support
help telephone: US - 818-771-1600 EU - 44-1342-327477 Japan - 03-3447-7544
Macromedia Fireworks MX 2004 7 ({E583ED6F-BD99-4066-A420-C815BF692B69})
install location: C:\Program Files\Macromedia\Fireworks MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/go/fireworks_support
CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files\Adobe\Adobe Photoshop CS
install source: e:\ADOBEC~2\ADOBEP~8\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
publisher: Adobe Systems, Inc.
InterVideo Installer ({F5223680-993A-11D4-86F6-0001031E5712})
uninstall cmd: "C:\Program Files\InterVideo\Installer\IVIUninstaller.exe" "C:\Program Files\InterVideo\Installer"
--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for Oracle
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for SqlServer
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1
Service (registry key): AdobeVersionCue
Display name: AdobeVersionCue
Object name: LocalSystem
Image path: C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
Image size: 61440
Image MD5: FC9D93D13127E3252466D4A33039B54B
Start: 3
Type: 16
Error Control: 1
Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 1EE7B434BA961EF845DE136224C30FEC
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Display name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1
jbaldari
2006-08-04, 08:18
(cont.)
Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): AIRPLUS
Display name: D-Link AirPlus Wireless Adapter
Image path: system32\DRIVERS\airplus.sys
Image size: 273107
Image MD5: D7BAD0B12BBE7370FBAFD8CBED01A4D0
Start: 3
Type: 1
Error Control: 1
Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1
Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): Arp1394
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: System32\DRIVERS\arp1394.sys
Image size: 60800
Image MD5: F0D692B0BFFB46E30EB3CEA168BBC49F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): asc
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_2.0.50727
Start: 0
Type: 0
Error Control: 0
Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 29896
Image MD5: D33C507942299753868204CC7642FA27
Start: 3
Type: 16
Error Control: 1
Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0
Service (registry key): Ati HotKey Poller
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 409600
Image MD5: C23082B890F21267037CA6111C385FF3
Start: 2
Type: 272
Error Control: 1
Service (registry key): ATI Smart
Display name: ATI Smart
Object name: LocalSystem
Image path: C:\WINDOWS\system32\ati2sgag.exe
Image size: 520192
Image MD5: 0D582DC5E3F74CEA1BF56BA2A925D0F2
Start: 2
Type: 272
Error Control: 1
Service (registry key): ati2mtag
Image path: System32\DRIVERS\ati2mtag.sys
Image size: 1580544
Image MD5: F5FC6AC1E7BC776871361D463FC86BE2
Start: 3
Type: 1
Error Control: 0
Service (registry key): Atierecord
Start: 0
Type: 0
Error Control: 0
Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1
Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss
Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0
Service (registry key): cisvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE
Service (registry key): clr_optimization_v2.0.50727_32
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66240
Image MD5: 3C4D595E7F9B747325AEF28B4ADCAAE5
Start: 3
Type: 16
Error Control: 0
Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0
Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0
Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1
Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0
Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1
Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): DefWatch
Display name: DefWatch
Object name: LocalSystem
Image path: C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Image size: 32768
Image MD5: F8146A2B29866884A6C785FF40EB38A9
Start: 2
Type: 272
Error Control: 0
Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT
Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Diskeeper
Display name: Diskeeper
Description: Controls the Windows Diskeeper Service
Object name: LocalSystem
Image path: "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
Image size: 942080
Image MD5: 7496908263A7C08DD8CCA9BADF053EE1
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer
Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 0
Type: 1
Error Control: 1
Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 0
Type: 1
Error Control: 1
Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip
Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1
Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1
Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): es1371
Display name: Creative AudioPCI (ES1371,ES1373) (WDM)
Image path: system32\drivers\es1371mp.sys
Image size: 40832
Image MD5: 24E564F710D887ECC75CFE59882ECC5D
Start: 3
Type: 1
Error Control: 1
Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1
Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService
jbaldari
2006-08-04, 08:20
(cont.)
Service (registry key): Fax
Display name: Fax
Description: Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
Object name: LocalSystem
Image path: %systemroot%\system32\fxssvc.exe
Image size: 267776
Image MD5: FCBD571FA0EE8DC238944AE5FAB74461
Start: 2
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler
Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1
Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: System32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Start: 3
Type: 1
Error Control: 1
Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 124800
Image MD5: 157754F0DF355A9E0A6F54721914F9C6
Start: 0
Type: 2
Error Control: 1
Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0
Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1
Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1
Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): hidusb
Display name: Microsoft HID Class Driver
Image path: System32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0
Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1
Service (registry key): HPZid412
Display name: IEEE-1284.4 Driver HPZid412
Image path: system32\DRIVERS\HPZid412.sys
Image size: 51024
Image MD5: 863CC3A82C63C9F60ACF2E85D5310620
Start: 3
Type: 1
Error Control: 1
Service (registry key): HPZipr12
Display name: Print Class Driver for IEEE-1284.4 HPZipr12
Image path: system32\DRIVERS\HPZipr12.sys
Image size: 16080
Image MD5: 08CB72E95DD75B61F2966B311D0E4366
Start: 3
Type: 1
Error Control: 1
Service (registry key): HPZius12
Display name: USB to IEEE-1284.4 Translation Driver HPZius12
Image path: system32\DRIVERS\HPZius12.sys
Image size: 21456
Image MD5: CA990306ED4EF732AF9695BFF24FC96F
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262784
Image MD5: CB77BB47E67E84DEB17BA29632501730
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1
Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1
Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1
Service (registry key): IDriverT
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Start: 3
Type: 16
Error Control: 0
Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: System32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1
Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1
Service (registry key): InCDFs
Display name: InCD File System
Image path: system32\drivers\InCDFs.sys
Start: 4
Type: 2
Error Control: 1
Service (registry key): InCDPass
Display name: InCDPass
Image path: system32\drivers\InCDPass.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): InCDRm
Display name: InCD Reader
Image path: system32\drivers\InCDRm.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0
Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1
Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntelIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): ip6fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\drivers\ip6fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1
Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: E2168CBC7098FFE963C6F23F472A3593
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): Iprip
Display name: RIP Listener
Description: Listens for route updates sent by routers that use the Routing Information Protocol version 1 (RIPv1).
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS
Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1
Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1
Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0
Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3
Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1
Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 171776
Image MD5: D93CAD07C5683DB066B0B2D2D3790EAD
Start: 3
Type: 1
Error Control: 1
Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1
Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0
Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0
Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0
Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): LPDSVC
Display name: TCP/IP Print Server
Description: Provides a TCP/IP-based printing service that uses the Line Printer protocol.
Object name: LocalSystem
Image path: %SystemRoot%\System32\tcpsvcs.exe
Image size: 19456
Image MD5: 32933B07FC16D9F778BEE12545FA1B1A
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Spooler
Service (registry key): Macromedia Licensing Service
Display name: Macromedia Licensing Service
Description: Provides authentication services for Macromedia applications.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
Image size: 68096
Image MD5: D5BA9B816AFEF5292FE13C9A6267B6AB
Start: 3
Type: 16
Error Control: 1
Service (registry key): MDM
Display name: Machine Debug Manager
Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Image size: 322120
Image MD5: 11F714F85530A2BD134074DC30E99FCA
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS
Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0
Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1
Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0
Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1
Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: System32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0
Service (registry key): MountMgr
Display name: Mount Point Manager
Start: 0
Type: 1
Error Control: 1
Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: System32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1
Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 453120
Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\System32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1
Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: System32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1
Service (registry key): NAVAP
Display name: NAVAP
Image path: \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
Image size: 224256
Image MD5: 37AC23B6A5FF044F9B84D14A4008556E
Start: 3
Type: 1
Error Control: 1
jbaldari
2006-08-04, 08:21
(cont.)
Service (registry key): NAVAPEL
Display name: NAVAPEL
Image path: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
Image size: 30208
Image MD5: 287085EDFB3EAAD31B75F137B644994D
Start: 2
Type: 1
Error Control: 1
Service (registry key): NAVENG
Display name: NAVENG
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060802.020\NAVENG.sys
Image size: 79240
Image MD5: 0F4C87F9594787B4FC2928D381A3D801
Start: 3
Type: 1
Error Control: 1
Service (registry key): NAVEX15
Display name: NAVEX15
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060802.020\NAVEX15.sys
Image size: 828872
Image MD5: ACD6D7ECBD38B3B1A573D97148D3C907
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM
Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): NIC1394
Display name: 1394 Net Driver
Image path: System32\DRIVERS\nic1394.sys
Image size: 61824
Image MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC
Start: 3
Type: 1
Error Control: 1
Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd
Service (registry key): Norton AntiVirus Server
Display name: Symantec AntiVirus Client
Description: Provides real-time virus scanning, reporting, and management functionality for Symantec Client Security.
Object name: LocalSystem
Image path: C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Image size: 610304
Image MD5: AC37351CEF1D50C3010B04A73B27665C
Start: 2
Type: 272
Error Control: 0
Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Null
Start: 1
Type: 1
Error Control: 1
Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd
Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1
Service (registry key): ohci1394
Display name: VIA OHCI Compliant IEEE 1394 Host Controller
Image path: System32\DRIVERS\ohci1394.sys
Image size: 61056
Image MD5: 0951DB8E5823EA366B0E408D71E1BA2A
Start: 0
Type: 1
Error Control: 1
Service (registry key): ose
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 89136
Image MD5: 7A56CF3E3F12E8AF599963B16F50FB6A
Start: 3
Type: 16
Error Control: 1
Service (registry key): Outlook
Start: 0
Type: 0
Error Control: 0
Service (registry key): Parport
Start: 3
Type: 1
Error Control: 0
Service (registry key): PartMgr
Display name: Partition Manager
Start: 0
Type: 1
Error Control: 1
Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"
Service (registry key): PCI
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 1
Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0
Service (registry key): PCIIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1
Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1
Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0
Service (registry key): pfc
Display name: Padus ASPI Shell
Image path: system32\drivers\pfc.sys
Image size: 13780
Image MD5: 20F2F0F204D7CE28C5498268928E39B8
Start: 3
Type: 1
Error Control: 1
Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1
Service (registry key): Pml Driver HPZ12
Display name: Pml Driver HPZ12
Object name: LocalSystem
Image path: C:\WINDOWS\system32\HPZipm12.exe
Image size: 65795
Image MD5: FB03F341FF5380394BF2EE52F1979925
Start: 3
Type: 16
Error Control: 1
Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec
Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: System32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1
Service (registry key): Processor
Display name: Processor Driver
Image path: System32\DRIVERS\processr.sys
Image size: 35328
Image MD5: 0D97D88720A4087EC93AF7DBB303B30A
Start: 1
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: System32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc
Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1
Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1
Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1
Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1
Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv
Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv
Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: System32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1
Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1
Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF
Start: 1
Type: 2
Error Control: 1
Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: System32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0
Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1
Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup
Service (registry key): RemoteRegistry
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\System32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs
jbaldari
2006-08-04, 08:23
(cont.)
Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): sbp2port
Display name: SBP-2 Transport/Protocol Bus Driver
Image path: system32\DRIVERS\sbp2port.sys
Image size: 43136
Image MD5: 3E2C3B180872BE4120F246D85560B734
Start: 0
Type: 1
Error Control: 1
Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay
Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): ScsiPort
Image path: %SystemRoot%\system32\drivers\scsiport.sys
Image size: 96256
Image MD5: D7FD0FF761E28AC0EA35AD71E0CD67E9
Start: 0
Type: 0
Error Control: 0
Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: System32\DRIVERS\secdrv.sys
Image size: 11376
Image MD5: C71394D99A04CA76484492F590C9CBA5
Start: 2
Type: 1
Error Control: 1
Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0
Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): Serial
Start: 2
Type: 1
Error Control: 0
Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"
Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt
Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1
Service (registry key): SimpTcp
Display name: Simple TCP/IP Services
Description: Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day.
Object name: LocalSystem
Image path: %SystemRoot%\System32\tcpsvcs.exe
Image size: 19456
Image MD5: 32933B07FC16D9F778BEE12545FA1B1A
Start: 2
Type: 32
Error Control: 1
Depends On services: AFD
Service (registry key): SNMP
Display name: SNMP Service
Description: Includes agents that monitor the activity in network devices and report to the network console workstation.
Object name: LocalSystem
Image path: %SystemRoot%\System32\snmp.exe
Image size: 32768
Image MD5: D923BF27723E28E3C121B77F52DB4BCE
Start: 2
Type: 16
Error Control: 1
Depends On services: EventLog
Service (registry key): SNMPTRAP
Display name: SNMP Trap Service
Description: Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 8704
Image MD5: 6F591DBEFD11F7697042907B516F1212
Start: 3
Type: 16
Error Control: 1
Depends On services: EventLog
Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1
Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 8E186B8F23295D1E42C573B82B80D548
Start: 3
Type: 1
Error Control: 1
Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): sr
Display name: System Restore Filter Driver
Image path: System32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Start: 0
Type: 2
Error Control: 1
Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: System32\DRIVERS\srv.sys
Image size: 332800
Image MD5: E03B4EA274C9E509CCA7F9F0CEC24232
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): swenum
Display name: Software Bus Driver
Image path: System32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1
Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1
Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{75DCEB3B-F262-43DF-AF01-3440DCAD4400}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): swwd
Start: 0
Type: 0
Error Control: 0
Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1
Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): SymEvent
Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Image size: 73496
Image MD5: 083FE6483DC16A02AF2434D04B7D7AEA
Start: 3
Type: 1
Error Control: 1
Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1
Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1
Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: System32\DRIVERS\tcpip.sys
Image size: 359808
Image MD5: 1DBF125862891817F374F407626967F4
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec
Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0
Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0
Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: System32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): TlntSvr
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\tlntsvr.exe
Image size: 73216
Image MD5: 37DB0A7D097310E8B4DE803FC3119C78
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP
Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1
Service (registry key): UMWdf
Display name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Object name: NT AUTHORITY\LocalService
Image path: C:\WINDOWS\System32\wdfmgr.exe
Image size: 38912
Image MD5: AB0A7CA90D9E3D6A193905DC1715DED0
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): Update
Display name: Microcode Update Driver
Image path: System32\DRIVERS\update.sys
Image size: 209408
Image MD5: AFF2E5045961BBC0A602BB6F95EB1345
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1
Service (registry key): usbccgp
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 31616
Image MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: System32\DRIVERS\usbehci.sys
Image size: 26624
Image MD5: 15E993BA2F6946B2BFBBFCD30398621E
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: System32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbprint
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 25856
Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbscan
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 15104
Image MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: System32\DRIVERS\usbuhci.sys
Image size: 20480
Image MD5: F8FD1400092E23C8F2F31406EF06167B
Start: 3
Type: 1
Error Control: 1
Service (registry key): VgaSave
Display name: VGA Display Controller.
Description: Controls the VGA display adapter to provide basic display capabilities.
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0
Service (registry key): viaagp1
Display name: VIA AGP Filter
Image path: System32\DRIVERS\viaagp1.sys
Image size: 27904
Image MD5: 4B039BBD037B01F5DB5A144C837F283A
Start: 0
Type: 1
Error Control: 1
Service (registry key): ViaIde
Image path: System32\DRIVERS\viaide.sys
Image size: 5376
Image MD5: 59CB1338AD3654417BEA49636457F65D
Start: 0
Type: 1
Error Control: 1
Service (registry key): viamraid
Image path: System32\DRIVERS\viamraid.sys
Image size: 100992
Image MD5: 9F3F276C7300ED211129757A411B605F
Start: 0
Type: 1
Error Control: 1
Service (registry key): videX32
Image path: System32\DRIVERS\videX32.sys
Image size: 9728
Image MD5: C8EE49FA76EB7C41A9CDDFE58151A74E
Start: 0
Type: 1
Error Control: 1
Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1
Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
jbaldari
2006-08-04, 08:25
(cont.)
Service (registry key): vulfnths
Display name: VIA USB Host Controller Lower Filter
Image path: \SystemRoot\System32\Drivers\vulfnth.sys
Start: 3
Type: 1
Error Control: 0
Service (registry key): vulfntrs
Display name: VIA USB Roothub Lower Filter
Image path: \SystemRoot\System32\Drivers\vulfntr.sys
Start: 3
Type: 1
Error Control: 0
Service (registry key): VXD
Start: 0
Type: 0
Error Control: 0
Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0
Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: System32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1
Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0
Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: 2797F33EBF50466020C430EE4F037933
Start: 3
Type: 1
Error Control: 1
Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV
Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS,Eventlog
Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0
Service (registry key): WMConnectCDS
Display name: Windows Media Connect Service
Description: Shares media with media devices using Universal Plug and Play
Object name: NT AUTHORITY\NetworkService
Image path: C:\Program Files\Windows Media Connect 2\wmccds.exe
Image size: 855552
Image MD5: CD99C9FEAE87C1963273F6B150251E33
Start: 3
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter
Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt
Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio
Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): yukonwxp
Display name: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller
Image path: system32\DRIVERS\yk51x86.sys
Image size: 241280
Image MD5: 7D1DEF979B4E536E12882EE84F7C719A
Start: 3
Type: 1
Error Control: 1
Service (registry key): {69EE6076-8A8D-4460-B09B-EB32F5AA31C3}
Start: 0
Type: 0
Error Control: 0
Service (registry key): {8022389F-5BAF-432A-BF02-0EB16569F1E7}
Start: 0
Type: 0
Error Control: 0
Service (registry key): {F8089289-4964-4491-BF06-A76310F196AB}
Start: 0
Type: 0
Error Control: 0
---------------------------------------------------------------------
Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, August 03, 2006 5:50:26 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R117 03.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-3-2006 5:50:26 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 160
ThreadCreationTime : 8-4-2006 12:42:12 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 212
ThreadCreationTime : 8-4-2006 12:42:24 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 236
ThreadCreationTime : 8-4-2006 12:42:26 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 280
ThreadCreationTime : 8-4-2006 12:42:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 292
ThreadCreationTime : 8-4-2006 12:42:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 8-4-2006 12:42:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 512
ThreadCreationTime : 8-4-2006 12:42:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 8-4-2006 12:42:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 844
ThreadCreationTime : 8-4-2006 12:42:53 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:10 [winmine.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 8-4-2006 12:43:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Entertainment Pack Minesweeper Game
InternalName : winmine
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WINMINE.EXE
#:11 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1216
ThreadCreationTime : 8-4-2006 12:49:53 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-776561741-602162358-839522115-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-776561741-602162358-839522115-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-776561741-602162358-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-776561741-602162358-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-776561741-602162358-839522115-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-776561741-602162358-839522115-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
5:52:54 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:28.484
Objects scanned:82653
Objects identified:0
Objects ignored:0
New critical objects:0
jbaldari
2006-08-04, 08:26
(cont.)
----------------------------------------------------------
Date Filename Virus Name Virus Type Action Taken Computer User Original Location Status Current Location Primary Action Secondary Action Scan Type
8/3/2006 18:55 winowl32.dll Trojan Horse File Left alone CALIBERPRIME Administrator C:\WINDOWS\system32\ Infected C:\WINDOWS\system32\ Clean virus from file Quarantine infected file Manual scan
8/3/2006 9:35 winowl32.dll Trojan Horse File Left alone CALIBERPRIME SYSTEM C:\WINDOWS\system32\ Infected C:\WINDOWS\system32\ Clean virus from file Quarantine infected file Realtime scan
8/3/2006 8:53 winowl32.dll Trojan Horse File Left alone CALIBERPRIME Caliber C:\WINDOWS\system32\ Infected C:\WINDOWS\system32\ Clean virus from file Quarantine infected file Manual scan
8/3/2006 6:49 A0020714.exe Downloader File Left alone in Quarantine CALIBERPRIME SYSTEM C:\System Volume Information\_restore{E5A68B27-63A4-4A0A-B884-E69DC50888D5}\RP152\ Infected Quarantine Clean virus from file Leave alone (log only) Defwatch Scan
8/3/2006 6:49 mulbin32[1].exe Trojan Horse File Left alone in Quarantine CALIBERPRIME SYSTEM C:\Documents and Settings\Caliber\Local Settings\Temporary Internet Files\Content.IE5\NRUT5BQT\ Infected Quarantine Clean virus from file Leave alone (log only) Defwatch Scan
8/3/2006 6:49 wlzip32[1].exe Downloader File Left alone in Quarantine CALIBERPRIME SYSTEM C:\Documents and Settings\Caliber\Local Settings\Temporary Internet Files\Content.IE5\C7JV1E0N\ Infected Quarantine Clean virus from file Leave alone (log only) Defwatch Scan
8/3/2006 6:49 win1D.tmp.exe Downloader File Left alone in Quarantine CALIBERPRIME SYSTEM C:\Documents and Settings\Caliber\Local Settings\Temp\ Infected Quarantine Clean virus from file Leave alone (log only) Defwatch Scan
8/3/2006 6:49 h91746.exe Trojan.Zlob File Left alone in Quarantine CALIBERPRIME SYSTEM C:\Documents and Settings\Caliber\Local Settings\Temp\ Infected Quarantine Clean virus from file Leave alone (log only) Defwatch Scan
8/3/2006 6:49 dcdcab07.exe Downloader File Left alone in Quarantine CALIBERPRIME SYSTEM C:\Documents and Settings\Caliber\Local Settings\Application Data\ Infected Quarantine Clean virus from file Leave alone (log only) Defwatch Scan
8/3/2006 6:49 A0020715.exe Downloader File Left alone in Quarantine CALIBERPRIME SYSTEM C:\System Volume Information\_restore{E5A68B27-63A4-4A0A-B884-E69DC50888D5}\RP152\ Infected Quarantine Clean virus from file Leave alone (log only) Defwatch Scan
8/3/2006 6:49 h91746.exe Trojan.Zlob File Left alone in Quarantine CALIBERPRIME SYSTEM C:\DOCUME~1\Caliber\LOCALS~1\Temp\ Infected Quarantine Clean virus from file Leave alone (log only) Defwatch Scan
7/31/2006 6:46 h91746.exe Trojan.Zlob File Quarantined CALIBERPRIME Caliber C:\DOCUME~1\Caliber\LOCALS~1\Temp\ Infected Quarantine Clean virus from file Quarantine infected file Realtime scan
7/30/2006 21:57 A0020714.exe Downloader File Quarantined CALIBERPRIME Caliber C:\System Volume Information\_restore{E5A68B27-63A4-4A0A-B884-E69DC50888D5}\RP152\ Infected Quarantine Clean virus from file Quarantine infected file Realtime scan
7/30/2006 21:57 A0020715.exe Downloader File Quarantined CALIBERPRIME Caliber C:\System Volume Information\_restore{E5A68B27-63A4-4A0A-B884-E69DC50888D5}\RP152\ Infected Quarantine Clean virus from file Quarantine infected file Realtime scan
7/30/2006 20:41 dcdcab07.exe Downloader File Left alone CALIBERPRIME SYSTEM C:\WINDOWS\system32\ Infected C:\WINDOWS\system32\ Clean virus from file Quarantine infected file Realtime scan
7/30/2006 20:35 mulbin32[1].exe Trojan Horse File Quarantined CALIBERPRIME Caliber C:\Documents and Settings\Caliber\Local Settings\Temporary Internet Files\Content.IE5\NRUT5BQT\ Infected Quarantine Clean virus from file Quarantine infected file Manual scan
7/30/2006 20:34 wlzip32[1].exe Downloader File Quarantined CALIBERPRIME Caliber C:\Documents and Settings\Caliber\Local Settings\Temporary Internet Files\Content.IE5\C7JV1E0N\ Infected Quarantine Clean virus from file Quarantine infected file Manual scan
7/30/2006 20:34 win1D.tmp.exe Downloader File Quarantined CALIBERPRIME Caliber C:\Documents and Settings\Caliber\Local Settings\Temp\ Infected Quarantine Clean virus from file Quarantine infected file Manual scan
7/30/2006 20:32 h91746.exe Trojan.Zlob File Quarantined CALIBERPRIME Caliber C:\Documents and Settings\Caliber\Local Settings\Temp\ Infected Quarantine Clean virus from file Quarantine infected file Manual scan
7/30/2006 20:30 dcdcab07.exe Downloader File Quarantined CALIBERPRIME Caliber C:\Documents and Settings\Caliber\Local Settings\Application Data\ Infected Quarantine Clean virus from file Quarantine infected file Manual scan
---------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:02:07 PM, on 8/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\MBOLS~1\regsvr32.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://nv-web.nv.ngb.army.mil/index.cfm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Luao] "C:\PROGRA~1\COMMON~1\MBOLS~1\regsvr32.exe" -vt yazr
O4 - HKCU\..\Run: [Bxlwt] C:\Documents and Settings\Caliber\Application Data\?ppPatch\m?config.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153456897273
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153459645921
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O20 - AppInit_DLLs: C:\WINDOWS\system32\dllhost.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
-----------------
I hope this makes sense, and thank you for volunteering your time
LonnyRJones
2006-08-08, 05:23
Welcome jbaldari
Post back with a fresh hijackthis log please, no need for others this time.
jbaldari
2006-08-09, 07:05
Logfile of HijackThis v1.99.1
Scan saved at 9:03:10 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://nv-web.nv.ngb.army.mil/index.cfm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bxlwt] C:\Documents and Settings\Caliber\Application Data\?ppPatch\m?config.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153456897273
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153459645921
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
LonnyRJones
2006-08-09, 07:23
Start Hijackthis and place a check next to these items If there.
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: C:\Documents and Settings\Caliber\Application Data\?ppPatch\m?config.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
====================================
Hit fix checked and close Hijackthis.
[B]Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Why isnt your antivirus program running ?
Post a new hijackthis log
jbaldari
2006-08-09, 07:46
it is currently turned off since it wasn't detecting any of these events and was interfering with the online scanners... Once this is fixed, I will reinitialize it.
New log will be posted shortly...
jbaldari
2006-08-09, 07:54
Logfile of HijackThis v1.99.1
Scan saved at 9:52:41 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://nv-web.nv.ngb.army.mil/index.cfm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153456897273
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153459645921
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
jbaldari
2006-08-09, 07:58
I have tried removing the two dllhost files several times, including going into recovery manager off a boot disk. I can't figure out where it is respawning from...
LonnyRJones
2006-08-09, 11:17
We can delete them with SC
Open a command prompt (start run type cmd press enter) type
sc delete "SwPrv"
sc delete "COMSysApp"
press enter, type exit and press enter to exit the command prompt
Is this file still present or did your av program remove it ?
c:\windows\system32\winowl32.dll
Set windows to show hidden extensions file's and folder's.
click for> instructions<. (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Delete this appatch folder
C:\Documents and Settings\Caliber\Application Data\AppPatch
and the symbols folder is it exists
C:\PROGRAM FILES\COMMON FILES\SYMBOLS
Update suns java manualy
Sun Java "Java Runtime Environment (JRE) 5.0 Update 7" is Available:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Afterwards it's important to uninstall the old version's via addremove programs.
Are there any Current problems ?
jbaldari
2006-08-10, 04:01
We can delete them with SC
Open a command prompt (start run type cmd press enter) type
sc delete "SwPrv"
sc delete "COMSysApp"
press enter, type exit and press enter to exit the command prompt
worked, thanks
Is this file still present or did your av program remove it ?
c:\windows\system32\winowl32.dll
NAV handled that
Set windows to show hidden extensions file's and folder's.
click for> instructions<. (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Delete this appatch folder
C:\Documents and Settings\Caliber\Application Data\AppPatch
and the symbols folder is it exists
C:\PROGRAM FILES\COMMON FILES\SYMBOLS
Both were present, now gone and have not respawned
Update suns java manualy
Sun Java "Java Runtime Environment (JRE) 5.0 Update 7" is Available:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Afterwards it's important to uninstall the old version's via addremove programs.
Good to go
Are there any Current problems ?
Looks like it all worked, thanks for the help...
As the problem appears to be resolved this topic has been archived. :bigthumb:
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.