Results 1 to 9 of 9

Thread: win32.agent.pz help

  1. #1
    Junior Member
    Join Date
    Mar 2009
    Posts
    8

    Default win32.agent.pz help

    recently i got hacked from my account in world of warcraft.so i put a windows xp again and deleted everything from the one i had before.

    i did the scan but for this win32.agent.pz
    here is results
    --- Search result list ---
    Win32.Agent.pz: [SBI $7EC6899E] Settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

    Win32.Agent.pz: [SBI $8980C6CD] Settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

    Win32.Agent.pz: [SBI $0F1C75F7] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-03-18 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-01-22 Includes\Adware.sbi (*)
    2009-03-10 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-03-10 Includes\Dialer.sbi (*)
    2009-03-10 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-02-10 Includes\Hijackers.sbi (*)
    2009-03-03 Includes\HijackersC.sbi (*)
    2009-03-10 Includes\Keyloggers.sbi (*)
    2009-03-10 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-03-03 Includes\Malware.sbi (*)
    2009-03-10 Includes\MalwareC.sbi (*)
    2008-12-16 Includes\PUPS.sbi (*)
    2009-03-09 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-02-10 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-01-28 Includes\Spyware.sbi (*)
    2009-01-28 Includes\SpywareC.sbi (*)
    2008-06-03 Includes\Tracks.uti
    2009-03-10 Includes\Trojans.sbi (*)
    2009-03-10 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows XP: Security Update for Windows XP (KB941569)


    --- Startup entries list ---
    Located: HK_LM:Run, 36X Raid Configurer
    command: C:\WINDOWS\system32\xRaidSetup.exe boot
    file: C:\WINDOWS\system32\xRaidSetup.exe
    size: 1953792
    MD5: 703379685E86F23057B0E8DBED982945

    Located: HK_LM:Run, Alcmtr
    command: ALCMTR.EXE
    file: C:\WINDOWS\ALCMTR.EXE
    size: 69632
    MD5: 8B4CBBA1EA526830C7F97E7822E2493A

    Located: HK_LM:Run, AVG8_TRAY
    command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
    file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
    size: 1932568
    MD5: CB0BC853D84A61457AA9DB16C46DA07E

    Located: HK_LM:Run, Email Protection
    command: C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
    file: C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
    size: 275832
    MD5: 394251E074BFF9AA2B0A357C7EA29D60

    Located: HK_LM:Run, JMB36X IDE Setup
    command: C:\WINDOWS\RaidTool\xInsIDE.exe
    file: C:\WINDOWS\RaidTool\xInsIDE.exe
    size: 36864
    MD5: DB4E2D9C09A5762CB2551222B5E443B2

    Located: HK_LM:Run, Messenger
    command: C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
    file: C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
    size: 116088
    MD5: 416D58FF667F7E2051C75A7DED32F97C

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    file: C:\WINDOWS\system32\NvCpl.dll
    size: 13680640
    MD5: DEAC9939D9EDE2FE3664972E5473BC72

    Located: HK_LM:Run, NvMediaCenter
    command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    file: C:\WINDOWS\system32\NvMcTray.dll
    size: 86016
    MD5: CC855D26A86A0CD29DDE10B07E895D74

    Located: HK_LM:Run, nwiz
    command: nwiz.exe /install
    file: C:\WINDOWS\system32\nwiz.exe
    size: 1657376
    MD5: 87AEF2E96277C23B23685E34A30CEA08

    Located: HK_LM:Run, On-Line Protection
    command: C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE
    file: C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE
    size: 206200
    MD5: 69BBC62B9D30A9E2695F08AF3A38F3ED

    Located: HK_LM:Run, RTHDCPL
    command: RTHDCPL.EXE
    file: C:\WINDOWS\RTHDCPL.EXE
    size: 16844800
    MD5: 074FAE0B816FBA78F667B116303D31EB

    Located: HK_LM:Run, SmartGuardian
    command: C:\Program Files\ITE\Smart Guardian\ITESMART.exe
    file: C:\Program Files\ITE\Smart Guardian\ITESMART.exe
    size: 196608
    MD5: C27E0CABC1174DC09D267DB99C77CF36

    Located: HK_LM:Run, Startup Scan
    command: C:\PROGRA~1\QUICKH~1\QUICKH~1\sensor.exe /loadrun
    file: C:\PROGRA~1\QUICKH~1\QUICKH~1\sensor.exe
    size: 144760
    MD5: 894611CD2A8E530D02B3AE1CF84F1E25

    Located: HK_LM:Run, Update Scheduler
    command: C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK
    file: C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE
    size: 95608
    MD5: 16B9104E069D93C225062953DB43C9DB

    Located: HK_LM:RunOnce, Startup Scan
    command: C:\PROGRA~1\QUICKH~1\QUICKH~1\sensor.exe /check
    file: C:\PROGRA~1\QUICKH~1\QUICKH~1\sensor.exe
    size: 144760
    MD5: 894611CD2A8E530D02B3AE1CF84F1E25

    Located: HK_CU:Run, Spyware Doctor
    where: .DEFAULT...
    command: "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    file: C:\Program Files\Spyware Doctor\swdoctor.exe
    size: 1992928
    MD5: 77E67D0857B21573C1A79C05C9C761F3

    Located: HK_CU:RunOnce, nltide_3
    where: .DEFAULT...
    command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    file: C:\WINDOWS\system32\advpack.dll
    size: 123904
    MD5: F9D975BD4E56B05795A56ABB7829D3A3

    Located: HK_CU:RunOnce, nltide_3
    where: S-1-5-19...
    command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    file: C:\WINDOWS\system32\advpack.dll
    size: 123904
    MD5: F9D975BD4E56B05795A56ABB7829D3A3

    Located: HK_CU:RunOnce, nltide_3
    where: S-1-5-20...
    command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    file: C:\WINDOWS\system32\advpack.dll
    size: 123904
    MD5: F9D975BD4E56B05795A56ABB7829D3A3

    Located: HK_CU:Run, AWMON
    where: S-1-5-21-1482476501-1979792683-1801674531-500...
    command: "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    file: C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    size: 517632
    MD5: 107AF2DE3AF10D6D09C1B36FE9EF9156

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-1482476501-1979792683-1801674531-500...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 49B33E2B875ABE592C81F0D679858DE0

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-1482476501-1979792683-1801674531-500...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

    Located: HK_CU:Run, Spyware Doctor
    where: S-1-5-21-1482476501-1979792683-1801674531-500...
    command: "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    file: C:\Program Files\Spyware Doctor\swdoctor.exe
    size: 1992928
    MD5: 77E67D0857B21573C1A79C05C9C761F3

    Located: HK_CU:Run, Spyware Doctor
    where: S-1-5-18...
    command: "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    file: C:\Program Files\Spyware Doctor\swdoctor.exe
    size: 1992928
    MD5: 77E67D0857B21573C1A79C05C9C761F3

    Located: HK_CU:RunOnce, nltide_3
    where: S-1-5-18...
    command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    file: C:\WINDOWS\system32\advpack.dll
    size: 123904
    MD5: F9D975BD4E56B05795A56ABB7829D3A3

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: 43362B96870CE8649F4F2EC893DA93F0

    Located: WinLogon, avgrsstarter
    command: avgrsstx.dll
    file: avgrsstx.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, dimsntfy
    command: %SystemRoot%\System32\dimsntfy.dll
    file: %SystemRoot%\System32\dimsntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    here are the results

    ComboFix 09-03-15.01 - Administrator 2009-03-19 12:45:24.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2295 [GMT 0:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
    AV: Quick Heal 9.50 *On-access scanning enabled* (Outdated)
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\lowsec
    c:\windows\system32\lowsec\local.ds
    c:\windows\system32\lowsec\user.ds

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
    .

    2009-03-19 12:06 . 2009-03-19 12:06 0 --a------ c:\windows\system32\Sweeper.cfg
    2009-03-18 22:43 . 2009-03-18 22:43 0 --a------ c:\windows\nsreg.dat
    2009-03-18 22:38 . 2009-03-18 22:43 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-03-18 22:37 . 2009-03-18 22:43 <DIR> d-------- c:\program files\SpywareBlaster
    2009-03-18 22:35 . 2009-03-18 22:37 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-03-18 22:35 . 2009-03-18 22:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-18 22:22 . 2009-03-18 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
    2009-03-18 22:21 . 2009-03-18 22:23 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
    2009-03-18 22:07 . 2009-03-19 00:32 <DIR> d-------- c:\program files\Spyware Doctor
    2009-03-18 22:07 . 2009-03-18 22:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PC Tools
    2009-03-18 22:07 . 2005-12-13 15:18 50,048 --a------ c:\windows\system32\drivers\ikhlayer.sys
    2009-03-18 22:06 . 2009-03-18 22:06 <DIR> d-------- c:\program files\Lavasoft
    2009-03-18 22:06 . 2009-03-18 22:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
    2009-03-18 22:01 . 2009-03-18 22:01 674,816 --a------ c:\windows\isRS-000.tmp
    2009-03-18 22:01 . 2009-03-18 22:00 39,672 --a------ c:\windows\system32\drivers\ONLINENT.SYS
    2009-03-18 22:01 . 2009-03-18 22:00 19,960 --a------ c:\windows\system32\drivers\SCREENNT.SYS
    2009-03-18 22:01 . 2009-03-18 22:00 12,160 --a------ c:\windows\system32\drivers\EMLTDI.SYS
    2009-03-18 22:01 . 2009-03-18 22:01 28 --a------ c:\windows\ODBC.INI
    2009-03-18 22:01 . 2009-03-18 22:01 0 --a------ c:\windows\sensor.INI
    2009-03-18 22:01 . 2009-03-18 22:01 0 --a------ c:\windows\hqstat.mtl
    2009-03-18 22:01 . 2009-03-18 22:01 0 --a------ c:\windows\hqstat.mnt
    2009-03-18 22:00 . 2009-03-18 22:00 <DIR> d-------- c:\program files\Quick Heal
    2009-03-18 22:00 . 2009-03-18 22:01 87 --a------ c:\windows\QH32.INI
    2009-03-18 21:40 . 2009-03-19 12:46 8,253,472 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2009-03-18 21:40 . 2008-07-08 14:54 148,496 --a------ c:\windows\system32\drivers\00313835.sys
    2009-03-18 21:40 . 2009-03-19 00:33 88,940 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2009-03-18 21:36 . 2009-03-19 12:19 <DIR> d--h----- C:\$AVG8.VAULT$
    2009-03-18 21:34 . 2009-03-19 12:08 <DIR> d-------- c:\windows\system32\drivers\Avg
    2009-03-18 21:34 . 2009-03-18 21:34 <DIR> d-------- c:\program files\AVG
    2009-03-18 21:34 . 2009-03-18 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-03-18 21:34 . 2009-03-18 21:34 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
    2009-03-18 21:34 . 2009-03-18 21:34 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
    2009-03-18 21:34 . 2009-03-18 21:34 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
    2009-03-18 21:34 . 2009-03-18 21:34 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2009-03-18 21:32 . 2009-03-18 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
    2009-03-18 21:01 . 2009-03-18 21:01 <DIR> d-------- c:\program files\Marvell
    2009-03-18 20:58 . 2009-03-18 20:58 <DIR> d-------- c:\windows\system32\Lang
    2009-03-18 20:58 . 2009-03-18 20:58 940,794 --a------ c:\windows\system32\LoopyMusic.wav
    2009-03-18 20:58 . 2009-03-18 20:58 146,650 --a------ c:\windows\system32\BuzzingBee.wav
    2009-03-18 20:56 . 2009-03-18 20:56 <DIR> d-------- c:\windows\nview
    2009-03-18 20:56 . 2009-03-18 20:56 <DIR> d-------- C:\NVIDIA
    2009-03-18 20:56 . 2009-02-16 23:17 453,152 --a------ c:\windows\system32\NVUNINST.EXE
    2009-03-18 20:56 . 2009-02-18 14:44 453,152 --a------ c:\windows\system32\nvudisp.exe
    2009-03-18 20:56 . 2009-03-19 12:07 212,641 --a------ c:\windows\system32\nvapps.xml
    2009-03-18 20:56 . 2009-02-18 14:44 19,021 --a------ c:\windows\system32\nvdisp.nvu
    2009-03-18 20:55 . 2009-03-18 20:55 <DIR> d-------- c:\program files\Realtek
    2009-03-18 20:54 . 2009-03-18 20:54 <DIR> d-------- c:\windows\RaidTool
    2009-03-18 20:54 . 2009-03-18 20:54 <DIR> d-------- C:\RaidTool
    2009-03-18 20:54 . 2007-05-07 16:06 1,953,792 -ra------ c:\windows\system32\xRaidSetup.exe
    2009-03-18 20:54 . 2007-05-07 15:53 143,360 -ra------ c:\windows\system32\xRaidAPI.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-18 20:57 --------- d-----w c:\program files\Common Files\InstallShield
    2009-03-18 20:55 315,392 ----a-w c:\windows\HideWin.exe
    2009-03-18 20:55 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-18 13:14 --------- d-----w c:\program files\ITE
    2009-03-18 13:13 --------- d-----w c:\program files\Common Files\Adobe
    2009-03-18 13:11 --------- d-----w c:\program files\Intel
    2009-03-18 13:07 --------- d-----w c:\program files\Windows Media Connect 2
    2009-03-18 13:05 62,633 ----a-w c:\windows\prio197uninstall.exe
    2009-03-18 13:05 --------- d-----w c:\program files\Opera
    .

    ------- Sigcheck -------

    2008-05-03 12:00 361344 37d8387cbd4437c55f454209be10ef11 c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-03 15360]
    "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-06 1992928]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "AWMON"="c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 517632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartGuardian"="c:\program files\ITE\Smart Guardian\ITESMART.exe" [2006-01-18 196608]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-07 1953792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-18 1932568]
    "Email Protection"="c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2009-03-18 275832]
    "Update Scheduler"="c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE" [2009-03-18 95608]
    "On-Line Protection"="c:\progra~1\QUICKH~1\QUICKH~1\CATEYE.EXE" [2009-03-18 206200]
    "Startup Scan"="c:\progra~1\QUICKH~1\QUICKH~1\sensor.exe" [2009-03-18 144760]
    "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 c:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-06 1992928]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2007-08-13 c:\windows\system32\advpack.dll]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "StartMenuFavorites"= 0 (0x0)
    "Start_ShowMyComputer"= 1 (0x1)
    "Start_ShowMyDocs"= 1 (0x1)
    "Start_ShowMyMusic"= 0 (0x0)
    "Start_ShowRun"= 1 (0x1)
    "Start_ShowSearch"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-03-18 21:34 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=prio.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-18 12552]
    R0 ScreenNT;ScreenNT;c:\windows\system32\drivers\SCREENNT.SYS [2009-03-18 19960]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-18 325640]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-18 107912]
    R1 is-RGAHJdrv;is-RGAHJdrv;c:\windows\system32\drivers\00313835.sys [2009-03-18 21:40:25 148496]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-18 908056]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-18 298264]
    R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2009-03-18 12160]
    R2 OnlineNT;OnlineNT;c:\progra~1\QUICKH~1\QUICKH~1\ONLINENT.SYS [2009-03-18 39672]
    R2 Quick Heal AntiVirus Plus Mail Protection;Quick Heal AntiVirus Plus Mail Protection;c:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [2009-03-18 50552]
    R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [2009-03-18 58744]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - IKHLAYER
    *NewlyCreated* - SR
    *NewlyCreated* - SRSERVICE
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5y5ef5u6.default\
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-19 12:46:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(760)
    c:\windows\system32\prio.dll
    c:\program files\Spyware Doctor\Tools\swpg.dat

    - - - - - - - > 'lsass.exe'(816)
    c:\windows\system32\prio.dll
    c:\program files\Spyware Doctor\Tools\swpg.dat

    - - - - - - - > 'csrss.exe'(732)
    c:\program files\Spyware Doctor\Tools\swpg.dat
    .
    Completion time: 2009-03-19 12:47:19
    ComboFix-quarantined-files.txt 2009-03-19 12:47:16

    Pre-Run: 312,973,623,296 bytes free
    Post-Run: 312,975,921,152 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    207

  2. #2
    Junior Member
    Join Date
    Mar 2009
    Posts
    8

    Default and more it said it was too big to put it there

    --- Browser helper object list ---
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
    location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

    Objects\
    BHO name: WormRadar.com IESiteBlocker.NavFilter
    CLSID name: AVG Safe Search
    Path: C:\Program Files\AVG\AVG8\
    Long name: avgssie.dll
    Short name:
    Date (created): 3/18/2009 9:34:16 PM
    Date (last access): 3/18/2009 9:34:16 PM
    Date (last write): 3/18/2009 9:34:16 PM
    Filesize: 1078552
    Attributes: archive
    MD5: A99B481A7EA094E13B5B99AA52AE1D82
    CRC32: 55E8C189
    Version: 8.5.0.268



    --- ActiveX list ---


    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 660 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 732 ( 660) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 760 ( 660) \??\C:\WINDOWS\system32\winlogon.exe
    size: 507904
    PID: 804 ( 760) C:\WINDOWS\system32\services.exe
    size: 108544
    MD5: C91018FE1F9B53DE349398DD4AEC6F8C
    PID: 816 ( 760) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 809C3DFADC08D0EB15E5440F2A65434C
    PID: 976 ( 804) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 0B3290FB3815F5F6553E198642BB7E07
    PID: 1044 ( 804) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 0B3290FB3815F5F6553E198642BB7E07
    PID: 1140 ( 804) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 0B3290FB3815F5F6553E198642BB7E07
    PID: 1228 ( 804) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 0B3290FB3815F5F6553E198642BB7E07
    PID: 1328 ( 804) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 0B3290FB3815F5F6553E198642BB7E07
    PID: 1512 ( 804) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: 037B1C61E298180A43A6401A6D12BD76
    PID: 1844 (1780) C:\WINDOWS\Explorer.EXE
    size: 1033728
    MD5: 91172F1F7DECAA275ED52FCB61F57307
    PID: 1972 ( 804) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    size: 298264
    MD5: 4688233E07402D0D85E723979804D93E
    PID: 2024 ( 804) C:\PROGRA~1\QUICKH~1\QUICKH~1\ONLNSVC.EXE
    size: 99704
    MD5: 4E93E7DF8460A3B0EE0D3241FEC253DB
    PID: 2036 ( 804) C:\WINDOWS\system32\nvsvc32.exe
    size: 163908
    MD5: B54C19B0CDA652A65F99701490C9D20F
    PID: 156 ( 804) C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
    size: 50552
    MD5: E5D45E8BF9FCED8A9E18157D726DD4A4
    PID: 384 ( 804) C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
    size: 58744
    MD5: E86F96DF4AE22D58DD6154E30AFD4C03
    PID: 480 (1972) C:\PROGRA~1\AVG\AVG8\avgam.exe
    size: 832792
    MD5: D2ACEE719C22DC3FB96523D2CBB94249
    PID: 492 ( 804) C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
    size: 91512
    MD5: 93157CFA645603EF89AC93BCE46ED89A
    PID: 500 (1972) C:\Program Files\AVG\AVG8\avgrsx.exe
    size: 485144
    MD5: 7ADFB0D513C0BBA494CA8022AB0A4805
    PID: 520 ( 804) C:\Program Files\Spyware Doctor\sdhelp.exe
    size: 870624
    MD5: 186EE3B89521257C480E55063A91DE77
    PID: 528 (1972) C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    size: 593176
    MD5: 7B9756AABF34934E85DD244F2EAC13C3
    PID: 712 ( 804) C:\PROGRA~1\AVG\AVG8\avgemc.exe
    size: 908056
    MD5: FEACA762BCBB76FD0B241A153C8E7E8D
    PID: 1672 ( 712) C:\Program Files\AVG\AVG8\avgcsrvx.exe
    size: 691992
    MD5: B42A408640B4F78E80D9160453D7C613
    PID: 2340 ( 804) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 1E90B499478527EBF6349CC86413A9A1
    PID: 2620 ( 804) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 0B3290FB3815F5F6553E198642BB7E07
    PID: 2752 (1844) C:\WINDOWS\RTHDCPL.EXE
    size: 16844800
    MD5: 074FAE0B816FBA78F667B116303D31EB
    PID: 2800 (1844) C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: 55A78CAB0CCE27C6ECF6E0673E2597D8
    PID: 2808 (1844) C:\PROGRA~1\AVG\AVG8\avgtray.exe
    size: 1932568
    MD5: CB0BC853D84A61457AA9DB16C46DA07E
    PID: 2816 (1844) C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
    size: 275832
    MD5: 394251E074BFF9AA2B0A357C7EA29D60
    PID: 1780 (1844) C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE
    size: 95608
    MD5: 16B9104E069D93C225062953DB43C9DB
    PID: 2536 (1844) C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
    size: 116088
    MD5: 416D58FF667F7E2051C75A7DED32F97C
    PID: 3196 (1844) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 49B33E2B875ABE592C81F0D679858DE0
    PID: 2924 (1844) C:\Program Files\Spyware Doctor\swdoctor.exe
    size: 1992928
    MD5: 77E67D0857B21573C1A79C05C9C761F3
    PID: 2992 (1844) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887
    PID: 3116 (1844) C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    size: 517632
    MD5: 107AF2DE3AF10D6D09C1B36FE9EF9156
    PID: 3484 (1844) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 1160 (3484) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 307704
    MD5: 762D1D11BB4E7C8D238D957E5AB60D0E
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 3/19/2009 12:24:41 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.google.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.google.com/ie_rsearch.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.google.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://www.google.com/keyword/%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/ie_rsearch.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---


    --- Uninstall list ---
    Ad-Aware SE Professional 1.06 (Ad-Aware SE Professional)
    uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE

    C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    publisher: Lavasoft
    help link: http://www.lavasoft.com

    (AddressBook)

    Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX)
    uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    publisher: Adobe Systems Incorporated
    help link: http://www.adobe.com/go/flashplayer_support/

    (AVG7Uninstall)

    AVG 8.5 (AVG8Uninstall)
    version (major): 8
    version (minor): 5
    install location: C:\Program Files\AVG\AVG8
    uninstall cmd: C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    publisher: AVG Technologies

    (Branding)

    (Connection Manager)

    (DirectAnimation)

    (DirectDrawEx)

    (DXM_Runtime)

    (Fontcore)

    (ICW)

    Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
    install date: 20090318
    uninstall cmd:

    "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    Windows Internet Explorer 7 20070813.185237 (ie7)
    install date: 20090318
    uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/ie

    (IEData)

    (KB884267)

    (KB885353)

    (KB886612)

    (KB887078)

    (KB887626)

    (KB888656)

    (KB889858)

    (KB891122)

    (KB892313)

    (KB893240)

    (KB893241)

    (KB895181)

    (KB895316)

    (KB895572)

    (KB897586)

    (KB898549)

    (KB900399)

    (KB902344)

    (KB907658)

    (KB911565)

    (KB911854)

    Security Update for Windows XP (KB941569) (KB941569)
    install date: 20090318
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=941569

    (MobileOptionPack)

    Mozilla Firefox (3.0.7) 3.0.7 (en-US) (Mozilla Firefox (3.0.7))
    install location: C:\Program Files\Mozilla Firefox
    uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    publisher: Mozilla
    comments: Mozilla Firefox

    (MPlayer2)

    (NetMeeting)

    Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
    install date: 20090318
    uninstall cmd:

    "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation

    NVIDIA Drivers 1.3 (NVIDIA Drivers)
    install location: C:\WINDOWS\system32
    uninstall cmd: C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    publisher: NVIDIA Corporation

    (OutlookExpress)

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132

    C:\WINDOWS\INF\PCHealth.inf

    Prio v1.9.7 (Prio)
    version (major): 65545
    version (minor): 458752
    uninstall cmd: C:\WINDOWS\prio197uninstall.exe

    Quick Heal AntiVirus Plus (Quick Heal AntiVirus Plus)
    uninstall cmd: C:\PROGRA~1\QUICKH~1\QUICKH~1\Uninst.exe

    (SchedulingAgent)

    9.0.115.0 (ShockwaveFlash)

    Spyware Doctor 3.5 3.5 (Spyware Doctor_is1)
    install location: C:\Program Files\Spyware Doctor\
    uninstall cmd: "C:\Program Files\Spyware Doctor\unins000.exe"
    publisher: PC Tools Research Pty. Ltd.
    help link: http://www.pctools.com/spyware-doctor/support/

    SpywareBlaster 4.1 4.1.0 (SpywareBlaster_is1)
    install date: 20090318
    install location: C:\Program Files\SpywareBlaster\
    uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
    publisher: Javacool Software LLC

    Windows Media Format 11 runtime (Windows Media Format Runtime)
    uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    help link: http://go.microsoft.com/fwlink/?LinkId=62768

    Windows Media Player 11 (Windows Media Player)
    uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

    (WMCSetup)

    Windows Media Format 11 runtime (WMFDist11)
    install date: 20090318
    uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http:

    Windows Media Player 11 (wmp11)
    install date: 20090318
    uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http:

    Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
    install date: 20090318
    uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    comments: Build Number 5716

    WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
    version: 154279267
    version (major): 9
    version (minor): 50
    estimated size: 2472
    install date: 20090318
    install source: C:\WINDOWS\system32\
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/windows

    JMB36X Raid Configurer 1.00.0000 ({3A1B5D40-41E9-43FA-8C7B-A8667F5586EF})
    version: 16777216
    install date: 20090318
    install location: C:\Program Files\JMICRON Technology Corp.\JMB36X Raid Configurer
    install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for

    JMicron_RAID.zip\JMicron\R1171807\
    uninstall cmd: RunDll32

    C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup

    "C:\Program Files\InstallShield Installation

    Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
    publisher: JMICRON Technology Corp.

    Smart Guardian 2.0 ({417E7710-C77B-4CB9-839A-D586A12C64E2})
    version: 33554432
    install date: 20090318
    install location: C:\Program Files\ITE\Smart Guardian
    install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye26.tmp\Disk1\
    uninstall cmd: RunDll32

    C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup

    "C:\Program Files\InstallShield Installation

    Information\{417E7710-C77B-4CB9-839A-D586A12C64E2}\setup.exe" -l0x9 -removeonly
    publisher: ITE

    Microsoft Visual C++ 2005 Redistributable 8.0.56336 ({7299052b-02a4-4627-81f2-1818da5d550d})
    version: 134274064
    version (major): 8
    estimated size: 5330
    install date: 20090318
    install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS65.tmp\
    uninstall cmd: MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    publisher: Microsoft Corporation

    Adobe Reader 7.0.5 7.0.5 ({AC76BA86-7AD7-1033-7B44-A70500000002})
    version: 117440517
    version (major): 7
    estimated size: 65620
    install date: 20090318
    install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
    install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
    uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
    publisher: Adobe Systems Incorporated
    comments:
    contact:
    help link: http://www.adobe.com/support/main.html
    help telephone:
    readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

    Spybot - Search & Destroy 1.6.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
    install date: 20090318
    install location: C:\Program Files\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited
    help link: http://www.safer-networking.org/index.php?page=support

    Marvell Miniport Driver 8.61.2.3 ({C950420B-4182-49EA-850A-A6A2ABF06C6B})
    version: 138215426
    version (major): 8
    version (minor): 61
    estimated size: 1053
    install date: 20090318
    install location: C:\Program Files\Marvell\Miniport Driver\
    install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is7\
    uninstall cmd: MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
    publisher: Marvell
    help link: http://www.marvell.com/yukon/support

    WinZip 12.0 12.0.8252 ({CD95F661-A5C4-44F5-A6AA-ECDD91C240B7})
    version: 201334844
    version (major): 12
    estimated size: 14638
    install date: 20090318
    install location: C:\Program Files\WinZip\
    install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE0.TMP\
    uninstall cmd: MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
    publisher: WinZip Computing, S.L.
    help link: http://www.winzip.com/wzgate.cgi?lan...om/contact.htm

    Realtek High Definition Audio Driver 5.10.0.5490 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
    version: 36634624
    install date: 20090318
    install location: C:\Program Files\Realtek\Audio\InstallShield\
    install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 2 for

    X48_Audio.zip\Audio\R179\
    uninstall cmd: RunDll32

    C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup

    "C:\Program Files\InstallShield Installation

    Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    publisher: Realtek Semiconductor Corp.

  3. #3
    Junior Member
    Join Date
    Mar 2009
    Posts
    8

    Default and more

    --- System Services ---
    Service (registry key): Abiosdsk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): abp480n5
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ACPI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft ACPI Driver
    Image path: system32\DRIVERS\ACPI.sys
    Image size: 187776
    Image MD5: 7517E9B5FE4811CBD7712AF820028CC4
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ACPIEC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aec
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Kernel Acoustic Echo Canceller
    Image path: system32\drivers\aec.sys
    Image size: 142592
    Image MD5: 8BED39E3C35D6A489438B8141717A557
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AFD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AFD
    Description: AFD Networking Support Environment
    Image path: \SystemRoot\System32\drivers\afd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Aha154x
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78u2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Alerter
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Alerter
    Description: Notifies selected users and computers of administrative alerts. If the

    service is stopped, programs that use administrative alerts will not receive them. If this

    service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): ALG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Application Layer Gateway Service
    Description: Provides support for 3rd party protocol plug-ins for Internet Connection

    Sharing and the Windows Firewall.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 44544
    Image MD5: 1E90B499478527EBF6349CC86413A9A1
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): AliIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): amsint
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AppMgmt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Application Management
    Description: Provides software installation services such as Assign, Publish, and Remove.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): Arp1394
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: 1394 ARP Client Protocol
    Description: 1394 ARP Client Protocol
    Image path: system32\DRIVERS\arp1394.sys
    Image size: 60800
    Image MD5: 6BBB2D3A0FD090C20BCE7A176256E5A3
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): asc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3350p
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3550
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AsyncMac
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: RAS Asynchronous Media Driver
    Description: RAS Asynchronous Media Driver
    Image path: system32\DRIVERS\asyncmac.sys
    Image size: 14336
    Image MD5: 34C951228C152A248357409CB680CE13
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Standard IDE/ESDI Hard Disk Controller
    Image path: system32\DRIVERS\atapi.sys
    Image size: 96512
    Image MD5: 65EA06F8711FB3A64EC7D323E350F456
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Atdisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): Atmarpc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ATM ARP Client Protocol
    Description: ATM ARP Client Protocol
    Image path: system32\DRIVERS\atmarpc.sys
    Image size: 59904
    Image MD5: CE372A820E4F4E808B574050EC35C049
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): AudioSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Audio
    Description: Manages audio devices for Windows-based programs. If this service is

    stopped, audio devices and effects will not function properly. If this service is disabled,

    any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): audstub
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Audio Stub Driver
    Image path: system32\DRIVERS\audstub.sys
    Image size: 3072
    Image MD5: D9F724AA26C010A217C97606B160ED68
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AVG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): avg8emc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG8 E-mail Scanner
    Object name: LocalSystem
    Image path: C:\PROGRA~1\AVG\AVG8\avgemc.exe
    Image size: 908056
    Image MD5: FEACA762BCBB76FD0B241A153C8E7E8D
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RPCSS,avg8wd

    Service (registry key): avg8wd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG8 WatchDog
    Object name: LocalSystem
    Image path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    Image size: 298264
    Image MD5: 4688233E07402D0D85E723979804D93E
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): AvgLdx86
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG AVI Loader Driver x86
    Image path: \SystemRoot\System32\Drivers\avgldx86.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): AvgMfx86
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG On-access Scanner Minifilter Driver x86
    Image path: \SystemRoot\System32\Drivers\avgmfx86.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): AvgRkx86
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgrkx86.sys
    Image path: System32\Drivers\avgrkx86.sys
    Image size: 12552
    Image MD5: 27F5FCE36E5EEEE5698AB2FED1D31AE3
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): AvgTdiX
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG8 Network Redirector
    Image path: \SystemRoot\System32\Drivers\avgtdix.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BattC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Beep
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BITS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Background Intelligent Transfer Service
    Description: Transfers data between clients and servers in the background. If BITS is

    disabled, features such as Windows Update will not work correctly.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Browser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Computer Browser
    Description: Maintains an updated list of computers on the network and supplies this list

    to computers designated as browsers. If this service is stopped, this list will not be

    updated or maintained. If this service is disabled, any services that explicitly depend on

    it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): cbidf2k
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): cd20xrnt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Cdaudio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Cdfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): Cdrom
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: CD-ROM Driver
    Image path: system32\DRIVERS\cdrom.sys
    Image size: 62976
    Image MD5: 0CC13B7FE6D2F64EFC82CEBFE9D2B8F0
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): Changer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): CiSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Indexing Service
    Description: Indexes contents and properties of files on local and remote computers;

    provides rapid access to files through flexible querying language.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\cisvc.exe
    Image size: 5632
    Image MD5: 95C63655DE8F44334ADA695A75516AC2
    Control Set: CurrentControlSet
    Start: 4
    Type: 288
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): ClipSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ClipBook
    Description: Enables ClipBook Viewer to store information and share it with remote

    computers. If the service is stopped, ClipBook Viewer will not be able to share information

    with remote computers. If this service is disabled, any services that explicitly depend on

    it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\clipsrv.exe
    Image size: 33280
    Image MD5: 31CCDF04CDF2688B78FBC4B9FD183C13
    Control Set: CurrentControlSet
    Start: 4
    Type: 16
    Error Control: 1
    Depends On services: NetDDE

    Service (registry key): CmdIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): COMSysApp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: COM+ System Application
    Description: Manages the configuration and tracking of Component Object Model

    (COM)+-based components. If the service is stopped, most COM+-based components will not

    function properly. If this service is disabled, any services that explicitly depend on it

    will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\dllhost.exe

    /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 5120
    Image MD5: CCDE880AD5605F7970FE3EC6B5D3BC5A
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): ContentFilter
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ContentIndex
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Cpqarray
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CryptSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Cryptographic Services
    Description: Provides three management services: Catalog Database Service, which confirms

    the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root

    Certification Authority certificates from this computer; and Key Service, which helps enroll

    this computer for certificates. If this service is stopped, these management services will

    not function properly. If this service is disabled, any services that explicitly depend on

    it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): dac2w2k
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): dac960nt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): DcomLaunch
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: DCOM Server Process Launcher
    Description: Provides launch functionality for DCOM services.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost -k DcomLaunch
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): Dhcp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: DHCP Client
    Description: Manages network configuration by registering and updating IP addresses and

    DNS names.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip,Afd,NetBT

    Service (registry key): Disk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Disk Driver
    Image path: system32\DRIVERS\disk.sys
    Image size: 36352
    Image MD5: DB7BA51015765DB476457BEDD53D3CFE
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): dmadmin
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Logical Disk Manager Administrative Service
    Description: Configures hard disk drives and volumes. The service only runs for

    configuration processes and then stops.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\dmadmin.exe /com
    Image size: 224768
    Image MD5: 9B93EF2BC46F57E9028A1F91E247AC02
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay,DmServer

    Service (registry key): dmboot
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\drivers\dmboot.sys
    Image size: 799744
    Image MD5: BA1F9637C50D105FB8EBE334D57BC16E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dmio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Logical Disk Manager Driver
    Image path: System32\drivers\dmio.sys
    Image size: 153344
    Image MD5: A29D408F65291721091BC21A48CEED00
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): dmload
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\drivers\dmload.sys
    Image size: 5888
    Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): dmserver
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Logical Disk Manager
    Description: Detects and monitors new hard disk drives and sends disk volume information

    to Logical Disk Manager Administrative Service for configuration. If this service is

    stopped, dynamic disk status and configuration information may become out of date. If this

    service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay

    Service (registry key): DMusic
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Kernel DLS Syntheiszer
    Image path: system32\drivers\DMusic.sys
    Image size: 52864
    Image MD5: 0FDC464E960B5C9665D89FE00BC972A3
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Dnscache
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: DNS Client
    Description: Resolves and caches Domain Name System (DNS) names for this computer. If

    this service is stopped, this computer will not be able to resolve DNS names and locate

    Active Directory domain controllers. If this service is disabled, any services that

    explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): Dot3svc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Wired AutoConfig
    Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k dot3svc
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Ndisuio,eaphost

    Service (registry key): dpti2o
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): drmkaud
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Kernel DRM Audio Descrambler
    Image path: system32\drivers\drmkaud.sys
    Image size: 2944
    Image MD5: 6D5CA8474CF00A2765B6D6B35A57E89C
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): EapHost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Extensible Authentication Protocol Service
    Description: Provides windows clients Extensible Authentication Protocol Service
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k eapsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): EMLSS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: EMLSS
    Image path: system32\drivers\emltdi.sys
    Image size: 12160
    Image MD5: 5020A5A995928197D8CB95F851ACD026
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): ERSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Error Reporting Service
    Description: Allows error reporting for services and applictions running in non-standard

    environments.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 0
    Depends On services: RpcSs

    Service (registry key): Eventlog
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Event Log
    Description: Enables event log messages issued by Windows-based programs and components

    to be viewed in Event Viewer. This service cannot be stopped.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\services.exe
    Image size: 108544
    Image MD5: C91018FE1F9B53DE349398DD4AEC6F8C
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

  4. #4
    Junior Member
    Join Date
    Mar 2009
    Posts
    8

    Default and more more

    Service (registry key): EventSystem
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: COM+ Event System
    Description: Supports System Event Notification Service (SENS), which provides automatic

    distribution of events to subscribing Component Object Model (COM) components. If the

    service is stopped, SENS will close and will not be able to provide logon and logoff

    notifications. If this service is disabled, any services that explicitly depend on it will

    fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): Fastfat
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): FastUserSwitchingCompatibility
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Fast User Switching Compatibility
    Description: Provides management for applications that require assistance in a multiple

    user environment.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: TermService

    Service (registry key): Fdc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Floppy Disk Controller Driver
    Image path: system32\DRIVERS\fdc.sys
    Image size: 27392
    Image MD5: BAFD3CC668A29F5070DA63469C273127
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Fips
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Flpydisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Floppy Disk Driver
    Image path: system32\DRIVERS\flpydisk.sys
    Image size: 20480
    Image MD5: 50CD9634D0D4E6C9C6E2E8EA27F8E2F6
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): FltMgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: FltMgr
    Description: File System Filter Manager Driver
    Image path: system32\DRIVERS\fltMgr.sys
    Image size: 129792
    Image MD5: D1338FB4160E250AE8A9202F8AC3860F
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): Fs_Rec
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 8
    Error Control: 0

    Service (registry key): Ftdisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Volume Manager Driver
    Image path: system32\DRIVERS\ftdisk.sys
    Image size: 125056
    Image MD5: 6AC26732762483366C3969C9E4D2259D
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Gpc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Generic Packet Classifier
    Description: Generic Packet Classifier
    Image path: system32\DRIVERS\msgpc.sys
    Image size: 35072
    Image MD5: 8C7FAA02A68D9EEF68287A2842BB4F71
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): HDAudBus
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft UAA Bus Driver for High Definition Audio
    Image path: system32\DRIVERS\HDAudBus.sys
    Image size: 144384
    Image MD5: 573C7D0A32852B48F3058CFD8026F511
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): helpsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Help and Support
    Description: Enables Help and Support Center to run on this computer. If this service is

    stopped, Help and Support Center will be unavailable. If this service is disabled, any

    services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): HidServ
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Human Interface Device Access
    Description: Enables generic input access to Human Interface Devices (HID), which

    activates and maintains the use of predefined hot buttons on keyboards, remote controls, and

    other multimedia devices. If this service is stopped, hot buttons controlled by this service

    will no longer function. If this service is disabled, any services that explicitly depend on

    it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): hkmsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Health Key and Certificate Management Service
    Description: Manages health certificates and keys (used by NAP)
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): hpn
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): HTTP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: HTTP
    Description: This service implements the hypertext transfer protocol (HTTP). If this

    service is disabled, any services that explicitly depend on it will fail to start.
    Image path: System32\Drivers\HTTP.sys
    Image size: 264832
    Image MD5: 34B3296AD3C624DAAAF1884681633C82
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): HTTPFilter
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: HTTP SSL
    Description: This service implements the secure hypertext transfer protocol (HTTPS) for

    the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any

    services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: HTTP

    Service (registry key): i2omgmt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): i2omp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): i8042prt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: i8042 Keyboard and PS/2 Mouse Port Driver
    Image path: system32\DRIVERS\i8042prt.sys
    Image size: 52480
    Image MD5: F641D64E8FD069D91E60511BB5CF4A2D
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): ikhlayer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Kernel Anti-Spyware Driver
    Image path: \??\C:\WINDOWS\system32\drivers\ikhlayer.sys
    Image size: 50048
    Image MD5: B03903B8273848B340FAF061635D7DAF
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Imapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: CD-Burning Filter Driver
    Image path: system32\DRIVERS\imapi.sys
    Image size: 42112
    Image MD5: DF47D4E6ED89CD0AD7248A7604AF706E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): ImapiService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IMAPI CD-Burning COM Service
    Description: Manages CD recording using Image Mastering Applications Programming

    Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs.

    If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\imapi.exe
    Image size: 150528
    Image MD5: 2F2740AC7721502F7600F1C0DAF10D17
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): inetaccs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ini910u
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Inport
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): IntcAzAudAddService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service for Realtek HD Audio (WDM)
    Image path: system32\drivers\RtkHDAud.sys
    Image size: 4613120
    Image MD5: 574C9B2F9406D28F8F7E5C7B46B470E6
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): IntelIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): intelppm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel Processor Driver
    Image path: system32\DRIVERS\intelppm.sys
    Image size: 36352
    Image MD5: 09A4677EFBE5A0A14E9A090421D851DF
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Ip6Fw
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IPv6 Windows Firewall Driver
    Description: Provides intrusion prevention service for a home or small office network.
    Image path: system32\DRIVERS\Ip6Fw.sys
    Image size: 36608
    Image MD5: 0F2A14149B767CD62559A4E060D63E0A
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): IpFilterDriver
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IP Traffic Filter Driver
    Description: IP Traffic Filter Driver
    Image path: system32\DRIVERS\ipfltdrv.sys
    Image size: 32896
    Image MD5: 731F22BA402EE4B62748ADAF6363C182
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): IpInIp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IP in IP Tunnel Driver
    Description: IP in IP Tunnel Driver
    Image path: system32\DRIVERS\ipinip.sys
    Image size: 20864
    Image MD5: F6E4F5F17EAD48851B2CA24FAF595693
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): IpNat
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IP Network Address Translator
    Description: IP Network Address Translator
    Image path: system32\DRIVERS\ipnat.sys
    Image size: 152832
    Image MD5: 04191CC82EDA72C44F9C154BC094EA0D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): IPSec
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IPSEC driver
    Description: IPSEC driver
    Image path: system32\DRIVERS\ipsec.sys
    Image size: 75264
    Image MD5: 84F6866F355C4C2185EB68206D55C591
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): IRENUM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IR Enumerator Service
    Image path: system32\DRIVERS\irenum.sys
    Image size: 11264
    Image MD5: CA98B430387B7D73D9B52EB4E0AB9D92
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): is-RGAHJdrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: is-RGAHJdrv
    Description: is-RGAHJdrv
    Image path: system32\DRIVERS\00313835.sys
    Image size: 148496
    Image MD5: 0AA3AD071827118FCC8F37F7A6AB7AA1
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1
    Depends On services: FltMgr

    Service (registry key): ISAPISearch
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): isapnp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: PnP ISA/EISA Bus Driver
    Image path: system32\DRIVERS\isapnp.sys
    Image size: 37248
    Image MD5: 5A59964BFB9DCA86AF0C4AE8CC1D6A32
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): JRAID
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\jraid.sys
    Image size: 48640
    Image MD5: 222E263CC06E47BDA386FE19B88E8583
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Kbdclass
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Keyboard Class Driver
    Image path: system32\DRIVERS\kbdclass.sys
    Image size: 24576
    Image MD5: 4780A418E0FA859B09311C87980D0F7E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): klif
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): kmixer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Kernel Wave Audio Mixer
    Image path: system32\drivers\kmixer.sys
    Image size: 172416
    Image MD5: E30BE31B27E6FD0C3AB65E87F794E5DF
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): KSecDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): LanmanServer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Server
    Description: Supports file, print, and named-pipe sharing over the network for this

    computer. If this service is stopped, these functions will be unavailable. If this service

    is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): lanmanworkstation
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Workstation
    Description: Creates and maintains client network connections to remote servers. If this

    service is stopped, these connections will be unavailable. If this service is disabled, any

    services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): lbrtfdc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): ldap
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): LicenseService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): LmHosts
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: TCP/IP NetBIOS Helper
    Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name

    resolution.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: NetBT,Afd

    Service (registry key): mchInjDrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \??\C:\WINDOWS\TEMP\mc21.tmp
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): Messenger
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Messenger
    Description: Transmits net send and Alerter service messages between clients and servers.

    This service is not related to Windows Messenger. If this service is stopped, Alerter

    messages will not be transmitted. If this service is disabled, any services that explicitly

    depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

    Service (registry key): mnmdd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

  5. #5
    Junior Member
    Join Date
    Mar 2009
    Posts
    8

    Default and more more more

    Service (registry key): mnmsrvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NetMeeting Remote Desktop Sharing
    Description: Enables an authorized user to access this computer remotely by using

    NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing

    will be unavailable. If this service is disabled, any services that explicitly depend on it

    will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\mnmsrvc.exe
    Image size: 32768
    Image MD5: 094FBA18ECE5BAEEA122A3B9367EE310
    Control Set: CurrentControlSet
    Start: 3
    Type: 272
    Error Control: 1

    Service (registry key): Modem
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): Mouclass
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Mouse Class Driver
    Image path: system32\DRIVERS\mouclass.sys
    Image size: 23040
    Image MD5: 06515A5D8482B44E55BAB35981888A0E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): MountMgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): mraid35x
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): MRxDAV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WebDav Client Redirector
    Description: WebDav Client Redirector
    Image path: system32\DRIVERS\mrxdav.sys
    Image size: 180608
    Image MD5: 53CB9E3B300F4EA15D5B2679B102D09F
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): MRxSmb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: MRXSMB
    Description: MRXSMB
    Image path: system32\DRIVERS\mrxsmb.sys
    Image size: 456576
    Image MD5: C48D29E1719DEDC1A2815B3BD98E780B
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): MSDTC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Distributed Transaction Coordinator
    Description: Coordinates transactions that span multiple resource managers, such as

    databases, message queues, and file systems. If this service is stopped, these transactions

    will not occur. If this service is disabled, any services that explicitly depend on it will

    fail to start.
    Object name: NT AUTHORITY\NetworkService
    Image path: C:\WINDOWS\system32\msdtc.exe
    Image size: 6144
    Image MD5: 77EA719820518452341821C5198441CA
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS,SamSS

    Service (registry key): Msfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): MSIServer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Installer
    Description: Adds, modifies, and removes applications provided as a Windows Installer

    (*.msi) package. If this service is disabled, any services that explicitly depend on it will

    fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\msiexec.exe /V
    Image size: 78848
    Image MD5: B3F0F2DDBA4B53B1350C8B9408C0EC80
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): MSKSSRV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Streaming Service Proxy
    Image path: system32\drivers\MSKSSRV.sys
    Image size: 7552
    Image MD5: 241E77138DEE16D546080A794B80284B
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSPCLOCK
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Streaming Clock Proxy
    Image path: system32\drivers\MSPCLOCK.sys
    Image size: 5376
    Image MD5: F46DE5B07EA15E0727F12EB12E710F71
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSPQM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Streaming Quality Manager Proxy
    Image path: system32\drivers\MSPQM.sys
    Image size: 4992
    Image MD5: C53927217AC0834DC547B396FFC495D9
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): mssmbios
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft System Management BIOS Driver
    Image path: system32\DRIVERS\mssmbios.sys
    Image size: 15488
    Image MD5: 146E70915C378F02476A10BCEC3A95C2
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Mup
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Mup
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): napagent
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Network Access Protection Agent
    Description: Allows windows clients to participate in Network Access Protection
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): NDIS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NDIS System Driver
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): NdisTapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access NDIS TAPI Driver
    Description: Remote Access NDIS TAPI Driver
    Image path: system32\DRIVERS\ndistapi.sys
    Image size: 10112
    Image MD5: EAEECD0001F1D43BB3E81B77E8B8483E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Ndisuio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NDIS Usermode I/O Protocol
    Description: NDIS Usermode I/O Protocol
    Image path: system32\DRIVERS\ndisuio.sys
    Image size: 14592
    Image MD5: 077C330D7E12669D57ED16E4DFABF700
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NdisWan
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access NDIS WAN Driver
    Description: Remote Access NDIS WAN Driver
    Image path: system32\DRIVERS\ndiswan.sys
    Image size: 91520
    Image MD5: 36A503C26F7C81FE7CE71B0B467605DD
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NDProxy
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NetBIOS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NetBIOS Interface
    Description: NetBIOS Interface
    Image path: system32\DRIVERS\netbios.sys
    Image size: 34688
    Image MD5: 4977FD4BAD4B94188E7B101DF0E017EF
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): NetBT
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NetBios over Tcpip
    Description: NetBios over Tcpip
    Image path: system32\DRIVERS\netbt.sys
    Image size: 162816
    Image MD5: 3294DC900631EE18C86F49E7C26E416B
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): NetDDE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Network DDE
    Description: Provides network transport and security for Dynamic Data Exchange (DDE) for

    programs running on the same computer or on different computers. If this service is stopped,

    DDE transport and security will be unavailable. If this service is disabled, any services

    that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\netdde.exe
    Image size: 111104
    Image MD5: FBD067229FA6244C93888034A1241A03
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: NetDDEDSDM

    Service (registry key): NetDDEdsdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Network DDE DSDM
    Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is

    stopped, DDE network shares will be unavailable. If this service is disabled, any services

    that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\netdde.exe
    Image size: 111104
    Image MD5: FBD067229FA6244C93888034A1241A03
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1

    Service (registry key): Netlogon
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Net Logon
    Description: Supports pass-through authentication of account logon events for computers

    in a domain.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 13312
    Image MD5: 809C3DFADC08D0EB15E5440F2A65434C
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): Netman
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Network Connections
    Description: Manages objects in the Network and Dial-Up Connections folder, in which you

    can view both local area network and remote connections.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 288
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): NIC1394
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: 1394 Net Driver
    Image path: system32\DRIVERS\nic1394.sys
    Image size: 61824
    Image MD5: 0303356D9EA9C29B9E0FE60A5399B85D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Nla
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Network Location Awareness (NLA)
    Description: Collects and stores network configuration and location information, and

    notifies applications when this information changes.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Tcpip,Afd

    Service (registry key): Npfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): NT Online Protection
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NT Online Protection
    Object name: LocalSystem
    Image path: C:\PROGRA~1\QUICKH~1\QUICKH~1\ONLNSVC.EXE
    Image size: 99704
    Image MD5: 4E93E7DF8460A3B0EE0D3241FEC253DB
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): Ntfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): NtLmSsp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NT LM Security Support Provider
    Description: Provides security to remote procedure call (RPC) programs that use

    transports other than named pipes.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 13312
    Image MD5: 809C3DFADC08D0EB15E5440F2A65434C
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): NtmsSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Removable Storage
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Null
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): nv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\nv4_mini.sys
    Image size: 6308224
    Image MD5: 0AE3A22DBE88DC219F8C0FDD30239E4F
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

  6. #6
    Junior Member
    Join Date
    Mar 2009
    Posts
    8

    Default ........

    Service (registry key): NVSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NVIDIA Display Driver Service
    Description: Provides system and desktop level support to the NVIDIA display driver
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\nvsvc32.exe
    Image size: 163908
    Image MD5: B54C19B0CDA652A65F99701490C9D20F
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): NwlnkFlt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IPX Traffic Filter Driver
    Description: IPX Traffic Filter Driver
    Image path: system32\DRIVERS\nwlnkflt.sys
    Image size: 12416
    Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: NwlnkFwd

    Service (registry key): NwlnkFwd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IPX Traffic Forwarder Driver
    Description: IPX Traffic Forwarder Driver
    Image path: system32\DRIVERS\nwlnkfwd.sys
    Image size: 32512
    Image MD5: C99B3415198D1AAB7227F2C88FD664B9
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ohci1394
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: VIA OHCI Compliant IEEE 1394 Host Controller
    Image path: system32\DRIVERS\ohci1394.sys
    Image size: 61696
    Image MD5: 12859F407216A8978B15115DC20D943D
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): OnlineNT
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: OnlineNT
    Image path: \??\C:\PROGRA~1\QUICKH~1\QUICKH~1\ONLINENT.SYS
    Image size: 39672
    Image MD5: 6C2EA84B488696B1ED56C69F3D1E91E7
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): Parport
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): PartMgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ParVdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 0
    Depends On services: Parport
    Depends On group: "Parallel arbitrator"

    Service (registry key): PCI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: PCI Bus Driver
    Image path: system32\DRIVERS\pci.sys
    Image size: 68224
    Image MD5: EF6876118575C85CA4AD39AC6490656C
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): PCIDump
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): PCIIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\pciide.sys
    Image size: 3328
    Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Pcmcia
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): PDCOMP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): PDFRAME
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): PDRELI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): PDRFRAME
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): perc2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): perc2hib
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): PerfDisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfNet
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfOS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfProc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PlugPlay
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Plug and Play
    Description: Enables a computer to recognize and adapt to hardware changes with little or

    no user input. Stopping or disabling this service will result in system instability.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\services.exe
    Image size: 108544
    Image MD5: C91018FE1F9B53DE349398DD4AEC6F8C
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): PolicyAgent
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IPSEC Services
    Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP

    security driver.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 13312
    Image MD5: 809C3DFADC08D0EB15E5440F2A65434C
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,Tcpip,IPSec

    Service (registry key): PptpMiniport
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WAN Miniport (PPTP)
    Description: WAN Miniport (PPTP)
    Image path: system32\DRIVERS\raspptp.sys
    Image size: 48384
    Image MD5: 7065EAEF0B12CC5339425D575E5A71D3
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ProtectedStorage
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Protected Storage
    Description: Provides protected storage for sensitive data, such as private keys, to

    prevent access by unauthorized services, processes, or users.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 13312
    Image MD5: 809C3DFADC08D0EB15E5440F2A65434C
    Control Set: CurrentControlSet
    Start: 2
    Type: 288
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): PSched
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: QoS Packet Scheduler
    Description: QoS Packet Scheduler
    Image path: system32\DRIVERS\psched.sys
    Image size: 69120
    Image MD5: 7C8C04B524B0823A29EE6B0818ECBBB3
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Gpc

    Service (registry key): Ptilink
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Direct Parallel Link Driver
    Description: Direct Parallel Link Driver
    Image path: system32\DRIVERS\ptilink.sys
    Image size: 17792
    Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ql1080
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Ql10wnt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ql12160
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ql1240
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ql1280
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Quick Heal AntiVirus Plus Mail Protection
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Quick Heal AntiVirus Plus Mail Protection
    Object name: LocalSystem
    Image path: C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
    Image size: 50552
    Image MD5: E5D45E8BF9FCED8A9E18157D726DD4A4
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1

    Service (registry key): Quick Update Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Quick Update Service
    Object name: LocalSystem
    Image path: C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
    Image size: 58744
    Image MD5: E86F96DF4AE22D58DD6154E30AFD4C03
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): RasAcd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access Auto Connection Driver
    Description: Remote Access Auto Connection Driver
    Image path: system32\DRIVERS\rasacd.sys
    Image size: 8832
    Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): RasAuto
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access Auto Connection Manager
    Description: Creates a connection to a remote network whenever a program references a

    remote DNS or NetBIOS name or address.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RasMan,Tapisrv

    Service (registry key): Rasl2tp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WAN Miniport (L2TP)
    Description: WAN Miniport (L2TP)
    Image path: system32\DRIVERS\rasl2tp.sys
    Image size: 51328
    Image MD5: 1D0743F4B97FD729511AD5022E0BCBC1
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): RasMan
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access Connection Manager
    Description: Creates a network connection.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Tapisrv

    Service (registry key): RasPppoe
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access PPPOE Driver
    Description: Remote Access PPPOE Driver
    Image path: system32\DRIVERS\raspppoe.sys
    Image size: 41472
    Image MD5: 04A17CED474F4444D6EFF7A1BA169A2E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Raspti
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Direct Parallel
    Description: Direct Parallel
    Image path: system32\DRIVERS\raspti.sys
    Image size: 16512
    Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Rdbss
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Rdbss
    Description: Rdbss
    Image path: system32\DRIVERS\rdbss.sys
    Image size: 175744
    Image MD5: D2FD6BD47A5AD252745C96B61B55D7BE
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): RDPCDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DRIVERS\RDPCDD.sys
    Image size: 4224
    Image MD5: 4912D5B403614CE99C28420F75353332
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): RDPDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): rdpdr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Terminal Server Device Redirector Driver
    Image path: system32\DRIVERS\rdpdr.sys
    Image size: 196224
    Image MD5: 00F5B19217F0EA9A513789DD8214C79B
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): RDPNP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): RDPWD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): RDSessMgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Desktop Help Session Manager
    Description: Manages and controls Remote Assistance. If this service is stopped, Remote

    Assistance will be unavailable. Before stopping this service, see the Dependencies tab of

    the Properties dialog box.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\sessmgr.exe
    Image size: 141312
    Image MD5: 0F7596DA624E4A8294F2CF7A745D1F09
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): redbook
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Digital CD Audio Playback Filter Driver
    Image path: system32\DRIVERS\redbook.sys
    Image size: 57600
    Image MD5: BF1BFDAD19FD920CC0856886CE91B208
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): RemoteAccess
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Routing and Remote Access
    Description: Offers routing services to businesses in local area and wide area network

    environments.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: RpcSS
    Depends On group: NetBIOSGroup

    Service (registry key): RemoteRegistry
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Registry
    Description: Enables remote users to modify registry settings on this computer. If this

    service is stopped, the registry can be modified only by users on this computer. If this

    service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): RpcLocator
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Procedure Call (RPC) Locator
    Description: Manages the RPC name service database.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\locator.exe
    Image size: 75264
    Image MD5: B0B057C4DB9CACCABF4F6989AFD26BC5
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): RpcSs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Procedure Call (RPC)
    Description: Provides the endpoint mapper and other miscellaneous RPC services.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost -k rpcss
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): RSVP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: QoS RSVP
    Description: Provides network signaling and local traffic control setup functionality for

    QoS-aware programs and control applets.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\rsvp.exe
    Image size: 132608
    Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: TcpIp,Afd,RpcSs

    Service (registry key): SamSs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Security Accounts Manager
    Description: Stores security information for local user accounts.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 13312
    Image MD5: 809C3DFADC08D0EB15E5440F2A65434C
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

  7. #7
    Junior Member
    Join Date
    Mar 2009
    Posts
    8

    Default ...............

    Service (registry key): ScanWscS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Quick Heal Helper Service WSC
    Object name: LocalSystem
    Image path: C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
    Image size: 91512
    Image MD5: 93157CFA645603EF89AC93BCE46ED89A
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1

    Service (registry key): SCardSvr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Smart Card
    Description: Manages access to smart cards read by this computer. If this service is

    stopped, this computer will be unable to read smart cards. If this service is disabled, any

    services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\SCardSvr.exe
    Image size: 95744
    Image MD5: F654D3E40F2B164969FACB6CF32916BC
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 0
    Depends On services: PlugPlay

    Service (registry key): Schedule
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Task Scheduler
    Description: Enables a user to configure and schedule automated tasks on this computer.

    If this service is stopped, these tasks will not be run at their scheduled times. If this

    service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): ScreenNT
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ScreenNT
    Image path: system32\drivers\ScreenNT.sys
    Image size: 19960
    Image MD5: D1319C71DBD3A56137FC5046FB8463D1
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): SDhelper
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: PC Tools Spyware Doctor
    Object name: LocalSystem
    Image path: C:\Program Files\Spyware Doctor\sdhelp.exe
    Image size: 870624
    Image MD5: 186EE3B89521257C480E55063A91DE77
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): Secdrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Secdrv
    Description: SafeDisc driver
    Image path: system32\DRIVERS\secdrv.sys
    Image size: 20480
    Image MD5: 90A3935D05B494A5A39D37E71F09A677
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): seclogon
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Secondary Logon
    Description: Enables starting processes under alternate credentials. If this service is

    stopped, this type of logon access will be unavailable. If this service is disabled, any

    services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 288
    Error Control: 0

    Service (registry key): SENS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: System Event Notification
    Description: Tracks system events such as Windows logon, network, and power events.

    Notifies COM+ Event System subscribers of these events.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: EventSystem

    Service (registry key): serenum
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Serenum Filter Driver
    Image path: system32\DRIVERS\serenum.sys
    Image size: 15744
    Image MD5: 19F5A2B382C281EA02525566E8FE6980
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Serial
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Serial port driver
    Image path: system32\DRIVERS\serial.sys
    Image size: 64512
    Image MD5: 3DAE0C3747F4065D18617CA36F63F104
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Sfloppy
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0
    Depends On group: "SCSI miniport"

    Service (registry key): SharedAccess
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Firewall/Internet Connection Sharing (ICS)
    Description: Provides network address translation, addressing, name resolution and/or

    intrusion prevention services for a home or small office network.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Netman,WinMgmt

    Service (registry key): ShellHWDetection
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Shell Hardware Detection
    Description: Provides notifications for AutoPlay hardware events.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RpcSs

    Service (registry key): Simbad
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Sparrow
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): splitter
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Kernel Audio Splitter
    Image path: system32\drivers\splitter.sys
    Image size: 6272
    Image MD5: D15D4F064889ADAE4EF9A44797361A95
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Spooler
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Print Spooler
    Description: Loads files to memory for later printing.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\spoolsv.exe
    Image size: 57856
    Image MD5: 037B1C61E298180A43A6401A6D12BD76
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): sr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: System Restore Filter Driver
    Image path: system32\DRIVERS\sr.sys
    Image size: 73472
    Image MD5: B0A078E4F5C4B11DDCA9FE48E860687F
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): srservice
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: System Restore Service
    Description: Performs system restore functions. To stop service, turn off System Restore

    from the System Restore tab in My Computer->Properties
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Srv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Srv
    Description: Srv
    Image path: system32\DRIVERS\srv.sys
    Image size: 334848
    Image MD5: 9BDB2E5F2C6CEBEEE1D75FF2EADACAFA
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): SSDPSRV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SSDP Discovery Service
    Description: Enables discovery of UPnP devices on your home network.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: HTTP

    Service (registry key): stisvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Image Acquisition (WIA)
    Description: Provides image acquisition services for scanners and cameras.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): swenum
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Software Bus Driver
    Image path: system32\DRIVERS\swenum.sys
    Image size: 4352
    Image MD5: 52CA69522D2780008679F486FF2D16A9
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): swmidi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Kernel GS Wavetable Synthesizer
    Image path: system32\drivers\swmidi.sys
    Image size: 56576
    Image MD5: D9F7F799DB20CE348D2C7F374AAE5133
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SwPrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: MS Software Shadow Copy Provider
    Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy

    service. If this service is stopped, software-based volume shadow copies cannot be managed.

    If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\dllhost.exe

    /Processid:{94D6F8E4-CF4D-4534-9F3A-56A60757E25B}
    Image size: 5120
    Image MD5: CCDE880AD5605F7970FE3EC6B5D3BC5A
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0
    Depends On services: rpcss

    Service (registry key): symc810
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): symc8xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): sym_hi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): sym_u3
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): sysaudio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Kernel System Audio Device
    Image path: system32\drivers\sysaudio.sys
    Image size: 60800
    Image MD5: AC17B7E3DA6FC911466962BBE1596239
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SysmonLog
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Performance Logs and Alerts
    Description: Collects performance data from local or remote computers based on

    preconfigured schedule parameters, then writes the data to a log or triggers an alert. If

    this service is stopped, performance information will not be collected. If this service is

    disabled, any services that explicitly depend on it will fail to start.
    Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\smlogsvc.exe
    Image size: 89600
    Image MD5: 53ED5E1E439BFE582E5FA6255314F85F
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): TapiSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Telephony
    Description: Provides Telephony API (TAPI) support for programs that control telephony

    devices and IP based voice connections on the local computer and, through the LAN, on

    servers that are also running the service.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): Tcpip
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: TCP/IP Protocol Driver
    Description: TCP/IP Protocol Driver
    Image path: system32\DRIVERS\tcpip.sys
    Image size: 361344
    Image MD5: 37D8387CBD4437C55F454209BE10EF11
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: IPSec

    Service (registry key): TDPIPE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): TDTCP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): TermDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Terminal Device Driver
    Image path: system32\DRIVERS\termdd.sys
    Image size: 40840
    Image MD5: 9357984830DC4F40C3C82489B56EC95B
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

  8. #8
    Junior Member
    Join Date
    Mar 2009
    Posts
    8

    Default

    Service (registry key): TermService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Terminal Services
    Description: Allows multiple users to be connected interactively to a machine as well as

    the display of desktops and applications to remote computers. The underpinning of Remote

    Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and

    Terminal Server.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost -k DComLaunch
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): Themes
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Themes
    Description: Provides user experience theme management.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): TlntSvr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Telnet
    Description: Enables a remote user to log on to this computer and run programs, and

    supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If

    this service is stopped, remote user access to programs might be unavailable. If this

    service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\tlntsvr.exe
    Image size: 73216
    Image MD5: 34DAA86C8CA3A5E8FDCF6F50308E0C1C
    Control Set: CurrentControlSet
    Start: 4
    Type: 16
    Error Control: 1
    Depends On services: RPCSS,TCPIP,NTLMSSP

    Service (registry key): TosIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): TrkWks
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Distributed Link Tracking Client
    Description: Maintains links between NTFS files within a computer or across computers in

    a network domain.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): TSDDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Udfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): ultra
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Update
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microcode Update Driver
    Image path: system32\DRIVERS\update.sys
    Image size: 384768
    Image MD5: 4B633414B8231060C8CEAC4575FCB00E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): upnphost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Universal Plug and Play Device Host
    Description: Provides support to host Universal Plug and Play devices.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: SSDPSRV,HTTP

    Service (registry key): UPS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Uninterruptible Power Supply
    Description: Manages an uninterruptible power supply (UPS) connected to the computer.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\ups.exe
    Image size: 18432
    Image MD5: 206526C0DEA504598A2BE679714BDF83
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): usbehci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
    Image path: system32\DRIVERS\usbehci.sys
    Image size: 30208
    Image MD5: 8E9D9764DD8030160FC42E183001113D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbhub
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: USB2 Enabled Hub
    Image path: system32\DRIVERS\usbhub.sys
    Image size: 59520
    Image MD5: 32889E8B3BB890D5DBCDF866598A2B45
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbstor
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: USB Mass Storage Driver
    Image path: system32\DRIVERS\USBSTOR.SYS
    Image size: 26368
    Image MD5: 4C11E52F58B8F691099F9C1B0432A6A6
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbuhci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft USB Universal Host Controller Miniport Driver
    Image path: system32\DRIVERS\usbuhci.sys
    Image size: 20608
    Image MD5: B4FBC865CE1311F671C18388DF73EB80
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): VgaSave
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\System32\drivers\vga.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): ViaIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): VolSnap
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): VSS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Volume Shadow Copy
    Description: Manages and implements Volume Shadow Copies used for backup and other

    purposes. If this service is stopped, shadow copies will be unavailable for backup and the

    backup may fail. If this service is disabled, any services that explicitly depend on it will

    fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\vssvc.exe
    Image size: 289792
    Image MD5: A8C250F3BBA8334331C82D12719C1907
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): W32Time
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Time
    Description: Maintains date and time synchronization on all clients and servers in the

    network. If this service is stopped, date and time synchronization will be unavailable. If

    this service is disabled, any services that explicitly depend on it will fail to start.

    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): W3SVC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Wanarp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access IP ARP Driver
    Description: Remote Access IP ARP Driver
    Image path: system32\DRIVERS\wanarp.sys
    Image size: 34560
    Image MD5: 4D91CDFECB032A34C550080B62720E15
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): WDICA
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): wdmaud
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft WINMM WDM Audio Compatibility Driver
    Image path: system32\drivers\wdmaud.sys
    Image size: 83072
    Image MD5: 971260FF2BDF0371C11E811FA9C64BD8
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): WebClient
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WebClient
    Description: Enables Windows-based programs to create, access, and modify Internet-based

    files. If this service is stopped, these functions will not be available. If this service is

    disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: MRxDAV

    Service (registry key): winmgmt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Management Instrumentation
    Description: Provides a common interface and object model to access management

    information about operating system, devices, applications and services. If this service is

    stopped, most Windows-based software will not function properly. If this service is

    disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RPCSS

    Service (registry key): Winsock
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 4
    Error Control: 1

    Service (registry key): WinSock2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): WinTrust
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): WmdmPmSN
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Portable Media Serial Number Service
    Description: Retrieves the serial number of any portable media player connected to this

    computer. If this service is stopped, protected content might not be down loaded to the

    device.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): Wmi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Management Instrumentation Driver Extensions
    Description: Provides systems management information to and from drivers.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): WmiApRpl
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): WmiApSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WMI Performance Adapter
    Description: Provides performance library information from WMI HiPerf providers.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
    Image size: 126464
    Image MD5: C0B67974A399F3CF92E7FBDBB540BEF0
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): WMPNetworkSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Media Player Network Sharing Service
    Description: Shares Windows Media Player libraries to other networked players and media

    devices using Universal Plug and Play
    Object name: NT AUTHORITY\NetworkService
    Image path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
    Image size: 913408
    Image MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: upnphost,http,HTTPFilter

    Service (registry key): WS2IFSL
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 0
    Error Control: 0

    Service (registry key): wscsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Security Center
    Description: Monitors system security settings and configurations.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,winmgmt

    Service (registry key): wuauserv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Automatic Updates
    Description: Enables the download and installation of Windows updates. If this service is

    disabled, this computer will not be able to use the Automatic Updates feature or the Windows

    Update Web site.
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): WudfPf
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
    Description: Provide communciation services for UMDF components.
    Image path: system32\DRIVERS\WudfPf.sys
    Image size: 77568
    Image MD5: F15FEAFFFBB3644CCC80C5DA584E6311
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): WudfRd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Driver Foundation - User-mode Driver Framework Reflector
    Description: Reflect device requests to user-mode driver drivers
    Image path: system32\DRIVERS\wudfrd.sys
    Image size: 82944
    Image MD5: 28B524262BCE6DE1F7EF9F510BA3985B
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): WudfSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Driver Foundation - User-mode Driver Framework
    Description: Manages user-mode driver host processes
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay

    Service (registry key): WZCSVC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Wireless Zero Configuration
    Description: Provides automatic configuration for the 802.11 adapters
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,Ndisuio

    Service (registry key): xmlprov
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Network Provisioning Service
    Description: Manages XML configuration files on a domain basis for automatic network

    provisioning.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 0B3290FB3815F5F6553E198642BB7E07
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): yukonwxp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller
    Image path: system32\DRIVERS\yk51x86.sys
    Image size: 250496
    Image MD5: A5D4EAE27E68625296D685A786897491
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): zntport
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NTPort Library Driver
    Image path: \SystemRoot\System32\drivers\zntport.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): {BA74ACA5-A8A2-4E6A-8E2B-03415D7E5686}
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): {F5FB1C6B-FE38-439D-A95C-513F4053054B}
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

  9. #9
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello fomachu,

    Eight posts in 4 topics, two forums merged to this one.

    Please see this sticky faq: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Do NOT run 'FIXES' before helpers have analyzed the HJT log

    Start a new topic providing the HJT log and a link to this thread which I have closed as helpers look for threads without a response.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •