Argh - Mr. Findalot strikes again!

[merripan]

I seem to be unable to stop this darned thing from coming through and taking over my computer. Wouldn't be so bad except I *know* I didn't authorize the @$%$##$% thing to download and start randomly linking things on my web pages...

I don't seem to be able to find anything on how to get rid of it. I've used Spybot (fabu product for the basics), as well as Hijack This and Super AntiSpyware... We continue to find new and interesting things downloaded onto the computer, and get rid of *them* - but Mr. Findalot seems to be sticking...

Help?

 

[tashi]

Hello, please see our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps

Copy paste the HJT log here into this thread along with the results of the on-line anti-virus scan, and a helper will advise you as soon as available to do so.

Cheers.

 

[merripan]

The logs - part 1:

Spybot report:

--- Search result list ---
SurfSideKick: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5E2A3E7-00FE-4D31-A030-A10799DDCA66}

SurfSideKick: Data (File, fixed)
C:\WINDOWS\system32\b7icny1.cml

SurfSideKick: Data (File, fixing failed)
C:\WINDOWS\system32\b7icny.cml

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

MS Media Player: Application data file (global) () (File, fixed)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

MS Media Player: Anonymous ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-57989841-1677128483-1957994488-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS DirectDraw: Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Search Assistant: Typed search terms history (Registry key, fixed)
HKEY_USERS\S-1-5-21-57989841-1677128483-1957994488-1003\Software\Microsoft\Search Assistant\ACMru

Windows Explorer: User Assistant history IE (6 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-57989841-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (11 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-57989841-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-57989841-1677128483-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: Cookie (6) (Cookie, fixed)


Cache: Cache (299) (Cache, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2006-08-05 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-04 Includes\Cookies.sbi (*)
2006-08-04 Includes\Dialer.sbi (*)
2006-08-04 Includes\Hijackers.sbi (*)
2006-08-04 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-08-04 Includes\Malware.sbi (*)
2006-08-04 Includes\PUPS.sbi (*)
2006-08-04 Includes\Revision.sbi (*)
2006-08-04 Includes\Security.sbi (*)
2006-08-04 Includes\Spybots.sbi (*)
2005-02-16 Includes\Tracks.uti (*)
2006-08-04 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600)
/ Windows XP / SP2: Windows XP Hotfix - KB837001


--- Startup entries list ---
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, Nm6NqZ
command: "C:\WINDOWS\System32\riwzkn.exe"
file: C:\WINDOWS\System32\riwzkn.exe
size: 1163264
MD5: b47e23b7021409a6349871f89f522130

Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: HK_CU:Run, SUPERAntiSpyware
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1257472
MD5: 420d1414eb2f212efad2462cab715b6c

Located: Startup (common), Adobe Reader Speed Launch.lnk (DISABLED)
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Microsoft Works Calendar Reminders.lnk (DISABLED)
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 24633
MD5: 7084b58a098d2f83b304832251a8c6a8

Located: Startup (common), Streamload Downloader.lnk (DISABLED)
command: D:\Streamload\SlDB\SlDB.exe
file: D:\Streamload\SlDB\SlDB.exe
size: 737280
MD5: 8564844af308a42bcd064353f447506e

Located: Startup (user), Streamload Uploader.lnk (DISABLED)
command: D:\Streamload\StreamMgr.exe
file: D:\Streamload\StreamMgr.exe
size: 397312
MD5: e9768e9f5db39f869613115d9609f2bd

Located: Startup (disabled), hp psc 1000 series (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
size: 147456
MD5: 5b5ba04f26e46adc57d6e1c8b138ec9d

Located: Startup (disabled), hpoddt01.exe (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
size: 40960
MD5: 7d750887e39563620bc5f057295a501d

Located: Startup (disabled), Image Transfer (DISABLED)
command: C:\PROGRA~1\SONYCO~1\IMAGET~1\SonyTray.exe
file: C:\PROGRA~1\SONYCO~1\IMAGET~1\SonyTray.exe
size: 73728
MD5: 2d7b847da5e569ed4e0b15feefb8fcc4

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 258048
MD5: 2a4f64d8073b5309f5da3bd8dd78ca66

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{A5AD8FF3-64A3-4A07-BE7E-A7E6C197DF73} ()
BHO name:
CLSID name:

{E5E2A3E7-00FE-4D31-A030-A10799DDCA66} ()
BHO name:
CLSID name:



--- ActiveX list ---
{00000161-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\msaudio.inf
Codebase: http://codecs.microsoft.com/codecs/i386/msaudio.cab
description: Microsoft Audio Codec
classification: Legitimate
known filename: MSAUDIO.CAB
info link:
info source: Patrick M. Kolla

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\Shockwave 10\
Long name: Download.dll
Short name: DOWNLOAD.DLL
Date (created): 6/26/2006 10:03:10 AM
Date (last access): 8/16/2006
Date (last write): 6/26/2006 10:03:10 AM
Filesize: 108208
Attributes: archive
MD5: E1C2DE5D890044ACE083F33FB2348E9C
CRC32: FAD496AC
Version: 10.1.3.18

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase: http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_06.inf
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 8/15/2006
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 8/16/2006
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 8/16/2006
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

 

[merripan]

The Logs - Part 2:

--- Process list ---
PID: 0 ( 0) [System]
PID: 424 ( 4) \SystemRoot\System32\smss.exe
PID: 484 ( 424) \??\C:\WINDOWS\system32\csrss.exe
PID: 508 ( 424) \??\C:\WINDOWS\system32\winlogon.exe
PID: 552 ( 508) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 564 ( 508) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: 8A590EA109B5E0C7629E022F8A6B17C5
PID: 740 ( 552) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 812 ( 552) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 908 ( 552) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 960 ( 552) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1064 ( 552) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1268 ( 552) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 186419
MD5: A0A8E8A38B5D40A4A90610DE80541EF1
PID: 1280 ( 552) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 23091
MD5: 5A92D5B31D37CA40EF6CE18050751B71
PID: 1340 ( 552) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1384 ( 552) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 1596 (1504) C:\WINDOWS\Explorer.EXE
size: 1000960
MD5: 5A26FC6010886D25B3E412493DD95ED8
PID: 2016 (1596) C:\WINDOWS\System32\riwzkn.exe
size: 1163264
MD5: B47E23B7021409A6349871F89F522130
PID: 2044 (2016) C:\WINDOWS\System32\hauc.exe
size: 36864
MD5: 2E819F4A6E0A6C9491D81D15A7654DA3
PID: 184 (1596) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 200 (1596) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1257472
MD5: 420D1414EB2F212EFAD2462CAB715B6C
PID: 372 (1596) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 91136
MD5: 92B1834F54EAB14B0B7137E6CEF5E1B2
PID: 468 (1596) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 91136
MD5: 92B1834F54EAB14B0B7137E6CEF5E1B2
PID: 1668 (1596) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

 

[merripan]

The logs - Part 3:

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/16/2006 11:31:08 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

 

[merripan]

The logs - Part 4:

Spybot - continued...

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{99FEC0CC-937F-4EB9-84C9-080A31412322}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{99FEC0CC-937F-4EB9-84C9-080A31412322}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FC330BF-8937-43D2-B244-A47797807E6B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FC330BF-8937-43D2-B244-A47797807E6B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F68188D-0E94-481A-A9B0-38453A5AD29C}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F68188D-0E94-481A-A9B0-38453A5AD29C}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7AA11F12-9A04-4E1F-820A-211109D6AEA5}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7AA11F12-9A04-4E1F-820A-211109D6AEA5}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

 

[merripan]

The logs - Part 5:

Spybot - the final input:

--- Uninstall list ---
(AddressBook)

Adobe Premiere 6.0 6.0 (Adobe Premiere 6.0)
install location: C:\Program Files\Adobe\Premiere 6.0
install source: C:\INSTAL~1\ADOBEP~1.0\ADOBE_~1.0\
uninstall cmd: C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
publisher: Adobe Systems, Inc.

AVG Anti-Virus 7.0 (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

CamStudio (CamStudio)
uninstall cmd: C:\Program Files\CamStudio\uninstall.exe

Canon Photo Effects (Canon Photo Effects)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon Software\FX2.isu"

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(Fontcore)

 

[merripan]

Oops - Still more on the spybot logs:

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Molly and Fred et al\Desktop\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

HP Photo and Imaging 2.0 - hp psc 1200 series (HP PSC 1200 Series)
uninstall cmd: C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Windows XP Hotfix - KB837001 20040318.095048 (KB837001)
uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=837001

Logitech Print Service (Logitech Print Service)
uninstall cmd: C:\PROGRA~1\LOGITECH\PRINTS~1\UNWISE.EXE C:\PROGRA~1\LOGITECH\PRINTS~1\INSTALL.LOG

MAGIX mp3 maker gold 2.0.3.0 (MAGIX mp3 maker gold)
uninstall cmd: C:\MAGIX\mp3mgold\unwise.exe C:\MAGIX\mp3mgold\INSTALL.LOG
publisher: MAGIX Entertainment

MAGIX playR jukebox 2.12.0.0 (MAGIX playR jukebox)
uninstall cmd: C:\MAGIX\playR_jukebox\unwise.exe C:\MAGIX\playR_jukebox\INSTALL.LOG
publisher: MAGIX Entertainment

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Quicklinks (Mouhb)
uninstall cmd: "C:\WINDOWS\System32\poznfsqy.exe" -jRRpZZoF

(MPlayer2)

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NeroVision Express 2 (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

Nero Media Player (NMPUninstallKey)
uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Command & Conquer Red Alert 2 (Red Alert 2)
uninstall cmd: D:\Westwood\Uninstll.EXE

Advanced RealMedia Export Plug-in for Premiere 6.0 (RNCompiler 6.0)
uninstall cmd: C:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0

(SchedulingAgent)

Serials 2000 (Serials 2000)
uninstall cmd: "C:\Program Files\Serials 2000\uninst-s2k.exe"

Shareaza version 2.2.1.0 2.2.1.0 (Shareaza_is1)
install location: C:\Program Files\File Sharing Revolution\
uninstall cmd: "C:\Program Files\File Sharing Revolution\Uninstall\unins000.exe"
publisher: File Sharing Revolution
comments: File Sharing Revolution
help link: http://www.filesharingrevolution.com/support.php

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

SmartFTP Client 2.0 Setup Files (remove only) "2.0" (SmartFTP Client 2.0 Setup Files)
uninstall cmd: "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
publisher: "SmartFTP"
help link: "http://www.smartftp.com/support"

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Streamload Downloader (remove only) (Streamload Downloader)
uninstall cmd: "d:\streamload\SlDB\uninstall-sldb.exe"

Streamload Uploader (remove only) (Streamload Uploader)
uninstall cmd: "D:\Streamload\uninstall-uploader.exe"

(TSAUNINST)

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

Westwood Shared Internet Components (WOLAPI)
uninstall cmd: C:\Westwood\Internet\UnstllAP.EXE

Yahoo! Anti-Spy (Yahoo! Anti-Spy)
uninstall cmd: C:\PROGRA~1\YAHOO!\COMMON\unypsr.exe

Yahoo! Toolbar for Internet Explorer (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\YAHOO!\COMMON\unyt.exe

Yahoo! Internet Mail (Yahoo! Internet Mail)
uninstall cmd: C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

Yahoo! Toolbar (Yahoo! Toolbar)

Yahoo! Install Manager (YInstHelper)
uninstall cmd: C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Command && Conquer Red Alert 2 - Yuri's Revenge (Yuri's Revenge)
uninstall cmd: D:\Westwood\Uninstll.EXE

1 ({00F58CB0-F392-6ECA-183A-53F60E83E184})
install date: 20060805

ImageMixer for Sony ({1B4AA674-F5CA-4BB5-831A-CD37B4021959})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122313
install date: 20060402
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt

WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2532
install date: 20060401
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Image Transfer ({564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL

Logitech ImageStudio 7.30.0000 ({5A24DD7E-7B01-41AC-ADA8-F1776177A3BA})
version: 119406592
version (major): 7
version (minor): 30
estimated size: 146025
install date: 20060402
install location: C:\Program Files\Logitech\ImageStudio\
install source: E:\ImageStudio\enu\
uninstall cmd: MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
publisher: Logitech, Inc.
contact: Logitech® Customer Support
help link: http://www.logitech.com/support
help telephone: USA: (702) 269-3457 UK: +44 (0) 1344-894301
readme: C:\Program Files\Logitech\ImageStudio\Readme.txt

Sony USB Driver ({5C29CB8B-AC1E-4114-8D68-9CD080140D4A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

HP Photo and Imaging 2.0 - All-in-One Drivers 1.00.0000 ({6ECB39BD-73C2-44DD-B1A0-898207C58D8B})
version: 16777216
version (major): 1
estimated size: 52761
install date: 20060402
install location: C:\Program Files\Hewlett-Packard\Digital Imaging\
install source: E:\
uninstall cmd: MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:

Ulead GIF Animator 5 TBYB ({8AF3E926-ED59-11D4-A44B-0000E86D2305})
version (major): 5
version (minor): 5
install location: C:\Program Files\Ulead Systems\Ulead GIF Animator 5 TBYB
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" -l0x9
publisher: Ulead System

Logitech IM Video Companion 1.3.0.2041 ({984F10FD-11FD-4BED-8163-92DB81E6A825})
install source: E:\VideoIM\ENU\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x9 UNINSTALL
publisher: Logitech
help link: http://support.logitech.com

HP Photo and Imaging 2.0 - All-in-One 1.00.0000 ({9867A917-5D17-40DE-83BA-BEA5293194B1})
version: 16777216
version (major): 1
estimated size: 552747
install date: 20060402
install location: C:\Program Files\Hewlett-Packard\Digital Imaging\
install source: E:\
uninstall cmd: MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:

Serials 2000 7.1 ({AA64977E-BEC8-4BDD-81E8-775F9F2FA2FF})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 1424
install date: 20060508
install location: C:\Program Files\Serials 2000\
install source: C:\WINDOWS\Downloaded Installations\{CDA1684C-BAA7-4CB9-9BF4-46FB876BD116}\
uninstall cmd: MsiExec.exe /I{AA64977E-BEC8-4BDD-81E8-775F9F2FA2FF}
publisher: Serials2000 - Powered By The GeFcReW
comments: Install Made By The GeFcReW Oct 2004
contact: setup@serials2000.org
help link: http://www.Serials2000.org

Adobe Reader 7.0.8 7.0.8 ({AC76BA86-7AD7-1033-7B44-A70700000002})
version: 117440520
version (major): 7
estimated size: 68622
install date: 20060618
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

HP Memories Disc 1.0.4.805 ({B376402D-58EA-45EA-BD50-DD924EB67A70})
version: 16777220
version (major): 1
estimated size: 24156
install date: 20060402
install source: E:\setup\mm\
uninstall cmd: MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
publisher: Hewlett-Packard Company
comments: hp memories disc creator software
help link: http://www.hp.com
help telephone: (208) 323-2551

Adobe Flash Player 9 ActiveX 9.0.16.0 ({BB65C393-C76E-4F06-9B0C-2124AA8AF97B})
version: 150994960
version (major): 9
estimated size: 2314
install date: 20060813
install location: C:\WINDOWS\System32\Macromed\Flash\
install source: C:\Documents and Settings\Molly and Fred et al\Desktop\
uninstall cmd: MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
publisher: Adobe Systems, Inc.
help link: http://www.macromedia.com/go/flashplayer_support/

SmartFTP Client 2.0 2.0.996 ({C169D3BB-9A27-43F5-9979-09A0D65FE95C})
version: 33555428
version (major): 2
estimated size: 10737
install date: 20060711
install location: C:\Program Files\SmartFTP Client 2.0\
install source: C:\Program Files\SmartFTP Client 2.0 Setup Files\
uninstall cmd: MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
publisher: SmartFTP
help link: http://www.smartftp.com/support

hp psc 1200 series 1.00.0000 ({C900EF06-2E76-49C7-8DB0-41F629B21DC5})
version: 16777216
version (major): 1
estimated size: 6781
install date: 20060402
install source: C:\Program Files\Hewlett-Packard\Digital Imaging\product\
uninstall cmd: MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:

SUPERAntiSpyware Free Edition 3.2.0.1028 ({CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA})
version: 50462720
version (major): 3
version (minor): 2
estimated size: 7923
install date: 20060806
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
publisher: SUPERAntiSpyware.com
help link: http://www.superantispyware.com/support.html

Microsoft Works 6.0 06.00.1829 ({F8D0829C-9C6F-11D3-8080-00C04FA329AA})
version: 100665125
version (major): 6
estimated size: 94005
install date: 20060417
install location: INSTALLDIR
install source: E:\
uninstall cmd: MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
publisher: Microsoft Corporation
comments: Microsoft Works 6.0 installation.
help link: http://support.microsoft.com/support/works
help telephone:

 

[merripan]

Further spybot log:

--- System Services ---
Service (registry key): 3dfxvs
Image path: System32\DRIVERS\3dfxvsm.sys
Image size: 148352
Image MD5: B6BBE5503E6460BDFA2AECB972A07C1A
Start: 3
Type: 1
Error Control: 0

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 179200
Image MD5: 45E0D94158CA0EC71FF12DBB81B39ED3
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 122472
Image MD5: B45A744CA0A15A59D8B0307CE9741E92
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): AFS2K
Display name: AFS2k
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 40960
Image MD5: C23EB4661BF60C77280F8A3620D43B8E
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): amdagp
Display name: AMD AGP Bus Filter Driver
Image path: System32\DRIVERS\amdagp.sys
Image size: 27648
Image MD5: 8D49DB427F7C6EB6A044FEA26CFAD4FF
Start: 0
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): Aspi32
Start: 0
Type: 0
Error Control: 0

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 13568
Image MD5: 03F403B07A884FC2AA54A0916C410931
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 86656
Image MD5: A64013E98426E1877CB653685C5C0009
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57216
Image MD5: 8D735CA1CBDB0081B0E3B9FF0EB222D0
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Image size: 186419
Image MD5: A0A8E8A38B5D40A4A90610DE80541EF1
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsXP
Display name: AVG7 Rezident Driver
Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Image size: 23091
Image MD5: 5A92D5B31D37CA40EF6CE18050751B71
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Uses idle network bandwidth to transfer data.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,RpcSs

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Display name: Closed Caption Decoder
Image path: System32\DRIVERS\CCDECODE.sys
Image size: 16384
Image MD5: FDC06E2ADA8C468EBB161624E03976CF
Start: 3
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 47488
Image MD5: CB762E814F602229A574F4D78D3D6A30
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): cisvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\cisvc.exe
Image size: 5120
Image MD5: 325F1D50AFD0D6CE830938262AC2AE14
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 30720
Image MD5: 08EBC742345AB7EF2EC29BC92D6D33DD
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 4608
Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 33664
Image MD5: 43A10CD19D648E57ED039A6CAA667A56
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 204800
Image MD5: 67648497FDC9A9235A2642950E326756
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 780928
Image MD5: E18132D39407AADCA6B1D19ADF408A8A
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 146304
Image MD5: ACA44E9A8E2FF7C833664263C8478629
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 50048
Image MD5: EF05974D47D56FA8387F170F05BAE5E7
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2816
Image MD5: AA94E0CBD79DB63100D0EAE061EB69BC
Start: 3
Type: 1
Error Control: 1

Service (registry key): ds1
Display name: Yamaha DS1 Audio Driver (WDM)
Image path: system32\drivers\ds1wdm.sys
Image size: 334208
Image MD5: 6CF04C9FB5BC974C0A472BC81FD56366
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 101376
Image MD5: E3DF4A0252D287C44606EE55355E1623
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 26240
Image MD5: 19C5C7EAC0190A42522290BF002F64EA
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: System32\DRIVERS\flpydisk.sys
Image size: 19712
Image MD5: 21E41E89B9B191B685F99B7A8885310B
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): gameenum
Display name: Game port for Yamaha DS1
Image path: system32\drivers\gameenum.sys
Image size: 9728
Image MD5: 90D951A8876631E617ED64A9DDF0BAFC
Start: 3
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 33792
Image MD5: 13591E0A02E85DE2A388F3EC4BD206DF
Start: 3
Type: 1
Error Control: 1

 

[merripan]

Spyware registry key logs

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1

Service (registry key): hpt3xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): HPZid412
Display name: IEEE-1284.4 Driver HPZid412
Image path: System32\DRIVERS\HPZid412.sys
Image size: 50960
Image MD5: 2A8A2AA68185B47632188F1A8BE44170
Start: 3
Type: 1
Error Control: 1

Service (registry key): HPZipr12
Display name: Print Class Driver for IEEE-1284.4 HPZipr12
Image path: System32\DRIVERS\HPZipr12.sys
Image size: 16080
Image MD5: 0A520679B0AD3F438E88B746D0C5BA6C
Start: 3
Type: 1
Error Control: 1

Service (registry key): HPZius12
Display name: USB to IEEE-1284.4 Translation Driver HPZius12
Image path: System32\DRIVERS\HPZius12.sys
Image size: 22384
Image MD5: 1D53F2B2051A3FCE2C8EF0E01B042E25
Start: 3
Type: 1
Error Control: 1

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 50944
Image MD5: 54AE656490B33F84B4417194AA127B25
Start: 1
Type: 1
Error Control: 1

Service (registry key): Imapi
Start: 1
Type: 1
Error Control: 0

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\imapi.exe
Image size: 118784
Image MD5: F6069827B0A39DC75D251CFB37C4E9C9
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 19584
Image MD5: F56DD863BA732A4E8EE58D486C31250F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 76288
Image MD5: 561E2AEDE82CAE972D572C60D4E090BF
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 56064
Image MD5: 87AD207BC4437F215508024559D72F30
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 10496
Image MD5: B43201394646B7E98C89056EDDA686B5
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 23424
Image MD5: 9C30CD464D87102497FD7C32910E6253
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 159232
Image MD5: ECD42891ECC1CA80FCB849511D3DF186
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): MASPINT
Start: 0
Type: 0
Error Control: 0

 

[merripan]

Further spybot registry key logs

Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mnmsrvc.exe
Image size: 32768
Image MD5: 743AEA1D5DB177ED3F1A0A25B3F5D6A6
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 22016
Image MD5: E534CCBA5714E8BFFF4FB97D6453898F
Start: 1
Type: 1
Error Control: 1

Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: System32\DRIVERS\mrxdav.sys
Image size: 172672
Image MD5: D30CBA20CC355D3648B9FED5BB55A9D5
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 407680
Image MD5: A3AD34D36242E92C86B0C1BFBD131255
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\System32\msdtc.exe
Image size: 6144
Image MD5: 073D2F5B53580583FEB704084CBA39CE
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Installs, repairs and removes software according to instructions contained in .MSI files.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\msiexec.exe /V
Image size: 63488
Image MD5: E7A49533944654EDD82D26338DF0FD05
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7424
Image MD5: 85736F804191CB420A31ACA2A7F0674F
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5248
Image MD5: E943ADB93D83C5CBC0CA3F53F53B48CC
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4608
Image MD5: F6A726B8832DB1F88326B8BE98B11981
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 5504
Image MD5: D5059366B361F0E1124753447AF08AA2
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): NABTSFEC
Display name: NABTS/FEC VBI Codec
Image path: System32\DRIVERS\NABTSFEC.sys
Image size: 83968
Image MD5: AC31B352CE5E92704056D409834BEB74
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisIP
Display name: Microsoft TV/Video Connection
Image path: System32\DRIVERS\NdisIP.sys
Image size: 10112
Image MD5: ABD7629CF2796250F315C1DD0B6CF7A0
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 12160
Image MD5: DA77857D9F9BC724D779DF64DA15164B
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 88320
Image MD5: DF101384699C87C70E9BD71DDF0E8509
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 33152
Image MD5: 9F880D46EF6DCC865B8EF5C5A4956E3B
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 150272
Image MD5: 58A5116194BC0AD86A6BBDBDFA5E1240
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 105984
Image MD5: 8A45EC36DF58BF90816A14E9F21075DC
Start: 3
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 105984
Image MD5: 8A45EC36DF58BF90816A14E9F21075DC
Start: 3
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

 

[merripan]

Even more spybot registry key logs

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): Parport
Display name: Parallel port driver
Image path: System32\DRIVERS\parport.sys
Image size: 76160
Image MD5: 1424FFBF560627B07CCE5082FA837F5C
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 62464
Image MD5: 1F96EECDF5D1E3385AC44C6A457B381F
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Image path: System32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 101376
Image MD5: E3DF4A0252D287C44606EE55355E1623
Start: 2
Type: 32
Error Control: 1

Service (registry key): Pml Driver HPZ12
Display name: Pml Driver HPZ12
Object name: LocalSystem
Image path: C:\WINDOWS\System32\HPZipm12.exe
Image size: 65536
Image MD5: 364E30F27BE1E6DED83E81C4DE93E808
Start: 4
Type: 16
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: System32\DRIVERS\raspptp.sys
Image size: 46464
Image MD5: 5849957DC3F7CAE702E03B69744B9BFE
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Display name: Processor Driver
Image path: System32\DRIVERS\processr.sys
Image size: 30592
Image MD5: 72F923F0A0FDFBE3252579CA1D1D8948
Start: 1
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

 

[merripan]

Yet further spybot registry key logs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: System32\DRIVERS\psched.sys
Image size: 65920
Image MD5: 7FD061B0B0833D5106244B0CF2A1E68C
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 20640
Image MD5: 183EF96BCC2EC3D5294CB2C2C0ECBCD1
Start: 0
Type: 1
Error Control: 1

Service (registry key): QCMerced
Display name: Logitech QuickCam Express
Image path: System32\DRIVERS\LVCM.sys
Image size: 472396
Image MD5: D8EC7E2FBF3B8D66FF8F435338BE41FE
Start: 3
Type: 1
Error Control: 1

Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 48640
Image MD5: 01BD60CDE35D8B60F46EBDF5358D7127
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: System32\DRIVERS\raspppoe.sys
Image size: 38912
Image MD5: 888335B3BE346119CF7B4EFF3A3FCA7C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 163840
Image MD5: DE300831C74CFF09091E954A1844BDBF
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: System32\DRIVERS\rdpdr.sys
Image size: 181632
Image MD5: 57F34F83E278DD804BA4A0593D789312
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 130048
Image MD5: E6E3C190B143A6190C73F049EC39C37C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 55808
Image MD5: DD2183A5092FEEE8961A1E19ABD1A0FC
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\locator.exe
Image size: 68096
Image MD5: 0C17B00F9ACC99139780C0E931C11F16
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\System32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): rtl8139
Display name: Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver
Image path: System32\DRIVERS\RTL8139.SYS
Image size: 23070
Image MD5: 7A0DB9FC3DC3C620AEA30EA2A6557CAC
Start: 3
Type: 1
Error Control: 1

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

 

[merripan]

And more spybot registry key logs:

Service (registry key): SASDIFSV
Display name: SASDIFSV
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Image size: 5632
Image MD5: A578A5212693F3256A0168E8F3222220
Start: 1
Type: 1
Error Control: 1

Service (registry key): SASENUM
Display name: SASENUM
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Image size: 4096
Image MD5: 7F1085895E499907F68DF7731924122B
Start: 3
Type: 1
Error Control: 1

Service (registry key): SASKUTIL
Display name: SASKUTIL
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Image size: 23552
Image MD5: C80114083FD2DE6AA456D23479E1BAB0
Start: 1
Type: 1
Error Control: 1

Service (registry key): SCardDrv
Display name: Smart Card Helper
Description: Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 93184
Image MD5: A885D4EDE9852D81981B32FB0F134703
Start: 3
Type: 32
Error Control: 0
Depends On group: "Smart Card Reader"

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 93184
Image MD5: A885D4EDE9852D81981B32FB0F134703
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: System32\DRIVERS\secdrv.sys
Image size: 27440
Image MD5: D26E26EA516450AF9D072635C60387F4
Start: 3
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: System32\DRIVERS\serenum.sys
Image size: 14976
Image MD5: 65A7C4D86C153C82E33A552C217ABB29
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: System32\DRIVERS\serial.sys
Image size: 62464
Image MD5: 1A315877D2EFCC2D0FF892D6BDB845B5
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Display name: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: Netman,NLA,RasMan,ALG

Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): SLIP
Display name: BDA Slip De-Framer
Image path: System32\DRIVERS\SLIP.sys
Image size: 10880
Image MD5: 1FFC44D6787EC1EA9A2B1440A90FA5C1
Start: 3
Type: 1
Error Control: 1

Service (registry key): sonypvs1
Display name: Sony Digital Imaging Video2
Image path: System32\DRIVERS\sonypvs1.sys
Image size: 102220
Image MD5: DFADFC2C86662F40759BF02ADD27D569
Start: 3
Type: 1
Error Control: 1

Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1

Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 5632
Image MD5: 2C55620B197ED2BA93126B76396BFF6E
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 51200
Image MD5: 9B4155BA58192D4073082B8FC5D42612
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

 

[merripan]

more registry key logs

Service (registry key): sr
Display name: System Restore Filter Driver
Image path: System32\DRIVERS\sr.sys
Image size: 70400
Image MD5: F899A5D353DCBBA12EACB379E7ABFEEE
Start: 0
Type: 2
Error Control: 1

Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: System32\DRIVERS\srv.sys
Image size: 330368
Image MD5: 94619EB663216F9BF12F9B950FCAB3C0
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1

Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k imgsvc
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): streamip
Display name: BDA IPSink
Image path: System32\DRIVERS\StreamIP.sys
Image size: 14976
Image MD5: A9F9FD0212E572B84EDB9EB661F6BC04
Start: 3
Type: 1
Error Control: 1

Service (registry key): swenum
Display name: Software Bus Driver
Image path: System32\DRIVERS\swenum.sys
Image size: 4096
Image MD5: 616A013D3EA068B6DEE83D905E92EE9F
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{A69C54CC-F050-4A9E-9837-9D219EEE41A7}
Image size: 4608
Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 57472
Image MD5: D0459F71807CCE71FE26A52F2EDEBAD9
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 86016
Image MD5: BB5F528DC9BA1F233730223385F3EFC2
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: System32\DRIVERS\tcpip.sys
Image size: 327168
Image MD5: E7774698BB0D14B0710A9A31E209F9B6
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: System32\DRIVERS\termdd.sys
Image size: 37896
Image MD5: 68B71EB2E79F60640B4B3A1A714317E5
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): TlntSvr
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\tlntsvr.exe
Image size: 60928
Image MD5: 0A69B1943DBC28DAED192CF646D1B0EE
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP

 

[merripan]

final registry key log for spybot

Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1

Service (registry key): UMWdf
Display name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Object name: NT AUTHORITY\LocalService
Image path: C:\WINDOWS\System32\wdfmgr.exe
Image size: 38912
Image MD5: AB0A7CA90D9E3D6A193905DC1715DED0
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): Update
Display name: Microcode Update Driver
Image path: System32\DRIVERS\update.sys
Image size: 137088
Image MD5: 164CFAE1D766905F56C432ACFC54F28C
Start: 3
Type: 1
Error Control: 1

Service (registry key): uploadmgr
Display name: Upload Manager
Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 16384
Image MD5: 3F324808E5C57399430E0C70AD565145
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbaudio
Display name: USB Audio Driver (WDM)
Image path: system32\drivers\usbaudio.sys
Image size: 56448
Image MD5: 0B8C44A88036E5E9CA60DC7C881BF30C
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbccgp
Display name: Microsoft USB Generic Parent Driver
Image path: System32\DRIVERS\usbccgp.sys
Image size: 24960
Image MD5: 7F3366DE16A0E9390DA0ED32AB58D05D
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Display name: Microsoft USB Standard Hub Driver
Image path: System32\DRIVERS\usbhub.sys
Image size: 50688
Image MD5: 1766FAA3A5079D0DB3EFB331DAC587ED
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: System32\DRIVERS\usbohci.sys
Image size: 15616
Image MD5: BA6B6215621255F0CD231F08B7D5D8CB
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Display name: Microsoft USB PRINTER Class
Image path: System32\DRIVERS\usbprint.sys
Image size: 24832
Image MD5: 3768DF6B52CD1A25828157379800E14F
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Display name: USB Scanner Driver
Image path: System32\DRIVERS\usbscan.sys
Image size: 13824
Image MD5: 96F74BD303006971DE644BCA1A7ED858
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: System32\DRIVERS\USBSTOR.SYS
Image size: 21760
Image MD5: 694F2B90124EB086C38C18DA97A13E48
Start: 3
Type: 1
Error Control: 1

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): ViaIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 275456
Image MD5: F422CECCF4B02790F80176CF3F4759C0
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: System32\DRIVERS\wanarp.sys
Image size: 33280
Image MD5: 484AF08F15D1306FF2E8B64FE62A160C
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 79616
Image MD5: 1106767A0647BF3BE4535C91F74FE7DA
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS,Eventlog

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Image size: 117248
Image MD5: B7891998B0F21C8D1A928C0578B0368B
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WS2IFSL
Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Image path: \SystemRoot\System32\drivers\ws2ifsl.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): WSTCODEC
Display name: World Standard Teletext Codec
Image path: System32\DRIVERS\WSTCODEC.SYS
Image size: 18688
Image MD5: 233CDD1C06942115802EB7CE6669E099
Start: 3
Type: 1
Error Control: 1

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1

Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): YAMAHA
Start: 0
Type: 0
Error Control: 0

Service (registry key): {6FC330BF-8937-43D2-B244-A47797807E6B}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {99FEC0CC-937F-4EB9-84C9-080A31412322}
Start: 0
Type: 0
Error Control: 0

 

[merripan]

Hijack This log... The whole thing.

Logfile of HijackThis v1.99.1
Scan saved at 11:33:53 AM, on 8/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\riwzkn.exe
C:\WINDOWS\System32\hauc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Molly and Fred et al\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nm6NqZ] "C:\WINDOWS\System32\riwzkn.exe"
O18 - Filter: text/html - {9925D813-EAAC-44AA-BBA7-02DD66D3C6FE} - C:\WINDOWS\System32\vm7cmapox.dll

 

[merripan]

Sorry for the plethora..

Hello, please see our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps

Copy paste the HJT log here into this thread along with the results of the on-line anti-virus scan, and a helper will advise you as soon as available to do so.

Cheers.

I wasn't sure exactly what you needed out of the spybot logs - so I put the whole thing on here... I have two hard drives on my computer, one of them very LARGE... Apologies for the extent of the log - I figured if I gave it all to you, you could glean from it what you needed, rather than continuing to ask for further information.

Cheers!:crowned:

 

[tashi]

Hello merripan

Sorry for the wait, it is possible that because of the amount of posts, helpers may have thought you were already being advised.

If you are still in need of assistance we have this sticky topic:

If you have waited four days for advice post here.


Is there a reason Windows has not been updated?

Please see:
You and Windows, a joint effort

Have you updated Windows?


Cheers.

 

[tashi]

This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.