TrojansC.sbi | Zlob.DNSChanger.rt

K

kpwelch

New member
Hi,

Another victim for you. I have been getting the following error message the past two nights. SpyBot and Ad-Aware run overnight scans. The error message causes the PC to lock up, I could not even save a screen shot of the error message. Power off re-boot. No apparent issues after.

I have read several threads and have performed the following:
HiJackThis scan, created a couple of issues, files will be posted.
Spy-Bot scan in Safe Mode, crashed the computer to power off, twice.
Next Safe Mode try, I set Avast for a boot scan, and then I ran a full Ad-Aware Scan, no issues, then SpyBot, crash to power off.
Next Safe Mode, SpyBot, crash to power off.
I have added Online Armour to my system , but the files were all run Prior to that install.

Kapersky Online Scan

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 11, 2008 1:06:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3, v.3311 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 697678
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 119528
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 04:32:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Lavasoft\Ad-Aware\Logs\AWEVLOG.txt Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\history.dat Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\key3.db Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kevin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk2kd3vp.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\MSHist012008041120080412\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temp\~DFC85C.tmp Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kevin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Inetpub\catalog.wci\00000002.ps1 Object is locked skipped
C:\Inetpub\catalog.wci\00000002.ps2 Object is locked skipped
C:\Inetpub\catalog.wci\00010003.ci Object is locked skipped
C:\Inetpub\catalog.wci\cicat.fid Object is locked skipped
C:\Inetpub\catalog.wci\cicat.hsh Object is locked skipped
C:\Inetpub\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiP10000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiP20000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiST0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\INDEX.000 Object is locked skipped
C:\Inetpub\catalog.wci\propstor.bk1 Object is locked skipped
C:\Inetpub\catalog.wci\propstor.bk2 Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\YPOPs\ypops.log Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010007.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP584\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3b4.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3d0.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
HiJackLog

Logfile of HijackThis v1.99.1
Scan saved at 5:24:15 AM, on 4/11/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\vmnat.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Startup: YPOPs.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} -
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.1) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBCE41FD-73C4-4C06-8D1D-A24184EA5C1F}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
 
HiJackThis errors 1 & 2

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.



and the second



An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
 
hi kpwelch,

sorry for delay, no shortage of posters. i dont see anything in the logs that i recognize as malware. the online scan looks ok, is ad aware coming up clean after a scan? lets try a different malware scanner also for another opinion.
also delete that copy of hjt and get the new version, may help with the errors.

new hjt;

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your (Click --> ) next reply.

Please download Malwarebytes' Anti-Malware to your desktop:

http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

post the new hjt log and the malwarebytes log.

shelf life
 
New HTJ log

Hi,

Thanks for responding. Don't worry about the delay, other than the error message from Spy-Bot every night I see no effects yet. But I may be naive.

Here is your new scan,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:47 PM, on 4/20/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Startup: YPOPs.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} -
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.1) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBCE41FD-73C4-4C06-8D1D-A24184EA5C1F}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9624 bytes

Next one coming up.

Regards,

Kevin
 
Malwarbytes Log

Hi there,

Here is the other log you requested. Please let me know if you need anything else. Thanks for your time and attention.

Regards,

Kevin




Malwarebytes' Anti-Malware 1.11
Database version: 663

Scan type: Full Scan (C:\|)
Objects scanned: 154611
Time elapsed: 1 hour(s), 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
hi kpwelch,

your welcome. more good news as you have already seen. The malwarebytes log looks good. can you provide the item spybot is flagging?
after a scan if you right click in the window there is a option to copy to clip board. cant check now iam on a linux machine, it should copy only the flagged item not the entire scan result. or just right it down and type it in your reply.

edit:
scratch that, i just re-read running spybot causes your machine to crash? even in safe mode. i think there is a way to pull up scan logs in spybot, but if its crashing there may be no log. poke around spybot and see and i will check also on windows machine.
 
Last edited:
hi kpwelch,

launch spybot. at top click on mode >advanced mode
click on tools>view report>view previous report
click on last scan (by date)
example;
checks. 080421-1751.txt
you can right click>open the text file and copy/paste its contents in your reply.
maybe it will shed some light
 
SpyBot.txt

Hi ShelfLife,

Here is the SpyBot.txt data. SpyBot runs everynight through Scheduled Tasks. Following one if the directions, I ran SpyBot and Adaware in Safe Mode. Adaware finished, SpyBot crashed to power off 4 times. But it still works under regular windows XP. It just gives this error message that says it has a problem with:

C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi

Thanks again,

Kevin




--- Report generated: 2008-04-23 04:55 ---

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.experts-exchange.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
experts-exchange.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ask.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.ask.com=127.0.0.1

MS Office 9.0: Recently used files (64 files) (Directory, nothing done)
C:\Documents and Settings\Kevin\Application Data\Microsoft\Office\Recent\

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-384269087-4006903996-2036936361-1005\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Office 9.0 (Word): Recently used file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-384269087-4006903996-2036936361-1005\Software\Microsoft\Office\9.0\Word\Data\Settings

MS Office 9.0 (Excel): Recent files (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-384269087-4006903996-2036936361-1005\Software\Microsoft\Office\9.0\Excel\Recent Files

Windows.OpenWith: Open with list - .BMP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-384269087-4006903996-2036936361-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .CFG extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-384269087-4006903996-2036936361-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList

Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-384269087-4006903996-2036936361-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-384269087-4006903996-2036936361-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (37 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-384269087-4006903996-2036936361-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Cookie: Cookie (45) (Cookie, nothing done)


Cookie: Cookie (47) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-12-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-04-16 Includes\Adware.sbi (*)
2008-04-17 Includes\AdwareC.sbi (*)
2008-04-17 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-04-17 Includes\DialerC.sbi (*)
2008-04-17 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-04-17 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-04-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-03-26 Includes\Malware.sbi (*)
2008-04-17 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-04-17 Includes\PUPSC.sbi (*)
2008-04-17 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-04-17 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-04-17 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-04-17 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti (*)
2008-04-16 Includes\Trojans.sbi (*)
2008-04-17 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
 
hi Kevin

thanks for the info. i really dont see anything in the spybot log as far as malware goes. those items look pretty harmless to me.
i did notice you have a old version of spybot (1.4)

i would remove it via add/remove programs panel, reboot computer once then download the new version 1.5.2

http://www.safer-networking.org/en/download/index.html

things may improve for you.

shelf life
 
New SpyBot Log File and My Thanks

Hi ShelfLife,

Thanks for the follow up. I have replaced my SpyBot and rerun the scan without the error, though it did find 4 items to remove. Below is the new log file. If I get an error on the overnight scan, I will post tomorrow. I will also follow up to see if you see anything in this scan. If you don't hear from me in a day or so, we have accomplished what we needed, and you can mark this a success, though no Trojan actually found. I want to thank you again for your time and attention.

Um, I run SpyBot every night with Scheduled Tasks, update is automatic. One would think that I would get at least a message that there is an update that is not automatic. Would you mind making that suggestion?

Best Regards; Gratefully,

Kevin

File is too long, I will have to break it up. See next posts.
 
Part 1 of 4

--- Search result list ---
Microsoft.Windows.RedirectedHosts: [SBI $ECD8F8C6] Redirected host (Redirected host, fixed)
www.experts-exchange.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: [SBI $BE4D29D7] Redirected host (Redirected host, fixed)
experts-exchange.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: [SBI $B1534D36] Redirected host (Redirected host, fixed)
ask.com=127.0.0.1

Microsoft.Windows.RedirectedHosts: [SBI $A81A96E0] Redirected host (Redirected host, fixed)
www.ask.com=127.0.0.1


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-04-25 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-04-24 Includes\AdwareC.sbi (*)
2008-04-24 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-04-24 Includes\DialerC.sbi (*)
2008-04-24 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-04-24 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-04-24 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-04-22 Includes\Malware.sbi (*)
2008-04-24 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-04-24 Includes\PUPSC.sbi (*)
2008-04-24 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-04-24 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-04-24 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-04-24 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-04-24 Includes\Trojans.sbi (*)
2008-04-24 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3, v.3311 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/932471
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Service Pack 3
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 79224
MD5: E1E4780C87DACC69BE77DA4A1B3EC692

Located: HK_LM:Run, BMMGAG
command: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, BMMLREF
command: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
file: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
size: 20480
MD5: 35E286D663AFE6D1F55B7F845F9133CA

Located: HK_LM:Run, BMMMONWND
command: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 9FAAC65931211B08A6BC5089AA32C1BB

Located: HK_LM:Run, EZEJMNAP
command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 208896
MD5: 849CA567BC0ECE5BCF407B06B5B3A183

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: FBC32DBF9E460E9CAA516BBABB730925

Located: HK_LM:Run, ibmmessages
command: C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: FA680935110ECE1BF93E9AADEBDC865B

Located: HK_LM:Run, kmw_run.exe
command: kmw_run.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, MSWheel
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, PRONoMgrWired
command: C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
file: C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
size: 86016
MD5: 31F4726648A033F3000B340331D9C55B

Located: HK_LM:Run, QCTRAY
command: C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, QCWLICON
command: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, S3TRAY2
command: S3Tray2.exe
file: C:\WINDOWS\system32\S3Tray2.exe
size: 69632
MD5: C11D79B0421D833CBC2A182E708A170A

Located: HK_LM:Run, SoundMAX
command: "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
file: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
size: 794624
MD5: 0A83AEDEFADE30B5CD28049031E149FA

Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
file: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1368064
MD5: D3333768300F462F6B309AB53F75BB25

Located: HK_LM:Run, TP4EX
command: tp4ex.exe
file: C:\WINDOWS\system32\tp4ex.exe
size: 53248
MD5: 15CFE57F05D7FD80D1C5E70BCDCB01FF

Located: HK_LM:Run, TPHOTKEY
command: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
file: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
size: 94208
MD5: 5CD7051EEB1926D305E24092E893A6D0

Located: HK_LM:Run, TPKMAPHELPER
command: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
file: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
size: 897024
MD5: 40C48D5DD0BF8D2BECC05D4D9202A7B4

Located: HK_LM:Run, TrackPointSrv
command: tp4serv.exe
file: C:\WINDOWS\system32\tp4serv.exe
size: 91184
MD5: 8309A9274A1D07827AAAD01C0F383A87

Located: HK_LM:Run, UC_Start
command: C:\Program Files\IBM\Updater\\ucstartup.exe
file: C:\Program Files\IBM\Updater\\ucstartup.exe
size: 36864
MD5: 26D7756857B8C374BBD67E537803F8AA

Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22FD4E58D69969A9165721C797D54931

Located: HK_CU:Run, AWMON
where: S-1-5-21-384269087-4006903996-2036936361-1005...
command: "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
file: C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
size: 517632
MD5: 107AF2DE3AF10D6D09C1B36FE9EF9156

Located: HK_CU:Run, ibmmessages
where: S-1-5-21-384269087-4006903996-2036936361-1005...
command: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-384269087-4006903996-2036936361-1005...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: Startup (user), Wallpaper Changer.lnk
where: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup...
command: C:\Program Files\WallpaperToy\Wallpapertoy.Exe
file: C:\Program Files\WallpaperToy\Wallpapertoy.Exe
size: 110592
MD5: C55BB6B2ADCA699620BF7ED0E6075B4E

Located: Startup (user), Yahoo! Widget Engine.lnk
where: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup...
command: C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
file: C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
size: 1806336
MD5: 7515DC58C1296AD6CED6327DBB432E7D

Located: Startup (user), YPOPs.lnk
where: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup...
command: C:\Program Files\YPOPs\YPOPs.exe
file: C:\Program Files\YPOPs\YPOPs.exe
size: 1331200
MD5: 0498370F0E95617374FAAE6D234281F7

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: Startup (disabled), Adobe Reader Synchronizer (DISABLED)
command: C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE
file: C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE
size: 738968
MD5: 1C1C6ABBC3408A373C731EC3F41EAE16

Located: Startup (disabled), Digital Line Detect (DISABLED)
command: C:\PROGRA~1\DIGITA~1\DLG.exe
file: C:\PROGRA~1\DIGITA~1\DLG.exe
size: 24576
MD5: B66E56733E2CD6A10FDA5919625FBF46

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
file: C:\PROGRA~1\MICROS~2\Office\OSA9.EXE
size: 65588
MD5: F7D6FC2CC9886F34B986986DB1B7C06B

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/23/2006 12:08:42 AM
Date (last access): 2/11/2008 7:13:22 PM
Date (last write): 10/23/2006 12:08:42 AM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 4/25/2008 7:34:02 AM
Date (last access): 4/25/2008 7:34:02 AM
Date (last write): 1/28/2008 11:43:28 AM
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11

{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 1/17/2007 10:14:44 PM
Date (last access): 1/17/2007 10:14:44 PM
Date (last write): 9/26/2003 2:04:00 AM
Filesize: 106548
Attributes: archive
MD5: A4529BF862DA0DB2067C463207E158C2
CRC32: 79C1AD83
Version: 1.4.7.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: ssv.dll
Short name:
Date (created): 3/6/2008 11:58:38 AM
Date (last access): 2/22/2008 3:33:32 AM
Date (last write): 2/22/2008 5:25:20 AM
Filesize: 509328
Attributes: archive
MD5: 5B42CB6A121256465B251840FDB1B2FE
CRC32: 6EF0BCE9
Version: 6.0.50.13



--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer:
Codebase:
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 2/1/2008 12:13:52 AM
Date (last access): 2/29/2008 6:35:14 PM
Date (last write): 2/1/2008 12:13:52 AM
Filesize: 750896
Attributes: archive
MD5: 02D754B790F277B5B088B5FBE2692908
CRC32: AE2617C3
Version: 7.4.1.14

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer:
Codebase:
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 8/29/2007 3:49:54 PM
Date (last access): 8/29/2007 3:49:54 PM
Date (last write): 8/29/2007 3:49:54 PM
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 3/1/2008 5:58:52 PM
Date (last access): 3/1/2008 5:58:52 PM
Date (last write): 7/30/2006 2:25:34 PM
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer:
Codebase:
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 12/17/2006 4:18:54 PM
Date (last access): 8/23/2007 5:30:34 PM
Date (last write): 7/30/2007 7:19:28 PM
Filesize: 203096
Attributes: archive
MD5: 5C9A003E7C6BA03F04DC2D9C82A7E6E0
CRC32: E29E0153
Version: 7.0.6000.381

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer:
Codebase:
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 5:19:32 AM
Date (last access): 8/23/2007 5:31:08 PM
Date (last write): 7/30/2007 7:19:04 PM
Filesize: 207736
Attributes: archive
MD5: 2DEE560CCEF55353EB62FDA870446393
CRC32: 5AA71F7B
Version: 7.0.6000.381

{74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support)
DPF name:
CLSID name: IBM Access Support
Installer:
Codebase:
description:
classification: Legitimate
known filename: IbmEgath.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IbmEgath.dll
Short name:
Date (created): 12/17/2006 4:38:48 PM
Date (last access): 12/25/2006 10:44:14 AM
Date (last write): 6/29/2006 6:22:48 PM
Filesize: 180224
Attributes: archive
MD5: 2FF8E0FC23D4F142BFBAE78D7960921C
CRC32: 7A7F3465
Version: 3.20.284.0

{76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: ACPIR.dll
info link:
info source: Safer Networking Ltd.

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05)
DPF name:
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase:
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 3:33:32 AM
Date (last access): 2/22/2008 3:33:32 AM
Date (last write): 2/22/2008 5:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: NPJPI141.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10)
DPF name:
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi150_10.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02)
DPF name:
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 7/12/2007 2:22:38 AM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03)
DPF name:
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase:
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/25/2007 12:31:44 AM
Date (last access): 9/25/2007 12:31:44 AM
Date (last write): 9/25/2007 2:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05)
DPF name:
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase:
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 3:33:32 AM
Date (last access): 2/22/2008 3:33:32 AM
Date (last write): 2/22/2008 5:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05)
DPF name:
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 3:33:32 AM
Date (last access): 2/22/2008 3:33:32 AM
Date (last write): 2/22/2008 5:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase:
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9c.ocx
Short name:
Date (created): 3/23/2007 2:59:38 PM
Date (last access): 4/29/2007 9:58:16 PM
Date (last write): 3/23/2007 2:59:38 PM
Filesize: 2267368
Attributes: readonly archive
MD5: 18AE02A4195292C692D5B006F1421D01
CRC32: B8EED2E6
Version: 9.0.45.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 736 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 800 ( 736) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 824 ( 736) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 868 ( 824) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 3BF0DF2D99EE82B08C1E76B72FA562C7
PID: 880 ( 824) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 70885577298B92939F3B7AF54D5F8943
PID: 1052 ( 868) C:\WINDOWS\system32\ibmpmsvc.exe
size: 36400
MD5: A75CE11915E4ECC5E1597D6E0F7BB2DB
PID: 1080 ( 868) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 0C54D685CFA1D5054F59F08ADAF71248
PID: 1200 ( 868) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 0C54D685CFA1D5054F59F08ADAF71248
PID: 1320 ( 868) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 0C54D685CFA1D5054F59F08ADAF71248
PID: 1380 ( 868) C:\WINDOWS\system32\S24EvMon.exe
size: 286787
MD5: 6083FE94CAE83EE40A9A2BB6B440A5EE
PID: 1584 ( 868) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 0C54D685CFA1D5054F59F08ADAF71248
PID: 1804 ( 868) C:\Program Files\Tall Emu\Online Armor\oasrv.exe
size: 5414464
MD5: 7B2384CE743A9FC78F503E85AFFC1A1B
PID: 372 ( 224) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: CB7C9E2BA846DA0AFABD19DE6B6F2006
PID: 448 ( 868) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 17272
MD5: 3CA72CEA90DF8DA569D35CEC89676749
PID: 504 ( 868) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 144760
MD5: 6A0A14F60654DF588F55160CB1B6DA8D
PID: 1616 ( 372) C:\WINDOWS\system32\tp4serv.exe
size: 91184
MD5: 8309A9274A1D07827AAAD01C0F383A87
PID: 1892 ( 372) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 208896
MD5: 849CA567BC0ECE5BCF407B06B5B3A183
PID: 1368 ( 868) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 8B7AF2E5DACFD5A6204FA276136D82CC
PID: 556 ( 372) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 79224
MD5: E1E4780C87DACC69BE77DA4A1B3EC692
PID: 596 ( 372) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 9FAAC65931211B08A6BC5089AA32C1BB
PID: 1192 ( 372) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: FBC32DBF9E460E9CAA516BBABB730925
PID: 1412 ( 372) C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
size: 94208
MD5: 5CD7051EEB1926D305E24092E893A6D0
PID: 1884 ( 372) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1368064
MD5: D3333768300F462F6B309AB53F75BB25
PID: 232 ( 372) C:\WINDOWS\system32\RunDll32.exe
size: 33280
MD5: 081002D8F4176A10BCA3A2F93C4D31C2
PID: 576 (1412) C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
size: 77824
MD5: 8BEE87B1634BBE6E7F5EA4B180A99C6D
PID: 420 (1412) C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
size: 65536
MD5: 16BFB24721A3B38598E7CACC56F453C5
PID: 1856 ( 372) C:\Program Files\Tall Emu\Online Armor\oaui.exe
size: 5519424
MD5: 7BD8ED8A4753908675CBCD7EBA9EBB69
PID: 1560 ( 372) C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
size: 517632
MD5: 107AF2DE3AF10D6D09C1B36FE9EF9156
PID: 540 ( 868) C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
size: 35616
MD5: B219409358C4CE8CD9B21664D2866234
PID: 244 ( 868) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: D8EF9DDF0D8EB0C3ED59C0FABA97D499
PID: 2072 ( 372) C:\Program Files\WallpaperToy\Wallpapertoy.Exe
size: 110592
MD5: C55BB6B2ADCA699620BF7ED0E6075B4E
PID: 2124 ( 868) C:\WINDOWS\system32\inetsrv\inetinfo.exe
size: 15360
MD5: C425CF4E31BF15C302924CD8A803DE93
PID: 2184 ( 372) C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
size: 1806336
MD5: 7515DC58C1296AD6CED6327DBB432E7D
PID: 2300 ( 372) C:\Program Files\YPOPs\YPOPs.exe
size: 1331200
MD5: 0498370F0E95617374FAAE6D234281F7
PID: 2348 ( 868) C:\WINDOWS\System32\snmp.exe
size: 33280
MD5: 35240F37F6947C591CC5B6E8E49F2BBC
PID: 2520 ( 868) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
size: 45056
MD5: 3978F082274F723AD5A0A8058C2417DD
PID: 2872 ( 868) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 0C54D685CFA1D5054F59F08ADAF71248
PID: 2948 ( 868) C:\WINDOWS\system32\TpKmpSVC.exe
size: 32768
MD5: DFB268FF0A6DCB9280015FF527F892FF
PID: 3656 (2184) C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
size: 1806336
MD5: 7515DC58C1296AD6CED6327DBB432E7D
PID: 3772 (2184) C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
size: 1806336
MD5: 7515DC58C1296AD6CED6327DBB432E7D
PID: 3956 ( 868) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 247160
MD5: 7FBDDB77353D3EB6ABF70F8122292CEC
PID: 4084 ( 868) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 345464
MD5: A697E8A40037783358CD5A2CB5F532E0
PID: 2324 ( 868) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: B3F4D7870D95478A4771EB42B7927EAB
PID: 3412 ( 868) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 0C54D685CFA1D5054F59F08ADAF71248
PID: 2332 ( 244) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 2448 ( 244) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 2116 (3464) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
PID: 3404 (1904) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 2824 ( 372) C:\Program Files\Winamp\winamp.exe
size: 1307648
MD5: DC737441C92DB834F91B588EF6A12059
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/25/2008 8:51:53 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://my.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBCE41FD-73C4-4C06-8D1D-A24184EA5C1F}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBCE41FD-73C4-4C06-8D1D-A24184EA5C1F}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29EE967B-DBB1-4FD8-BE1D-95D5CCFFB9A7}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29EE967B-DBB1-4FD8-BE1D-95D5CCFFB9A7}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{540EDC66-559A-45F3-8DEE-9D7B4A790609}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{540EDC66-559A-45F3-8DEE-9D7B4A790609}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C950863B-73E6-4536-B3A8-9FF67342CC9D}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C950863B-73E6-4536-B3A8-9FF67342CC9D}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
7-Zip 4.42 (7-Zip)
uninstall cmd: "C:\Program Files\7-Zip\Uninstall.exe"

Ad-Aware SE Plus 1.06 (Ad-Aware SE Plus)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Flash Player ActiveX 9.0.45.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Atomic Clock Sync (Atomic Clock Sync)
uninstall cmd: C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG

avast! Antivirus 4.8 (avast!)
version (major): 4
version (minor): 8
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
uninstall cmd: C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
publisher: Alwil Software
help link: http://www.avast.com

BHODemon 2.0.0.23 (BHODemon_is1)
uninstall cmd: "C:\Program Files\BHODemon 2\unins000.exe"
publisher: Definitive Solutions, Inc.
help link: http://www.definitivesolutions.com

(Branding)

Cacheman 5.50 5.50 (Cacheman 5.50)
uninstall cmd: C:\PROGRA~1\Cacheman\UNWISE.EXE C:\PROGRA~1\Cacheman\install.dat
publisher: Outer Technologies
comments: Recover RAM and improve performance

Canon iP1600 (CANONBJ_Deinstall_CNMCP75.DLL)
uninstall cmd: C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"

Capn Voyager 5.3 (Capn Voyager)
uninstall cmd: C:\PROGRA~1\CAPNVO~1\UNWISE.EXE C:\PROGRA~1\CAPNVO~1\INSTALL.LOG
publisher: Nautical Technologies Ltd.
help link: www.thecapn.com
help telephone: 207-942-4751

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

ThinkPad Integrated 56K Modem 7.22.00.52 (CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -ITkp0559K.INF

(Connection Manager)

dBpoweramp FLAC Codec (dBpoweramp FLAC Codec)
uninstall cmd: "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat

dBpoweramp Monkeys Audio Codec (dBpoweramp Monkeys Audio Codec)
uninstall cmd: "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat

dBpoweramp Music Converter (dBpoweramp Music Converter)
uninstall cmd: "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat

dBpoweramp Ogg Vorbis Codec (dBpoweramp Ogg Vorbis Codec)
uninstall cmd: "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat

(DirectAnimation)

(DirectDrawEx)

(dlatray.exe)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

(DXM_Runtime)

IBM ThinkPad EasyEject Utility 2.04 (EasyEject Utility)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"

Eraser (Eraser)
install location: C:\Program Files\Eraser
uninstall cmd: "C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
publisher: Heidi Computers Ltd.
comments: All rights reserved
contact: Heidi Computers Ltd.
help link: http://www.heidi.ie/eraser/

FastStone Image Viewer 3.5 3.5 (FastStone Image Viewer)
uninstall cmd: C:\Program Files\FastStone Image Viewer\uninst.exe
publisher: FastStone Soft

FastStone MaxView 2.1 2.1 (FastStone MaxView)
uninstall cmd: C:\Program Files\FastStone MaxView\uninst.exe
publisher: FastStone Soft.

FLAC 1.1.4b (remove only) 1.1.4b (FLAC)
version (major): 1
version (minor): 1
install location: C:\Program Files\FLAC
uninstall cmd: C:\Program Files\FLAC\uninstall.exe
publisher: Xiph.org
help link: http://flac.sourceforge.net/documentation.html

Microsoft Flight Simulator 2004 A Century of Flight 9.0 (Flight Simulator 9.0)
version (major): 9
install location: C:\Program Files\Microsoft Games\Flight Simulator 9
uninstall cmd: "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
publisher: Microsoft
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Games\Flight Simulator 9\Readme.rtf

(Fontcore)

GV De Havilland Mosquito for FS2004 (GV De Havilland Mosquito for FS2004)
uninstall cmd: C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal.exe

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20061218
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20061218
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

(InstallShield Uninstall Information)

Canon Utilities PhotoStitch 3.1 3.1.9 (InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597})
version: 50397193
version (major): 3
version (minor): 1
estimated size: 1364
install date: 20061218
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Kaspersky Online Scanner 5.0 (Kaspersky Online Scanner)
install location: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner
uninstall cmd: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: http://support.kaspersky.com/helpdesk.html?LANG=en

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB889858)

(KB891122)

Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20070630
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

(KB892313)

(KB893240)

(KB893241)

(KB893803)

(KB895181)

(KB895316)

(KB895572)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB907658)

(KB911565)

(KB911854)

(KB923689)

Security Update for Windows Internet Explorer 7 (KB928090) 20070117.120000 (KB928090-IE7)
install date: 20070214
uninstall cmd: "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090

Security Update for Windows Internet Explorer 7 (KB929969) 20061222.120000 (KB929969)
install date: 20070109
uninstall cmd: "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969

Security Update for Windows Internet Explorer 7 (KB931768) 1 (KB931768-IE7)
install date: 20070508
uninstall cmd: "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768

Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931906

Hotfix for Microsoft .NET Framework 3.0 (KB932471) 1 (KB932471.T301_380ToU433_380)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/932471

Security Update for Windows Internet Explorer 7 (KB933566) 1 (KB933566-IE7)
install date: 20070613
uninstall cmd: "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933566

Security Update for Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7)
install date: 20070815
uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937143

Security Update for Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7)
install date: 20070815
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127

Security Update for Windows Internet Explorer 7 (KB939653) 1 (KB939653-IE7)
install date: 20071010
uninstall cmd: "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=939653

Security Update for Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
install date: 20071211
uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=942615

Security Update for Windows Internet Explorer 7 (KB944533) 1 (KB944533-IE7)
install date: 20080213
uninstall cmd: "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=944533

Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20080420
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes
help link: http://www.malwarebytes.org

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(MobileOptionPack)

Mozilla Firefox (2.0.0.14) 2.0.0.14 (en-US) (Mozilla Firefox (2.0.0.14))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

Mozilla Thunderbird (2.0.0.12) 2.0.0.12 (en-US) (Mozilla Thunderbird (2.0.0.12))
install location: C:\Program Files\Mozilla Thunderbird
uninstall cmd: C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Thunderbird

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20061219
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(NetMeeting)

Network Stumbler 0.4.0 (remove only) (Network Stumbler)
uninstall cmd: "C:\Program Files\Network Stumbler\uninst.exe"

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20061218
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

oggcodecs 0.71.0946 0.71.0946 (oggcodecs)
uninstall cmd: C:\Program Files\illiminable\oggcodecs\uninst.exe
publisher: illiminable

Online Armor 2.1 (OnlineArmor_is1)
install location: C:\Program Files\Tall Emu\Online Armor\
uninstall cmd: "C:\Program Files\Tall Emu\Online Armor\unins000.exe"
publisher: Tall Emu Pty Ltd
help link: http://www.tallemu.com

(OutlookExpress)

PFJ Fokker F28 v1 (PFJ Fokker F28 v1 for FS2004_is1)
install date: 20071113
install location: C:\Program Files\Microsoft Games\Flight Simulator 9\
uninstall cmd: "C:\Program Files\Microsoft Games\Flight Simulator 9\Aircraft\PFJ Fokker F28-library\unins000.exe"
publisher: PROJECT Fokker Jetline (PFJ)
help link: http://fokker.avsim.net

1.37 (Power Features)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"

ThinkPad Power Management Driver 1.43 (Power Management Driver)
uninstall cmd: RunDll32.exe tpinspm.dll,Uninstall

Intel(R) PRO Network Connections Drivers (PROSet)
uninstall cmd: Prounstl.exe

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(RecordNow.exe)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

(SchedulingAgent)

(SGTRAY.EXE)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

IBM ThinkPad Configuration 1.36 (ThinkPad Configuration)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"

ThinkPad FullScreen Magnifier 1.10 (ThinkPad FullScreen Magnifier)
uninstall cmd: RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf

ThinkPad Software Installer 2.30.0481 (ThinkPadSoftwareInstaller)
uninstall cmd: _tpiu000.exe /U

ThinkPad TrackPoint Driver 4.63.0.0 (TrackPoint)
uninstall cmd: C:\Program Files\Lenovo\TrackPoint\tp4unins.exe

Transload Virtual Airlines Lockheed C-5A Galaxy (Transload Virtual Airlines Lockheed C-5A Galaxy)
uninstall cmd: C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal.exe

TreeSize Free V1.78 (TreeSize Free_is1)
install location: C:\Program Files\JAM Software\TreeSize\
uninstall cmd: "C:\Program Files\JAM Software\TreeSize\unins000.exe"
publisher: JAM Software
help link: mailto:support@jam-software.com

Tweak UI (Tweak UI 2.10)
uninstall cmd: "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

Wallpaper Changer for Windows XP (WallpaperToy)
uninstall cmd: C:\WINDOWS\walltoyUninst.exe UNINSTALL

(Wdf01000)

Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 (Wdf01001)
install date: 20070912
uninstall cmd: "C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(Wdf01005)

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Wdf01007)
install date: 20080128
uninstall cmd: "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0 (WGA)
install date: 20061218
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify)
install date: 20070329
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Windows Imaging Component 3.0.0.0 (WIC)
install date: 20070214
uninstall cmd: "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Winamp 5.531 (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"
publisher: Nullsoft, Inc
help link: http://forums.winamp.com

Windows Live OneCare safety scanner (Windows Live OneCare safety scanner)
uninstall cmd: RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768
 
Part 2 of 4

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 3 20080212.121911 (Windows XP Service Pack)
install date: 20080327
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936929

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20061219
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20061219
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Kubuntu 8.04.495 (Wubi)
uninstall cmd: C:\ubuntu\Uninstall-Kubuntu.exe
publisher: Ubuntu
help link: http://www.ubuntu.com

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20061219
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

XML Paper Specification Shared Components Pack 1.0 (XpsEPSC)
install date: 20070214
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=test

Yahoo! Widget Engine (Yahoo! Widget Engine)
uninstall cmd: C:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe

Yahoo! Install Manager (YInstHelper)
uninstall cmd: C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

YPOPs! 0.9.5.1 (YPOPs_is1)
install location: C:\Program Files\YPOPs\
uninstall cmd: "C:\Program Files\YPOPs\unins000.exe"
help link: http://yahoopops.sourceforge.net

Microsoft Office 2000 SR-1 Professional 9.00.9327 ({00010409-78E1-11D2-B60F-006097C998E7})
version: 151004271
version (major): 9
estimated size: 226810
install date: 20070826
install source: D:\
uninstall cmd: MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: ofread9.txt

Microsoft Office 2000 SR-1 Disc 2 9.00.9327 ({00040409-78E1-11D2-B60F-006097C998E7})
version: 151004271
version (major): 9
estimated size: 208787
install date: 20070509
install source: D:\
uninstall cmd: MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support

AFG Pilatus PC-12, Executive Version 1.0 ({02D86680-B4B2-4EB4-AAE7-3E6D8A76D919})
version: 16777216
version (major): 1
estimated size: 80696
install date: 20070107
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\ae25449\
uninstall cmd: MsiExec.exe /X{02D86680-B4B2-4EB4-AAE7-3E6D8A76D919}
publisher: Allied FS Group.
comments: Use tail hook command to open cargo door.
help link: http://www.alliedfsgroup.com

PhotoStitch 3.1.9 ({03CDDD00-BD57-4326-9480-4C74449AF597})
version: 50397193
version (major): 3
version (minor): 1
estimated size: 1364
install date: 20061218
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Intel(R) Centrino(R) Mobile Technology Test Utility 1.60.0000 ({043F227B-1306-4EBA-892B-0FEF9C192B1B})
version: 20709376
version (major): 1
version (minor): 60
estimated size: 5437
install date: 20061225
install location: C:\Program Files\Intel Corporation\Intel(R) Centrino(R) Mobile Technology Test Utility\
install source: C:\Documents and Settings\Kevin\Desktop\
uninstall cmd: MsiExec.exe /X{043F227B-1306-4EBA-892B-0FEF9C192B1B}
publisher: Intel(R) Corporation

MSXML 6.0 Parser (KB933579) 6.10.1200.0 ({0A869A65-8C94-4F7C-A5C7-972D3C8CED9E})
version: 101319856
version (major): 6
version (minor): 10
estimated size: 1341
install date: 20070815
install source: c:\27fe049b4618ce9ac7ca54377d89be13\
uninstall cmd: MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/933579

Security Update for CAPICOM (KB931906) 2.1.0.2 ({0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 770
install date: 20080322
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation

IBM ThinkVantage Technologies Welcome Message 1.00 ({1007F41F-7D69-468E-8017-3849A5A973C2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything

HP DLA 4.60 ({1206EF92-2E83-4859-ACCB-2048C3CB7DA6})
version: 71041024
version (major): 4
version (minor): 60
estimated size: 2573
install date: 20070117
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\pft6F.tmp\
uninstall cmd: MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
publisher: Hewlett-Packard

Intel(R) PROSet for Wired Connections 7.10.0000 ({16906D21-0656-4F8B-9A01-C3D24B5401FC})
version: 118095872
version (major): 7
version (minor): 10
estimated size: 15591
install date: 20061217
install source: C:\ibmtools\drivers\ETHINTMT\APPS\PROSet\W2KWS03\
uninstall cmd: MsiExec.exe /I{16906D21-0656-4F8B-9A01-C3D24B5401FC}
publisher: Intel
comments: Intel(R) PROSet installation package
contact: Intel Customer Support
help link: http://support.intel.com

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

PC-Doctor for Windows ({1F7CCFA3-D926-4882-B2A5-A0217ED25597})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"

IBM ThinkPad Keyboard Customizer Utility 1.2.92.0 ({2111B23F-7FDA-4A41-8309-E5A1663CA296})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything

Microsoft .NET Framework 3.0 Service Pack 1 3.1.21022 ({2BA00471-0328-3743-93BD-FA813353A783})
version: 50418206
version (major): 3
version (minor): 1
estimated size: 251559
install date: 20080128
install source: c:\835193a7b5af9b979a6fc602\wcu\dotnetframework\dotnetfx30\
uninstall cmd: MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=98075

OpenOffice.org 2.3 2.3.9238 ({2F29D6D2-824E-4FEF-8AED-7013F39F642A})
version: 33760278
version (major): 2
version (minor): 3
estimated size: 318607
install date: 20080216
install location: C:\Program Files\OpenOffice.org 2.3\
install source: C:\Documents and Settings\Kevin\Desktop\OpenOffice.org 2.3 Installation Files\
uninstall cmd: MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
publisher: OpenOffice.org
comments: OpenOffice.org 2.3 (en-US) (OOG680m9(Build:9238))
contact: Department for technical support
help link: http://www.openoffice.org
help telephone: x-xxx-xxx-xxx

FSNavigator 4.7 ({2F76FF6D-B992-4FD9-8686-F09F868B2C58})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\Setup.exe" -l0x9
publisher: FSNavigator team
contact: support@fsnavigator.com

({31C2FBAC-67CF-4093-8F36-15A146613747})

Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 136370
install date: 20070729
install source: C:\Documents and Settings\Kevin\Application Data\Sun\Java\jre1.6.0_02\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

Java(TM) 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 164606
install date: 20080216
install source: C:\Documents and Settings\Kevin\Application Data\Sun\Java\jre1.6.0_03\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_03\README.txt

Java(TM) 6 Update 5 1.6.0.50 ({3248F0A8-6813-11D6-A77B-00B0D0160050})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 139422
install date: 20080306
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_05-b13/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_05\README.txt

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2580
install date: 20030220
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20061217
install source: c:\075c0374fd0bf63ee40fc5fee16b70ca\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

({39DA87A1-0B26-4562-A70C-2A6147366E47})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"

2.5.15 ({3F92ABBB-6BBF-11D5-B229-002078017FBF})
version (major): 2
version (minor): 5
install location: C:\Program Files\NetWaiting
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
publisher: BVRP Software, Inc

8.00.0005 ({403EF592-953B-4794-BCEF-ECAB835C2095})
version: 134217733
version (major): 8
install date: 20061217
install source: C:\ibmtools\drivers\ETHINTMT\APPS\PROSet\W2KWS03\
uninstall cmd: MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505

Intel(R) Sebring API 8.01.0000 ({56373057-E823-4DDE-98C3-E89AEF7895B8})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 2460
install date: 20061217
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\_is29D\
uninstall cmd: MsiExec.exe /I{56373057-E823-4DDE-98C3-E89AEF7895B8}
publisher: Intel
comments: API for Sebring
contact: Intel Customer Support
help link: http://support.intel.com
help telephone: 0
readme: 0

Logitech Gaming Software 4.60 ({5C1DA723-24FC-48AD-93BA-925695C3EF26})
version: 71041024
install date: 20070225
install location: C:\Program Files\Logitech\Profiler
install source: C:\Program Files\Common Files\Logitech\LGS460Inst\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
publisher: Logitech
help link: http://www.logitech.com

({62369F2F77534556AEF4C58152E3BDE5})

HostsMan 3.1.55 3.1.55 ({629AC11F-077F-4F58-916C-5B21E68468A8})
version: 50397239
version (major): 3
version (minor): 1
estimated size: 2908
install date: 20080420
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\7zS18.tmp\
uninstall cmd: MsiExec.exe /I{629AC11F-077F-4F58-916C-5B21E68468A8}
publisher: abelhadigital.com

Windows Media Player Firefox Plugin 1.0.0.8 ({69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4})
version: 16777216
version (major): 1
estimated size: 296
install date: 20080112
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
publisher: Microsoft Corp

IBM Themes 1.00.0000 ({6CE96A14-61E2-48CC-837E-22710A953ADE})
version: 16777216
version (major): 1
estimated size: 22224
install date: 20061217
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is41\
uninstall cmd: MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
publisher: IBM
help link:
help telephone:

6.6.0 ({7585478E9D9B42108671C12F8714CEFE})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

DivX Codec 6.8.0 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

Short Empire for FSX or FS2004 2.00.0000 ({85CCDC7D-71DA-4671-9FF6-1ABF86439859})
version: 33554432
version (major): 2
estimated size: 87828
install date: 20070420
install source: C:\WINDOWS\Downloaded Installations\{1A664553-7C82-4EC8-992D-8C780E3B9232}\
uninstall cmd: MsiExec.exe /X{85CCDC7D-71DA-4671-9FF6-1ABF86439859}
publisher: Jens B. Kristensen

CDBurnerXP Pro 3 3.0.116 ({896D642C-7125-44F0-AC49-A23ABF82209C})
version: 50331764
version (major): 3
estimated size: 26370
install date: 20070128
install location: C:\Program Files\CDBurnerXP Pro 3\
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\_isE\
uninstall cmd: MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
publisher: Free Software
contact: stha64@telia.com
help link: http://web.cdburnerxp.se/forums/

Intel(R) Extreme Graphics 2 Driver 6.14.10.4497 ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582

DivX Player 6.7.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

IBM Update Connector 6.10 ({8D815BF3-2399-459C-B121-49373FEFB9E8})
version: 101318656
version (major): 6
version (minor): 10
estimated size: 48851
install date: 20061217
install source: C:\IBMTOOLS\APPS\UPDATER\
uninstall cmd: MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8}
publisher: IBM
help link: http://www.ibm.com
help telephone: none

Security Advisor 2.1.18 ({8ED7CFEE-7222-403A-8B5F-FD0E9312C54C})
version: 33619986
version (major): 2
version (minor): 1
estimated size: 2827
install date: 20071206
install location: C:\Program Files\Radialpoint\Security Advisor\
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\{E0A5084C-068A-4514-BA91-66816A9EC486}\
uninstall cmd: MsiExec.exe /I{8ED7CFEE-7222-403A-8B5F-FD0E9312C54C}
publisher: Radialpoint

Compatibility Pack for the 2007 Office system 12.0.6215.1000 ({90120000-0020-0409-0000-0000000FF1CE})
version: 201332807
version (major): 12
estimated size: 120293
install date: 20080312
install source: C:\Program Files\MSECache\O2007Cnv\1033\
uninstall cmd: MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support

Microsoft Project Standard 2002 10.0.8326.0 ({913A0409-6000-11D3-8CFE-0050048383C9})
version: 167780486
version (major): 10
estimated size: 187855
install date: 20080409
install source: D:\
uninstall cmd: MsiExec.exe /I{913A0409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

InterVideo WinDVD 5.0-B11.250 ({91810AFC-A4F8-4EBA-A5AA-B198BBC81144})
version (major): 5
install location: C:\Program Files\InterVideo\WinDVD
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
contact: support@intervideo.com
help link: http://www.intervideo.com/jsp/Support.jsp

IBM RecordNow! 7.22 ({9541FED0-327F-4DF0-8B96-EF57EF622F19})
version: 118882304
version (major): 7
version (minor): 22
estimated size: 36923
install date: 20061217
install source: C:\IBMTOOLS\APPS\RECNOW\
uninstall cmd: MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
publisher: IBM Corporation
help link: http://www.ibm.com/support/

Google SketchUp 6 6.4.112 ({98736A65-3C79-49EC-B7E9-A3C77774B0E6})
version: 100925552
install date: 20080117
install location: C:\Program Files\Google\Google SketchUp 6
install source: C:\Documents and Settings\Kevin\Local Settings\Temp\{81FE981B-56A3-460A-B163-15E0236CF925}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\SketchUpInstaller.exe
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
publisher: Google

({9F765BD0-B900-4EDE-A90B-61C8A9E95C42})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"

Adobe Reader 8.1.2 8.1.2 ({AC76BA86-7AD7-1033-7B44-A81200000003})
version: 134283266
version (major): 8
version (minor): 1
estimated size: 88639
install date: 20080211
install source: C:\Documents and Settings\Kevin\Local Settings\Application Data\Adobe\Updater5\Install\reader8rdr-en_US\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: [INSTALLDIR]Reader\Readme.htm

Spelling Dictionaries Support For Adobe Reader 8 8.0.0 ({AC76BA86-7AD7-5464-3428-800000000003})
version: 134217728
version (major): 8
estimated size: 33322
install date: 20071011
install source: C:\Documents and Settings\Kevin\Local Settings\Application Data\Adobe\Updater5\Install\reader8rdr-en_US\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Spelling Dictionaries for Adobe Reader 8.0
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

DivX Converter 6.6.0 ({B13A7C41581B411290FBC0395694E2A9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

Google SketchUp 6 6.0.01313 ({B3D8B2F8-3C2C-45BC-933E-8B60E78F6684})
version: 100664609
install date: 20080117
install location: C:\Program Files\Google\Google SketchUp 6
install source: C:\Documents and Settings\Kevin\Desktop\GoogleSketchUpWEN.exe
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
publisher: Google

Spybot - Search & Destroy 1.5.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20080425
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support

Microsoft .NET Framework 2.0 Service Pack 1 2.1.21022 ({B508B3F1-A24A-32C0-B310-85786919EF28})
version: 33640990
version (major): 2
version (minor): 1
estimated size: 190938
install date: 20080128
install source: c:\61cf3b367b6314ac8419\wcu\dotnetframework\dotnetfx20\
uninstall cmd: MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=98073

DivX Web Player 1.4.0 ({B7050CBDB2504B34BC2A9CA0A692CC29})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
publisher: DivX,Inc.

Apple Software Update 2.0.2.92 ({B74F042E-E1B9-4A5B-8D46-387BB172F0A4})
version: 33554434
version (major): 2
estimated size: 2204
install date: 20071110
install location: C:\Program Files\Apple Software Update\
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\IXP444.TMP\
uninstall cmd: MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

({BAD59025-5B73-4E12-B789-0028C5A573C2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"

Windows Presentation Foundation 3.0.6920.0 ({BAF78226-3200-4DB4-BE33-4D922A799840})
version: 50338568
version (major): 3
estimated size: 118097
install date: 20070630
install source: c:\612f8723869e2e0b1d24\wcu\wpf\
uninstall cmd: MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
publisher: Microsoft Corporation

Windows Rights Management Client with Service Pack 2 5.2.70 ({BDCF27CA-BFC4-4F49-8D24-A925C9505AB8})
version: 84017222
version (major): 5
version (minor): 2
estimated size: 3505
install date: 20061218
install source: c:\1c184044e73d576f83ea8de133\
uninstall cmd: MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
publisher: Microsoft
help link: http://support.microsoft.com?kbid=917275

QuickTime 7.4.1.14 ({BFD96B89-B769-4CD6-B11E-E79FFD46F067})
version: 117702657
version (major): 7
version (minor): 4
estimated size: 79408
install date: 20080229
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\IXP506.TMP\
uninstall cmd: MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

MSXML 4.0 SP2 (KB936181) 4.20.9848.0 ({C04E32E0-0416-434D-AFB9-6969D703A9EF})
version: 68429432
version (major): 4
version (minor): 20
estimated size: 2680
install date: 20070815
install source: c:\db17c8c5414cb7f15de17206\
uninstall cmd: MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/936181

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 75647
install date: 20070710
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

DivX Content Uploader 1.2.1 ({D050D7362D214723AD585B541FFB6C11})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
publisher: DivX, Inc.

USDA-HealtheTech Search SR-20 1.20.100 ({E59E07C5-64D7-4A54-8F10-F6CB95900916})
version: 18088036
install location: C:\Program Files\USDA-HealtheTech\SR20 Search
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E59E07C5-64D7-4A54-8F10-F6CB95900916}\setup.exe" -l0x9

1.12 ({E646DCF0-5A68-11D5-B229-002078017FBF})
version (major): 1
version (minor): 12
install location: C:\Program Files\Digital Line Detect
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
publisher: BVRP Software, Inc

IBM TrackPoint Accessibility Features 1.06.0.0 ({EA664480-3844-11D5-8C25-444553540000})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"

Access IBM 4.51 ({EC6AF20D-4376-4070-BEE4-D3A0DFF7E140})
version: 67436544
version (major): 4
version (minor): 5
estimated size: 26037
install date: 20061217
install source: C:\ibmtools\apps\access\
uninstall cmd: MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
publisher: IBM Corporation
help link: http://www.ibm.com/support
help telephone: 1-800-426-4968

Windows Rights Management Client Backwards Compatibility SP2 5.2.70 ({EC905264-BCFE-423B-9C42-C3A106266790})
version: 84017222
version (major): 5
version (minor): 2
estimated size: 304
install date: 20061218
install source: c:\1c184044e73d576f83ea8de133\
uninstall cmd: MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
publisher: Microsoft
help link: http://support.microsoft.com?kbid=917275

SoundMAX 5.12.01.5160 ({F0A37341-D692-11D4-A984-009027EC0A9C})
version: 50331648
install date: 20070429
install location: C:\Program Files\Analog Devices\SoundMAX
install source: C:\ibmtools\drivers\AUDIO\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
publisher: Analog Devices

Wallpapers 2.0 ({F386C340-DF4B-4BBA-9503-420FB7EDB395})
version: 33554432
version (major): 2
estimated size: 13777
install date: 20061217
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is3C\
uninstall cmd: MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
publisher: IBM
help link: http://www.ibm.com
help telephone:

Eraser 5.84 ({F850707C-B6A0-4B56-8709-F89CF8F9AC6D})
version: 89391104
version (major): 5
version (minor): 84
estimated size: 3753
install date: 20070904
install location: C:\Program Files\Eraser
install source: C:\DOCUME~1\Kevin\LOCALS~1\Temp\mia1\
uninstall cmd: C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe
publisher: Heidi Computers Ltd.



--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Aavmker4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Asynchronous Virus Monitor
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: abp480n5
Image path: \SystemRoot\System32\DRIVERS\ABP480N5.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ac97intc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(r) 82801 Audio Driver Install Service (WDM)
Image path: system32\drivers\ac97intc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Embedded Controller Driver
Image path: System32\DRIVERS\ACPIEC.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: adpu160m
Image path: \SystemRoot\System32\DRIVERS\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aeaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\aeaudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AegisP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AEGIS Protocol (IEEE 802.1x) v3.0.0.8
Description: AEGIS Protocol (IEEE 802.1x) v3.0.0.8
Image path: system32\DRIVERS\AegisP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): agpCPQ
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Compaq AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\agpCPQ.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Aha154x
Image path: \SystemRoot\System32\DRIVERS\aha154x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aic78u2
Image path: \SystemRoot\System32\DRIVERS\aic78u2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aic78xx
Image path: \SystemRoot\System32\DRIVERS\aic78xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: B3F4D7870D95478A4771EB42B7927EAB
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AliIde
Image path: \SystemRoot\System32\DRIVERS\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): alim1541
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ALI AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\alim1541.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\System32\DRIVERS\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: amsint
Image path: \SystemRoot\System32\DRIVERS\amsint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: asc
Image path: \SystemRoot\System32\DRIVERS\asc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: asc3350p
Image path: \SystemRoot\System32\DRIVERS\asc3350p.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: asc3550
Image path: \SystemRoot\System32\DRIVERS\asc3550.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_1.1.4322
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 33800
Image MD5: 4EABF511B1AF176A971C3271E48FA3A8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aswFsBlk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aswFsBlk
Description: avast! mini-filter driver (aswFsBlk)
Image path: system32\DRIVERS\aswFsBlk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): aswMon2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Standard Shield Support
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1

Service (registry key): aswRdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aswRdr
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswSP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Self Protection
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): aswTdi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Network Shield Support
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswUpdSv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! iAVS4 Control Service
Description: Provides automatic updating for the avast! antivirus.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Image size: 17272
Image MD5: 3CA72CEA90DF8DA569D35CEC89676749
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): avast! Antivirus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Antivirus
Description: Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Image size: 144760
Image MD5: 6A0A14F60654DF588F55160CB1B6DA8D
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: aswMon2,RpcSS

Service (registry key): avast! Mail Scanner
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Mail Scanner
Description: Implements mail scanning for avast! antivirus.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
Image size: 247160
Image MD5: 7FBDDB77353D3EB6ABF70F8122292CEC
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): avast! Web Scanner
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Web Scanner
Description: Implements web (HTTP) scanning for avast! antivirus.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Image size: 345464
Image MD5: A697E8A40037783358CD5A2CB5F532E0
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: cbidf
Image path: \SystemRoot\System32\DRIVERS\cbidf2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: cd20xrnt
Image path: \SystemRoot\System32\DRIVERS\cd20xrnt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): cisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\cisvc.exe
Image size: 5632
Image MD5: D8EF9DDF0D8EB0C3ED59C0FABA97D499
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: 764609692A63D7EA9B7051B923900301
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 70144
Image MD5: 234B1BC2796483E1F5C3F26649FB3388
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Control Method Battery Driver
Image path: System32\DRIVERS\CmBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): CmdIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CmdIde
Image path: \SystemRoot\System32\DRIVERS\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: System32\DRIVERS\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: 58787E6F91BC25D0CF909CFC9DB44FF5
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cpqarray
Image path: \SystemRoot\System32\DRIVERS\cpqarray.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: dac2w2k
Image path: \SystemRoot\System32\DRIVERS\dac2w2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): dac960nt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: dac960nt
Image path: \SystemRoot\System32\DRIVERS\dac960nt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 96039DF4FA2CC5A64ABDCD894E36A909
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmboot.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmload
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmload.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
 
Part 3 of 4

Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): Dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wired AutoConfig
Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k dot3svc
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Ndisuio,eaphost

Service (registry key): dpti2o
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: dpti2o
Image path: \SystemRoot\System32\DRIVERS\dpti2o.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): drvmcdb
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\drvmcdb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 0

Service (registry key): drvncdb
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): drvnddm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\drvnddm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): E100B
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO Network Connection Driver
Image path: System32\DRIVERS\e100b325.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Extensible Authentication Protocol Service
Description: Provides windows clients Extensible Authentication Protocol Service
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k eapsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): EGATHDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IBM Access Support
Image path: \??\C:\WINDOWS\system32\EGATHDRV.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): ERSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108544
Image MD5: 3BF0DF2D99EE82B08C1E76B72FA562C7
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Presentation Foundation Font Cache 3.0.0.0
Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
Object name: NT AUTHORITY\LocalService
Image path: c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 36864
Image MD5: 993883524AA9CF1C90E1545411A9AC9C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Gpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): helpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: System32\DRIVERS\hidusb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Health Key and Certificate Management Service
Description: Manages health certificates and keys (used by NAP)
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: hpn
Image path: \SystemRoot\System32\DRIVERS\hpn.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): HSFHWICH
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSFHWICH.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): HSF_DP
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSF_DP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): HSF_DPV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSF_DPV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i2omp
Image path: \SystemRoot\System32\DRIVERS\i2omp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): ialm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\ialmnt5.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): IBMPMDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\ibmpmdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): IBMPMSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ThinkPad PM Service
Object name: LocalSystem
Image path: %SystemRoot%\system32\ibmpmsvc.exe
Image size: 36400
Image MD5: A75CE11915E4ECC5E1597D6E0F7BB2DB
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0

Service (registry key): ICSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Image size: 73728
Image MD5: 6F95324909B502E2651442C1548AB12F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows CardSpace
Description: Securely enables the creation, management, and disclosure of digital identities.
Object name: LocalSystem
Image path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 864256
Image MD5: E7CC3AEAED9893A88876744CD439F76C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): IISADMIN
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IIS Admin
Description: Allows administration of Web and FTP services through the Internet Information Services snap-in
Object name: LocalSystem
Image path: C:\WINDOWS\system32\inetsrv\inetinfo.exe
Image size: 15360
Image MD5: C425CF4E31BF15C302924CD8A803DE93
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): ILADFtmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Imapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-Burning Filter Driver
Image path: System32\DRIVERS\imapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\imapi.exe
Image size: 150528
Image MD5: CA6D1EE11B36A2FD7D2E4F82D8C0A429
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): InetInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ini910u
Image path: \SystemRoot\System32\DRIVERS\ini910u.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IntelIde
Image path: \SystemRoot\System32\DRIVERS\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: System32\DRIVERS\intelppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): ip6fw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\drivers\ip6fw.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPSec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): KID_USB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kensington Input Devices USB filter driver
Image path: system32\DRIVERS\KID_USB.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): kmixer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): KMW_KBD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kensington Input Devices Class filter driver
Image path: System32\DRIVERS\KMW_KBD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): KMW_SYS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kensington MouseWorks Mouse filter driver
Image path: system32\DRIVERS\KMW_SYS.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): KMW_USB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kensington MouseWorks USB filter driver
Image path: system32\DRIVERS\KMW_USB.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): LtcyCfgWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Latency Tool Driver Service
Image path: system32\DRIVERS\LtcyCfgWDM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ltmodem5
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LT Modem Driver
Image path: System32\DRIVERS\ltmdmnt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mchInjDrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \??\C:\WINDOWS\TEMP\mc21.tmp
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): mdmxsdk
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\mdmxsdk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0

Service (registry key): Messenger
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mnmsrvc.exe
Image size: 32768
Image MD5: FA7D23D3DD5E7CE0F6869A246C7FC7C3
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: System32\DRIVERS\mouhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mount Point Manager
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: mraid35x
Image path: \SystemRoot\System32\DRIVERS\mraid35x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: System32\DRIVERS\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: D4214476456F54ECF207F27F4A19AF30
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: 0EE6DD376BB38FECE68B3E52B9CA51C7
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: System32\DRIVERS\mssmbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mup
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Access Protection Agent
Description: Allows windows clients to participate in Network Access Protection
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS System Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBT
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: C57B297C446A41FC2C7732F483382553
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: C57B297C446A41FC2C7732F483382553
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 70885577298B92939F3B7AF54D5F8943
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): NetSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel NCS NetService
Description: Supports Intel(R) PROSet for Wired Connections.
Object name: LocalSystem
Image path: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Image size: 143360
Image MD5: 7A94B71CEC1B8C6C4AC09F7BA82CF363
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net.Tcp Port Sharing Service
Description: Provides ability to share TCP ports over the net.tcp protocol.
Object name: NT AUTHORITY\LocalService
Image path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 122880
Image MD5: F9102685F97F9BA85F4A70AFCF722CFE
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): Nla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): NSCIRDA
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NSC Infrared Device Driver
Image path: System32\DRIVERS\nscirda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NSNDIS5
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NSNDIS5 NDIS Protocol Driver
Image path: \??\C:\WINDOWS\system32\NSNDIS5.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): NTFSDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): NtLmSsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 70885577298B92939F3B7AF54D5F8943
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): OADevice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: OADriver
Image path: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): OAmon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: OAmon
Image path: \??\C:\WINDOWS\system32\drivers\OAmon.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): OAnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: OAnet
Image path: \??\C:\WINDOWS\system32\drivers\OAnet.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): P3
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel PentiumIII Processor Driver
Image path: System32\DRIVERS\p3.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: System32\DRIVERS\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Partition Manager
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: perc2
Image path: \SystemRoot\System32\DRIVERS\perc2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: perc2hib
Image path: \SystemRoot\System32\DRIVERS\perc2hib.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108544
Image MD5: 3BF0DF2D99EE82B08C1E76B72FA562C7
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PMEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PMEM
Image path: \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
 
Part 4 of 4

Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 70885577298B92939F3B7AF54D5F8943
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: System32\DRIVERS\psched.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql1080
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ql1080
Image path: \SystemRoot\System32\DRIVERS\ql1080.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ql10wnt
Image path: \SystemRoot\System32\DRIVERS\ql10wnt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ql12160
Image path: \SystemRoot\System32\DRIVERS\ql12160.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ql1240
Image path: \SystemRoot\System32\DRIVERS\ql1240.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ql1280
Image path: \SystemRoot\System32\DRIVERS\ql1280.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasirda
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (IrDA)
Description: WAN Miniport (IrDA)
Image path: System32\DRIVERS\rasirda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: System32\DRIVERS\raspppoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: System32\DRIVERS\rdpdr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 141312
Image MD5: 25DBECA33C5FE916490B6FAAE307DE55
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): RegSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RegSrvc
Object name: LocalSystem
Image path: C:\WINDOWS\system32\RegSrvc.exe
Image size: 122950
Image MD5: 2045C4C178F6B09BC811A47789615852
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\locator.exe
Image size: 75264
Image MD5: AD60DCBEDADA52BF6C03717E822F176D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\System32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): S24EventMonitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Spectrum24 Event Monitor
Object name: LocalSystem
Image path: C:\WINDOWS\system32\S24EvMon.exe
Image size: 286787
Image MD5: 6083FE94CAE83EE40A9A2BB6B440A5EE
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: s24trans

Service (registry key): s24trans
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WLAN Transport
Description: WLAN Transport
Image path: system32\DRIVERS\s24trans.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): S3SSavage
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\s3ssavm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 70885577298B92939F3B7AF54D5F8943
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 191626FB54124AEFB11948D9CBB56AA8
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): ScsiPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: %SystemRoot%\system32\drivers\scsiport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secdrv
Description: SafeDisc driver
Image path: System32\DRIVERS\secdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: System32\DRIVERS\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial port driver
Image path: System32\DRIVERS\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt

Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Shell Hardware Detection
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sisagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\sisagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Smapint
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\Smapint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SMTPSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Simple Mail Transfer Protocol (SMTP)
Description: Transports electronic mail across the network
Object name: LocalSystem
Image path: C:\WINDOWS\system32\inetsrv\inetinfo.exe
Image size: 15360
Image MD5: C425CF4E31BF15C302924CD8A803DE93
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: IISADMIN,Eventlog

Service (registry key): smwdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\smwdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SNMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SNMP Service
Description: Includes agents that monitor the activity in network devices and report to the network console workstation.
Object name: LocalSystem
Image path: %SystemRoot%\System32\snmp.exe
Image size: 33280
Image MD5: 35240F37F6947C591CC5B6E8E49F2BBC
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: EventLog

Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SNMP Trap Service
Description: Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 8704
Image MD5: 4CB945C17FE24C29E8A61FCAFC2A8CBD
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: EventLog

Service (registry key): SoundMAX Agent Service (default)
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SoundMAX Agent Service
Object name: LocalSystem
Image path: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Image size: 45056
Image MD5: 3978F082274F723AD5A0A8058C2417DD
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Sparrow
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Sparrow
Image path: \SystemRoot\System32\DRIVERS\sparrow.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): splitter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: 8B7AF2E5DACFD5A6204FA276136D82CC
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): sr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Filter Driver
Image path: System32\DRIVERS\sr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): srservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Srv
Description: Srv
Image path: System32\DRIVERS\srv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): sscdbhk5
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\sscdbhk5.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0

Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): ssrtln
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\ssrtln.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0

Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): SvcOnlineArmor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Online Armor
Object name: LocalSystem
Image path: "C:\Program Files\Tall Emu\Online Armor\oasrv.exe"
Image size: 5414464
Image MD5: 7B2384CE743A9FC78F503E85AFFC1A1B
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: System32\DRIVERS\swenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{C1FB18AD-7B53-4CE4-A3DF-ECFD3C03559E}
Image size: 5120
Image MD5: 58787E6F91BC25D0CF909CFC9DB44FF5
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): swwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): symc810
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: symc810
Image path: \SystemRoot\System32\DRIVERS\symc810.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: symc8xx
Image path: \SystemRoot\System32\DRIVERS\symc8xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_hi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: sym_hi
Image path: \SystemRoot\System32\DRIVERS\sym_hi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: sym_u3
Image path: \SystemRoot\System32\DRIVERS\sym_u3.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 1C6A886F04E74A20183DD032C6CE6456
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: System32\DRIVERS\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDSMAPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\TDSMAPI.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: System32\DRIVERS\termdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): tfsnboio
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsnboio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): tfsncofs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsncofs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): tfsndrct
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsndrct.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): tfsndres
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsndres.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): tfsnifs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsnifs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): tfsnopio
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsnopio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): tfsnpool
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsnpool.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): tfsnudf
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsnudf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): tfsnudfa
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\dla\tfsnudfa.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): TlntSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\tlntsvr.exe
Image size: 73216
Image MD5: 51FB761031E14B1FA7AFDA9E01C22A1E
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP

Service (registry key): TosIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TosIde
Image path: \SystemRoot\System32\DRIVERS\toside.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): tp4serv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: tp4serv
Object name: LocalSystem
Image path: C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
Image size: 35616
Image MD5: B219409358C4CE8CD9B21664D2866234
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): Tp4Track
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PS/2 TrackPoint Driver
Image path: System32\DRIVERS\tp4track.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): TPHKDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TpKmpSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IBM KCU Service
Object name: LocalSystem
Image path: C:\WINDOWS\system32\TpKmpSVC.exe
Image size: 32768
Image MD5: DFB268FF0A6DCB9280015FF527F892FF
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): TPPWR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\Tppwr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): TwoTrack
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IBM PS/2 TrackPoint Filter Driver
Image path: System32\DRIVERS\TwoTrack.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ultra
Image path: \SystemRoot\System32\DRIVERS\ultra.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Update
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microcode Update Driver
Image path: System32\DRIVERS\update.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: E876879DEC4509FFD26CAC208FDCB4FE
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: System32\DRIVERS\usbehci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB2 Enabled Hub
Image path: System32\DRIVERS\usbhub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: System32\DRIVERS\usbuhci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VGA Display Controller.
Description: Controls the VGA display adapter to provide basic display capabilities.
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): viaagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\viaagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ViaIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ViaIde
Image path: \SystemRoot\System32\DRIVERS\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): VMnetAdapter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VMware Virtual Ethernet Adapter Driver
Description: Driver for VMware's Virtual Ethernet Adapters Ver. 2
Image path: system32\DRIVERS\vmnetadapter.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): VolSnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 19BDE11A7EE797908E252677932A0964
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): w22n51
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO/Wireless 2200 Adapter Driver for Windows XP
Image path: System32\DRIVERS\w22n51.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: World Wide Web Publishing
Description: Provides Web connectivity and administration through the Internet Information Services snap-in
Object name: LocalSystem
Image path: %SystemRoot%\system32\inetsrv\inetinfo.exe
Image size: 15360
Image MD5: C425CF4E31BF15C302924CD8A803DE93
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: IISADMIN

Service (registry key): Wanarp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: System32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wdf01000
Image path: system32\DRIVERS\Wdf01000.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winachsf
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\HSF_CNXT.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS,Eventlog

Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: 1176656B002BB4983185279A560D6CDC
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Image size: 913408
Image MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter

Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Provide communciation services for UMDF components.
Image path: system32\DRIVERS\WudfPf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WudfRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework Reflector
Description: Reflect device requests to user-mode driver drivers
Image path: system32\DRIVERS\wudfrd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WudfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): WZCSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 0C54D685CFA1D5054F59F08ADAF71248
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): {29EE967B-DBB1-4FD8-BE1D-95D5CCFFB9A7}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {DBCE41FD-73C4-4C06-8D1D-A24184EA5C1F}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
 
hi,

I run SpyBot every night with Scheduled Tasks
Click to expand...

unless you engage in risky web surfing habits, running spybot every night is probably not needed. of course it dosnt hurt anything and is totally up to you.

update is automatic. One would think that I would get at least a message that there is an update that is not automatic. Would you mind making that suggestion?
Click to expand...

iam not sure what you mean by that.

that log you posted looks ok.
 
Update SpyBot

Hi ShelfLife,

When SpyBot runs via Task Scheduler, one of the command line switches is auto update. This failed to let me know about the update you mentioned. The update that appears to have resolved this issue. I was hoping some kind of notice about updates that do not happen automatically get to the user for manual intervention, somehow.

It appears we can close this thread now.

Thanks Again,

Kevin
 
You must log in or register to reply here.
Back
Top