 Virtumonde.dll, can't rid myself of Virtumonde.dll |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 14 2008, 08:48 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 11 Joined: 14-November 08 Member No.: 256,654  |
I've had my computer for almost 2 years now with no major problems. Today, it seemed to run extremely slow. I checked with Ad-Aware, AVG & the Spybot S&D. Upon using Spybot, it couldn't get past a file called Virtumonde.dll. Googled it and found Vundofix.exe and Virtumonde.dll as possible fixes. Downloaded and ran both but nothing found. Which brought me to HIJACKTHIS. Below is my log from running HiJackThis. Any help would be very much appreciated ! Thank You. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:43:37 PM, on 11/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 4341 bytes |
 |
 
|
|
Nov 16 2008, 05:29 PM
Post
#2
|
|
|
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Hello!
 My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process. Please download random's system information tool (RSIT) and save it to your desktop.
--------------------  If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 16 2008, 06:12 PM
Post
#3
|
|
|
New Member Group: Members Posts: 11 Joined: 14-November 08 Member No.: 256,654 |
Hello Sam,
I'm very appreciative of your assistance. I forgot to mention in my initial post that I regularly use CrapCleaner to get rid of unwanted files on my PC. Below are the 2 logs you requested. Thanks again, Joe Logfile of random's system information tool 1.04 (written by random/random) Run by Joe at 2008-11-16 18:08:18 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 55 GB (72%) free of 76 GB Total RAM: 959 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:08:25 PM, on 11/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Joe\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Joe.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 5029 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-01 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-15 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-15 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-15 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-01-24 7311360] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-01-24 86016] "Tweak UI"=C:\WINDOWS\system32\TWEAKUI.CPL [2000-06-18 106544] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-15 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE [2005-03-17 536576] "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-12-17 3810544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [2004-03-24 1294446] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2007-07-31 271672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-12-18 8720384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2006-03-17 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-12-17 3810544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] C:\WINDOWS\system32\antiwpa.dll [2005-09-18 5376] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2008-11-16 18:08:18 ----D---- C:\rsit 2008-11-15 11:34:28 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-15 11:34:28 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-15 11:34:28 ----A---- C:\WINDOWS\system32\java.exe 2008-11-15 11:34:28 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-15 09:07:40 ----SHD---- C:\FOUND.008 2008-11-14 19:43:19 ----D---- C:\Program Files\Trend Micro 2008-11-14 19:22:05 ----A---- C:\VundoFix.txt 2008-11-14 19:22:04 ----D---- C:\VundoFix Backups 2008-11-06 14:16:36 ----D---- C:\Program Files\APBA Hockey Commissioner 2008-11-06 14:14:16 ----D---- C:\APBA 2008-10-27 20:01:32 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe ======List of files/folders modified in the last 1 months====== info.txt logfile of random's system information tool 1.04 2008-11-16 18:08:27 ======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM PC Camera\Uninst.isu" -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe" Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002} Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe APBA Hockey Commissioner-->MsiExec.exe /I{9ECCCF27-CD1F-47CE-AB5A-737511D2A0BD} Apple Software Update-->MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0} AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" DeepBurner v1.8.0.224-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" DeepRipper v 1.1-->"C:\Program Files\Astonsoft\DeepRipper\Uninstall.exe" "C:\Program Files\Astonsoft\DeepRipper\install.log" FREE Hi-Q Recorder 1.92-->"C:\Program Files\FREE Hi-Q Recorder\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe iTunes-->MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9} Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033 Opera 9.50-->MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368} Paint Shop Pro 5.01 Evaluation-->C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe Panda ActiveScan-->C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan PhotoMeister 2-->"C:\Program Files\PhotoMeister2\unins000.exe" Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" Super Fast Shutdown 1.0-->"C:\Program Files\Super Fast Shutdown\unins000.exe" TIGER ONE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24F2E03B-ACF2-42FB-8A2A-5F015ACBDD16}\Setup.exe" -l0x9 Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Security center information====== AV: AVG Anti-Virus Free FW: ZoneAlarm Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip "FP_NO_HOST_CHECK"=NO "tvdumpflags"=8 -----------------EOF----------------- |
|
|
|
|
Nov 16 2008, 06:19 PM
Post
#4
|
|
|
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Please visit the online Jotti Virus Scanner
If Jotti's too busy, try here: Go here: http://www.virustotal.com/en/virustotalf.html Are you getting popups with this computer? What issues are you having? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
button.
button.|
Nov 17 2008, 07:34 PM
Post
#5
|
|
|
New Member Group: Members Posts: 11 Joined: 14-November 08 Member No.: 256,654 |
Hello Sam,
Below are results of latest scan you requested that I performed. Looks like nothing was found. Issues I'm experiencing are: 1)much slower internet, 2) on some sites, Firefox crashes ("Firefox.exe has encountered a problem and needs to close. We are sorry for the inconvience.") 3) on those sites where Firefox crashes, I've used Firefox SAFE MODE and on at least one occasion, I did get pop ups despite the fact I also run Popup Stopper. 4) SpyBot couldn't get past a file called Virtumonde.dll & 5) HouseCall also got stuck after scanning for 14 1/2 minutes. Your assistance to me is greatly appreciated. Joe File: pgdfgsvc.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 8cf7c3ae5f358e75eb273af06e8f78ca Packers detected: - Scanner results Scan taken on 18 Nov 2008 00:10:26 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing |
|
|
|
|
Nov 17 2008, 07:42 PM
Post
#6
|
|
|
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Ok...well. I'm not seeing any signs of active malware in your log.
But let's poke around some more and see what we can turn up before we start looking at other troubleshooting methods. Please download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop
 Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 17 2008, 08:48 PM
Post
#7
|
|
|
New Member Group: Members Posts: 11 Joined: 14-November 08 Member No.: 256,654 |
Sam,
Followed your instructions. Below is the ComboFix.txt Thanks a bunch, Joe ComboFix 08-11-16.05 - Joe 2008-11-17 20:38:35.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.606 [GMT -5:00] Running from: c:\documents and settings\Joe\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 ))))))))))))))))))))))))))))))) . 2008-11-16 18:08 . 2008-11-16 18:08 <DIR> d-------- C:\rsit 2008-11-15 11:53 . 2008-11-15 11:53 <DIR> d-------- c:\documents and settings\Joe\.housecall6.6 2008-11-15 11:53 . 2008-11-15 11:53 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2008-11-15 11:34 . 2008-11-15 11:34 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-15 11:34 . 2008-11-15 11:34 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-15 09:07 . 2008-11-15 09:07 <DIR> d--hs---- C:\FOUND.008 2008-11-14 19:43 . 2008-11-14 19:43 <DIR> d-------- c:\program files\Trend Micro 2008-11-14 19:22 . 2008-11-14 19:22 <DIR> d-------- C:\VundoFix Backups 2008-11-06 14:16 . 2008-11-06 14:16 <DIR> d-------- c:\program files\APBA Hockey Commissioner 2008-11-06 14:14 . 2008-11-06 14:14 <DIR> d-------- C:\APBA 2008-10-27 20:01 . 2008-10-27 20:01 25,992 --a------ c:\windows\system32\pgdfgsvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-17 23:15 32 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-11-17 23:15 32 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-09-22 13:36 18,791,380 ------w c:\windows\Internet Logs\tvDebug.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFREE.EXE" [2005-03-17 536576] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 3810544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-01-24 7311360] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-01-24 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-15 136600] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 c:\windows\system32\TWEAKUI.CPL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= xl_I420.dll "VIDC.UYVY"= xl_uyvy.dll "VIDC.YUY2"= xl_yuy2.dll "VIDC.D263"= xl_x263dec.dll "VIDC.YV12"= xl_yv12.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2004-03-24 06:41 1294446 c:\program files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-07-31 18:44 271672 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:56 1667584 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] --a------ 2007-12-18 20:47 8720384 c:\program files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2006-03-17 18:36 69632 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-12-17 17:13 3810544 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-01-24 06:15 1519616 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -r------- 2006-01-11 03:08 577536 c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-24 97928] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 231704] R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2007-06-26 899884] *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_01\bin\jusched.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\cr0lciql.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ FF -: plugin - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\cr0lciql.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npitunes.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-17 20:40:26 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-17 20:41:19 ComboFix-quarantined-files.txt 2008-11-18 01:41:16 Pre-Run: 57,336,561,664 bytes free Post-Run: 57,312,739,328 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 130 |
|
|
|
|
Nov 18 2008, 09:07 AM
Post
#8
|
|
|
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
That's a clean log.
You can delete this folder now in case it has some quarantined malware in it. C:\VundoFix Backups What version of Firefox are you using? I also notice that you have Tweak UI installed. Have you made any recent tweaks with this program? Can you post the log from Spybot so that I can see exactly what it's finding? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 18 2008, 03:56 PM
Post
#9
|
|
|
New Member Group: Members Posts: 11 Joined: 14-November 08 Member No.: 256,654 |
Hello Sam,
I'm using Firefox 3.0.4 Haven't used Tweak UI recently. I finally got SpyBot to get past Virtumonde.dll. However it took close to 5 hours for SpyBot to scan my PC. Normally, SpyBot takes 45 minutes to complete a scan for me. SpyBot did find 2 cookie related items -- Double Click & Right Media. I fixed them via SpyBot. Below is the full report from SpyBot. Thanks for all your help ! Joe --- Search result list --- Right Media: Tracking cookie (Internet Explorer: Joe) (Cookie, fixed) DoubleClick: Tracking cookie (Internet Explorer: Joe) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2007-07-03 unins000.exe (51.41.0.0) 2008-03-31 unins001.exe (51.49.0.0) 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDMain.exe (1.0.0.5) 2008-01-28 SDUpdate.exe (1.0.8.8) 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 Update.exe (1.4.0.6) 2008-09-16 TeaTimer.exe (1.6.3.25) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-04-02 aports.dll (2.1.0.0) 2008-01-28 SDFiles.dll (1.5.1.19) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-09-15 SDHelper.dll (1.6.2.14) 2008-10-22 Tools.dll (2.1.6.8) 2008-10-22 advcheck.dll (1.6.2.13) 2008-06-03 Includes\Cookies.sbi (*) 2008-11-04 Includes\Trojans.sbi (*) 2007-11-07 Includes\Revision.sbi (*) 2008-06-03 Includes\Tracks.uti 2008-11-11 Includes\TrojansC.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2008-10-23 Includes\SecurityC.sbi (*) 2008-11-11 Includes\PUPSC.sbi (*) 2008-11-12 Includes\MalwareC.sbi (*) 2008-11-11 Includes\KeyloggersC.sbi (*) 2008-10-28 Includes\HijackersC.sbi (*) 2008-09-09 Includes\DialerC.sbi (*) 2008-07-23 Includes\HeavyDuty.sbi (*) 2008-11-11 Includes\AdwareC.sbi (*) 2008-11-11 Includes\SpywareC.sbi (*) 2008-11-12 Includes\Malware.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-11-04 Includes\Spyware.sbi (*) 2008-11-04 Includes\Adware.sbi (*) 2008-11-03 Includes\PUPS.sbi (*) 2008-06-18 Includes\Security.sbi (*) 2008-09-02 Includes\Dialer.sbi (*) 2008-09-02 Includes\Hijackers.sbi (*) 2008-09-09 Includes\Keyloggers.sbi (*) 2007-12-24 Plugins\TCPIPAddress.dll 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll --- System information --- Windows XP (Build: 2600) Service Pack 2 (5.1.2600) / Windows XP / SP2: Windows XP Service Pack 2 --- Startup entries list --- Located: HK_LM:Run, AVG7_CC command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, AVG8_TRAY command: C:\PROGRA~1\AVG\AVG8\avgtray.exe file: C:\PROGRA~1\AVG\AVG8\avgtray.exe size: 1234712 MD5: 84A91D110D27B11713C349523F4EA47F Located: HK_LM:Run, KernelFaultCheck command: %systemroot%\system32\dumprep 0 -k file: C:\WINDOWS\system32\dumprep.exe size: 10752 MD5: 13922EB54890C77005268882629A31FE Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, NVIDIA nTune command: "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear file: C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe size: 69632 MD5: 1480DD04F75439BCD41AD24BEBA28187 Located: HK_LM:Run, NvMediaCenter command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime file: C:\Program Files\QuickTime\QTTask.exe size: 286720 MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0 Located: HK_LM:Run, Tweak UI command: RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, ZoneAlarm Client command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe size: 919016 MD5: 8800130156B0642B15ECB75E7CC7E6F1 Located: HK_CU:Run, MySpaceIM where: .DEFAULT... command: C:\Program Files\MySpace\IM\MySpaceIM.exe file: C:\Program Files\MySpace\IM\MySpaceIM.exe size: 8720384 MD5: 9AE373049D2F9CE108E2471DDAD2E8DF Located: HK_CU:Run, PopUpStopperFreeEdition where: S-1-5-21-436374069-1326574676-839522115-1004... command: "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" file: C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE size: 536576 MD5: FD8AA90A78160E4374EE44D892E0DE3A Located: HK_CU:Run, Yahoo! Pager where: S-1-5-21-436374069-1326574676-839522115-1004... command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE size: 3810544 MD5: 7A3E544384564F33EE101A4DB60AC7AF Located: HK_CU:Run, MySpaceIM where: S-1-5-18... command: C:\Program Files\MySpace\IM\MySpaceIM.exe file: C:\Program Files\MySpace\IM\MySpaceIM.exe size: 8720384 MD5: 9AE373049D2F9CE108E2471DDAD2E8DF Located: WinLogon, Antiwpa command: antiwpa.dll file: antiwpa.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: WormRadar.com IESiteBlocker.NavFilter CLSID name: AVG Safe Search Path: C:\Program Files\AVG\AVG8\ Long name: avgssie.dll Short name: Date (created): 5/24/2008 2:51:26 PM Date (last access): 11/18/2008 Date (last write): 9/1/2008 9:55:48 AM Filesize: 455960 Attributes: archive MD5: 19A9C541D4EE8E3471B26986D785AB4D CRC32: 93FD7D83 Version: 8.0.0.152 {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Java™ Plug-In 2 SSV Helper Path: C:\Program Files\Java\jre6\bin\ Long name: jp2ssv.dll Short name: Date (created): 11/15/2008 11:34:20 AM Date (last access): 11/18/2008 Date (last write): 11/15/2008 11:34:20 AM Filesize: 34816 Attributes: archive MD5: 27771CDC5D464818C8F92356AE840A6F CRC32: B0BC1BD4 Version: 6.0.100.33 {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: JQSIEStartDetectorImpl CLSID name: JQSIEStartDetectorImpl Class Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\ Long name: jqs_plugin.dll Short name: JQS_PL~1.DLL Date (created): 11/15/2008 11:34:22 AM Date (last access): 11/18/2008 Date (last write): 11/15/2008 11:34:22 AM Filesize: 73728 Attributes: archive MD5: 8F206275452A3668097A7A26F62A7127 CRC32: 44B85557 Version: 6.0.100.33 --- ActiveX list --- {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf Codebase: http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab description: classification: Legitimate known filename: info link: info source: Safer Networking Ltd. {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) DPF name: CLSID name: ActiveScan 2.0 Installer Class Installer: C:\WINDOWS\Downloaded Program Files\as2stubie.inf Codebase: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: as2stubie.dll Short name: AS2STU~1.DLL Date (created): 3/25/2008 6:13:04 PM Date (last access): 11/18/2008 Date (last write): 3/25/2008 6:13:04 PM Filesize: 124208 Attributes: archive MD5: AD19F92B3F0E64C3E0F927D8EA64C199 CRC32: 5C3BB03F Version: 1.0.0.7 {31435657-9980-0010-8000-00AA00389B71} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf Codebase: http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab {33564D57-0000-0010-8000-00AA00389B71} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf Codebase: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB description: classification: Legitimate known filename: info link: info source: Safer Networking Ltd. {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_10 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_10.dll Short name: NPJPI1~1.DLL Date (created): 11/15/2008 11:34:22 AM Date (last access): 11/18/2008 Date (last write): 11/15/2008 11:34:22 AM Filesize: 132504 Attributes: archive MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD CRC32: CC232AC8 Version: 6.0.100.33 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) DPF name: CLSID name: ActiveScan Installer Class Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab description: classification: Legitimate known filename: ASINST.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: asinst.dll Short name: Date (created): 8/24/2006 8:28:54 AM Date (last access): 11/18/2008 Date (last write): 8/24/2006 8:28:54 AM Filesize: 141424 Attributes: archive MD5: CB0EBD772D7D003BD11A999FF515A89A CRC32: 3CFE74C1 Version: 58.6.0.0 {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_10 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_10.dll Short name: NPJPI1~1.DLL Date (created): 11/15/2008 11:34:22 AM Date (last access): 11/18/2008 Date (last write): 11/15/2008 11:34:22 AM Filesize: 132504 Attributes: archive MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD CRC32: CC232AC8 Version: 6.0.100.33 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_10 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_10.dll Short name: NPJPI1~1.DLL Date (created): 11/15/2008 11:34:22 AM Date (last access): 11/18/2008 Date (last write): 11/15/2008 11:34:22 AM Filesize: 132504 Attributes: archive MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD CRC32: CC232AC8 Version: 6.0.100.33 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf Codebase: http://download.macromedia.com/pub/shockwa...ash/swflash.cab description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\system32\Macromed\Flash\ Long name: Flash10a.ocx Short name: FLASH10A.OCX Date (created): 10/4/2008 10:16:26 PM Date (last access): 11/18/2008 Date (last write): 10/4/2008 10:16:26 PM Filesize: 3789728 Attributes: readonly archive MD5: 466C1355934925768822E380DA6E6E4A CRC32: 48EC1E52 Version: 10.0.12.36 --- Process list --- PID: 0 ( 0) [System] PID: 584 ( 4) \SystemRoot\System32\smss.exe size: 50688 PID: 656 ( 584) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 680 ( 584) \??\C:\WINDOWS\system32\winlogon.exe size: 502272 PID: 756 ( 680) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PID: 772 ( 680) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 936 ( 756) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1000 ( 756) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1096 ( 756) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1116 ( 756) C:\Program Files\Ahead\InCD\InCDsrv.exe size: 876656 MD5: FD1912A1CE744B452F4B3DD42E6ED767 PID: 1296 ( 756) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1404 ( 756) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1428 ( 756) C:\WINDOWS\system32\ZONELABS\vsmon.exe size: 75304 MD5: 4ABE946715D5E17C013D70FABB9E9780 PID: 1564 (1544) C:\WINDOWS\Explorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64 PID: 1864 ( 756) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe size: 607576 MD5: 07AE10139D7713D69F57209FDF0425CC PID: 2020 ( 756) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: 7435B108B935E42EA92CA94F59C8E717 PID: 472 ( 756) C:\Program Files\AVG\AVG8\AVGWDSVC.EXE size: 231704 MD5: 9B40D378D4E521464212E878BE8216A4 PID: 500 ( 756) C:\Program Files\Java\jre6\bin\jqs.exe size: 152984 MD5: 5FD5865DC1A2100F8D4CF000EE5409A3 PID: 576 ( 756) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe size: 110592 MD5: 0F6792DB70FE20755FA4548EA1D032E5 PID: 836 ( 756) C:\WINDOWS\System32\nvsvc32.exe size: 131139 MD5: 95CAEC95D6777CE7D6B7091BC4D91CEB PID: 1256 ( 472) C:\Program Files\AVG\AVG8\AVGRSX.EXE size: 287000 MD5: BA1CE056CE1466CA28CE118585EA86C4 PID: 296 (1096) C:\WINDOWS\system32\wscntfy.exe size: 13824 MD5: 49911DD39E023BB6C45E4E436CFBD297 PID: 1264 ( 756) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 328 (1564) C:\Program Files\AVG\AVG8\avgtray.exe size: 1234712 MD5: 84A91D110D27B11713C349523F4EA47F PID: 716 (1564) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe size: 919016 MD5: 8800130156B0642B15ECB75E7CC7E6F1 PID: 2220 (1564) C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe size: 536576 MD5: FD8AA90A78160E4374EE44D892E0DE3A PID: 3612 (1564) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 5146448 MD5: 2ECA8CDEED7C82F879E766DA92A3561A PID: 652 (1564) C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe size: 430080 MD5: 28B9DC06E87F6CDF42203E49E3D08165 PID: 2684 (1564) C:\Program Files\Mozilla Firefox\firefox.exe size: 307712 MD5: BAC6F7DE724D7F30EBD78648C86B4617 PID: 4 ( 0) System PID: 2452 (1564) C:\WINDOWS\system32\NOTEPAD.EXE size: 69120 MD5: 388B8FBC36A8558587AFC90FB23A3B99 --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 11/18/2008 3:49:23 PM HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@ http://www.google.com/search?q=%s HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- --- Uninstall list --- 7-Zip 4.57 (7-Zip) uninstall cmd: "C:\Program Files\7-Zip\Uninstall.exe" Panda ActiveScan 2.0 01.00.00.0000 (ActiveScan 2.0) estimated size: 4000 install location: C:\Program Files\Panda Security\ActiveScan 2.0 uninstall cmd: C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe publisher: Panda Security help link: http://www.pandasecurity.com/activescan/help/ (AddressBook) Adobe Flash Player 10 ActiveX 10.0.12.36 (Adobe Flash Player ActiveX) uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe publisher: Adobe Systems Incorporated help link: http://www.adobe.com/go/flashplayer_support/ Adobe Flash Player 10 Plugin 10.0.12.36 (Adobe Flash Player Plugin) uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe publisher: Adobe Systems Incorporated Amazon MP3 Downloader 1.0.3 (Amazon MP3 Downloader) uninstall cmd: C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe AVG Free 8.0 (AVG8Uninstall) uninstall cmd: C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL (Branding) CCleaner (remove only) (CCleaner) uninstall cmd: "C:\Program Files\CCleaner\uninst.exe" (Connection Manager) Coupon Printer for Windows 4.0 (Coupon Printer for Windows4.0) uninstall cmd: "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" publisher: Coupons, Inc. contact: Coupons, Inc. Support Department help link: http://www.coupons.com (DirectAnimation) (DirectDrawEx) (DXM_Runtime) (Fontcore) FREE Hi-Q Recorder 1.92 (FREE Hi-Q Recorder_is1) install date: 20070725 install location: C:\Program Files\FREE Hi-Q Recorder\ uninstall cmd: "C:\Program Files\FREE Hi-Q Recorder\unins000.exe" publisher: Rick Roemer, (Roemer Software) help link: http://www.RoemerSoftware.com HijackThis 2.0.2 2.0.2 (HijackThis) uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall publisher: TrendMicro (IBM PC Camera) uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM PC Camera\Uninst.isu" (ICW) (IE40) (IE4Data) (IE5BAKEX) (IEData) InCD (InCD!UninstallKey) uninstall cmd: C:\WINDOWS\NuNInst.exe /UNINSTALL (InstallShield Uninstall Information) NVIDIA nTune 1.00.0000 (InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) version: 16777216 version (major): 1 estimated size: 21187 install date: 20070624 install location: C:\Program Files\NVIDIA Corporation\ install source: C:\DOCUME~1\Joe\LOCALS~1\Temp\_is5\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033 publisher: NVIDIA Corporation comments: Your Comments contact: Customer Support Department help link: http://www.yourcompany.com/help help telephone: 1-408-486-0000 InterActual Player (InterActual Player) uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe IrfanView (remove only) (IrfanView) uninstall cmd: C:\Program Files\IrfanView\iv_uninstall.exe (Microsoft NetShow Player 2.0) (MobileOptionPack) Mozilla Firefox (3.0.4) 3.0.4 (en-US) (Mozilla Firefox (3.0.4)) install location: C:\Program Files\Mozilla Firefox uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe publisher: Mozilla comments: Mozilla Firefox (MPlayer2) MySpaceIM 1.0.745.0 (MySpaceIM) uninstall cmd: C:\Program Files\MySpace\IM\Uninstall.exe publisher: MySpace.com comments: MySpace Instant Messenger help link: http://www.myspace.com/myspaceim NeroVision Express 2 (NeroVision!UninstallKey) uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL (NetMeeting) Nero Media Player (NMPUninstallKey) uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL NVIDIA Drivers (NVIDIA Drivers) uninstall cmd: C:\WINDOWS\System32\nvudisp.exe UninstallGUI Microsoft Office 97, Professional Edition (Office8.0) uninstall cmd: C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF (OutlookExpress) Paint Shop Pro 5.01 Evaluation (Paint Shop Pro 5.01 Evaluation) uninstall cmd: C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG Panda ActiveScan (Panda ActiveScan) uninstall cmd: C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan publisher: Panda Software S.L. (PCHealth) uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf PhotoMeister 2 2 (PhotoMeister2_is1) uninstall cmd: "C:\Program Files\PhotoMeister2\unins000.exe" publisher: Paessler AG help link: http://www.photomeister.com Pop-Up Stopper Free Edition 3.1.1014 (Pop-Up Stopper Free Edition) uninstall cmd: C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG publisher: Panicware, Inc. contact: support@panicware.com help link: http://www.panicware.com (RecordNow.exe) uninstall cmd: C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} (SchedulingAgent) Spybot - Search & Destroy 1.5.2.20 (Spybot - Search & Destroy_is1) install date: 20080331 uninstall cmd: "C:\WINDOWS\unins000.exe" publisher: Safer Networking Ltd. help link: http://www.safer-networking.org/ Super Fast Shutdown 1.0 1.0 (Super Fast Shutdown_is1) uninstall cmd: "C:\Program Files\Super Fast Shutdown\unins000.exe" publisher: WareSoft Software help link: http://www.xp-smoker.com/ Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack) uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=811113 Yahoo! Messenger (Yahoo! Messenger) uninstall cmd: C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG ZoneAlarm 7.0.483.000 (ZoneAlarm) uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe publisher: Check Point, Inc help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm DeepBurner v1.8.0.224 ({1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}) install date: 08/30/2007 install location: C:\Program Files\Astonsoft\DeepBurner install source: C:\winutil uninstall cmd: "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" TIGER ONE 1.00.0000 ({24F2E03B-ACF2-42FB-8A2A-5F015ACBDD16}) version: 16777216 install location: C:\Program Files\TIGER ONE uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24F2E03B-ACF2-42FB-8A2A-5F015ACBDD16}\Setup.exe" -l0x9 Java™ 6 Update 10 6.0.100 ({26A24AE4-039D-4CA4-87B4-2F83216010FF}) version: 100663396 version (major): 6 estimated size: 92740 install date: 20081115 install location: C:\Program Files\Java\jre6\ install source: C:\Documents and Settings\Joe\Application Data\Sun\Java\jre1.6.0_10\ uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} publisher: Sun Microsystems, Inc. contact: http://java.com help link: http://java.com readme: C:\Program Files\Java\jre6\README.txt WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) version: 154278257 version (major): 9 version (minor): 50 estimated size: 2580 install date: 20070624 install source: C:\WINDOWS\System32\ publisher: Microsoft Corporation help link: http://www.microsoft.com/windows Apple Software Update 2.0.1.89 ({492724FC-3B26-46B4-824F-3CE2722D9AA0}) version: 33554433 version (major): 2 estimated size: 2816 install date: 20070809 install location: C:\Program Files\Apple Software Update\ install source: C:\DOCUME~1\Joe\LOCALS~1\Temp\IXP828.TMP\ uninstall cmd: MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0} publisher: Apple Inc. contact: AppleCare Support help link: http://www.apple.com/support/ help telephone: 1-800-275-2273 PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Windows Media Player Firefox Plugin 1.0.0.8 ({69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) version: 16777216 version (major): 1 estimated size: 288 install date: 20080817 install source: C:\DOCUME~1\Joe\LOCALS~1\Temp\IXP000.TMP\ uninstall cmd: MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} publisher: Microsoft Corp Opera 9.50 9.50 ({70B96CD0-FDF2-489E-8FA0-0F92ED599368}) version: 154271744 version (major): 9 version (minor): 50 estimated size: 8273 install date: 20080630 install location: C:\Program Files\Opera\ install source: C:\DOCUME~1\Joe\LOCALS~1\Temp\_is5D\ uninstall cmd: MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368} publisher: Opera Software ASA help link: http://www.opera.com/support Microsoft Visual C++ 2005 Redistributable 8.0.56336 ({7299052b-02a4-4627-81f2-1818da5d550d}) version: 134274064 version (major): 8 estimated size: 6018 install date: 20080524 install source: C:\DOCUME~1\Joe\LOCALS~1\Temp\RarSFX0\ uninstall cmd: MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} publisher: Microsoft Corporation DeepRipper v 1.1 ({778E2400-C2C4-4797-B82C-E5876619B577}) install date: 07/03/2007 install location: C:\Program Files\Astonsoft\DeepRipper install source: C:\winutil uninstall cmd: "C:\Program Files\Astonsoft\DeepRipper\Uninstall.exe" "C:\Program Files\Astonsoft\DeepRipper\install.log" publisher: Astonsoft NVIDIA nTune 1.00.0000 ({7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) version: 16777216 version (major): 1 estimated size: 21187 install date: 20070624 install location: C:\Program Files\NVIDIA Corporation\ install source: C:\DOCUME~1\Joe\LOCALS~1\Temp\_is5\ publisher: NVIDIA Corporation comments: Your Comments contact: Customer Support Department help link: http://www.yourcompany.com/help help telephone: 1-408-486-0000 Sonic RecordNow! 6.5.3 ({9541FED0-327F-4DF0-8B96-EF57EF622F19}) version: 100990979 version (major): 6 version (minor): 5 estimated size: 28689 install date: 20070624 install source: D:\RN\ENU\ uninstall cmd: MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} publisher: Sonic Solutions help link: http://support.sonic.com/desktop/ QuickTime 7.2.0.240 ({95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}) version: 117571584 version (major): 7 version (minor): 2 estimated size: 82354 install date: 20070809 install location: C:\Program Files\QuickTime\ install source: C:\DOCUME~1\Joe\LOCALS~1\Temp\IXP828.TMP\ uninstall cmd: MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} publisher: Apple Inc. contact: AppleCare Support help link: http://www.apple.com/support/ help telephone: 1-800-275-2273 APBA Hockey Commissioner 3.10.000 ({9ECCCF27-CD1F-47CE-AB5A-737511D2A0BD}) version: 50987008 version (major): 3 version (minor): 10 estimated size: 5268 install date: 20081106 install location: C:\Program Files\APBA Hockey Commissioner\ install source: C:\Documents and Settings\Joe\Local Settings\Application Data\Downloaded Installations\{C5B4E3AC-40F1-4365-9E73-D9F0048AB0EF}\ uninstall cmd: MsiExec.exe /I{9ECCCF27-CD1F-47CE-AB5A-737511D2A0BD} publisher: Jeff Kraus & Brian Senecal contact: Customer Support Department help link: http://www.nahl.us/utilities Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70700000002}) version: 117440519 version (major): 7 estimated size: 73372 install date: 20070624 install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\ install source: D:\Utility\Adobe\AcrobatReader\ uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002} publisher: Adobe Systems Incorporated comments: contact: help link: http://www.adobe.com/support/main.html help telephone: readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm Spybot - Search & Destroy 1.5.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) install date: 20080331 install location: C:\Program Files\Spybot - Search & Destroy\ uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins001.exe" publisher: Safer Networking Limited help link: http://www.safer-networking.org/index.php?page=support Ad-Aware 2007 7.0.2.6 ({DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) version: 117440514 version (major): 7 estimated size: 28833 install date: 20080331 install location: C:\Program Files\Lavasoft\Ad-Aware 2007\ install source: C:\Program Files\Common Files\Wise Installation Wizard\ uninstall cmd: MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} publisher: Lavasoft help link: http://www.lavasoftsupport.com iTunes 7.3.2.6 ({E0219810-16E4-437D-9165-93D7B22524F9}) version: 117637122 version (major): 7 version (minor): 3 estimated size: 63006 install date: 20070809 install location: C:\Program Files\iTunes\ install source: C:\DOCUME~1\Joe\LOCALS~1\Temp\IXP828.TMP\ uninstall cmd: MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9} publisher: Apple Inc. contact: AppleCare Support help link: http://www.apple.com/support/ help telephone: 1-800-275-2273 Realtek AC'97 Audio 5.19 ({FB08F381-6533-4108-B7DD-039E11FBC27E}) version: 85131264 install date: 20070624 install location: C:\Program Files\Realtek AC97\ install source: D:\Driver\Audio\Realtek\AC97\ uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly publisher: Realtek Semiconductor Corp. --- System Services --- Service (registry key): aawservice Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Ad-Aware 2007 Service Description: Ad-Aware service Object name: LocalSystem Image path: C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe Image size: 607576 Image MD5: 07AE10139D7713D69F57209FDF0425CC Control Set: CurrentControlSet Start: 2 Type: 272 Error Control: 0 Depends On services: RpcSS Service (registry key): Abiosdsk Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 0 Service (registry key): abp480n5 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ACPI Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft ACPI Driver Image path: System32\DRIVERS\ACPI.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): ACPIEC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): aec Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Kernel Acoustic Echo Canceller Image path: system32\drivers\aec.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): AFD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AFD Networking Support Environment Description: AFD Networking Support Environment Image path: \SystemRoot\System32\drivers\afd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): Aha154x Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78u2 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78xx Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ALCXWDM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service for Realtek AC97 Audio (WDM) Image path: system32\drivers\ALCXWDM.SYS Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Alerter Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Alerter Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): ALG Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Application Layer Gateway Service Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 44544 Image MD5: F1958FBF86D5C004CF19A5951A9514B7 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): AliIde Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): amsint Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): AppMgmt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Application Management Description: Provides software installation services such as Assign, Publish, and Remove. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Service (registry key): asc Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3350p Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3550 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): AsyncMac Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: RAS Asynchronous Media Driver Description: RAS Asynchronous Media Driver Image path: system32\DRIVERS\asyncmac.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Standard IDE/ESDI Hard Disk Controller Image path: System32\DRIVERS\atapi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): Atdisk Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 0 Service (registry key): Atmarpc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: ATM ARP Client Protocol Description: ATM ARP Client Protocol Image path: System32\DRIVERS\atmarpc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): AudioSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Windows Audio Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): audstub Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Audio Stub Driver Image path: System32\DRIVERS\audstub.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): avg8wd Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AVG8 WatchDog Object name: LocalSystem Image path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe Image size: 231704 Image MD5: 9B40D378D4E521464212E878BE8216A4 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): AvgLdx86 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AVG AVI Loader Driver x86 Image path: \SystemRoot\System32\Drivers\avgldx86.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): AvgMfx86 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AVG On-access Scanner Minifilter Driver x86 Image path: \SystemRoot\System32\Drivers\avgmfx86.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): BattC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Beep Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): BITS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Background Intelligent Transfer Service Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: Rpcss Service (registry key): Browser Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Computer Browser Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): catchme Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \??\C:\ComboFix\catchme.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): cbidf2k Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): CCDECODE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Closed Caption Decoder Image path: System32\DRIVERS\CCDECODE.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): cd20xrnt Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Cdaudio Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): Cdrom Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: CD-ROM Driver Image path: System32\DRIVERS\cdrom.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): Changer Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): CiSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Indexing Service Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Object name: LocalSystem Image path: %SystemRoot%\system32\cisvc.exe Image size: 5632 Image MD5: 3192BD04D032A9C4A85A3278C268A13A Control Set: CurrentControlSet Start: 3 Type: 288 Error Control: 1 Depends On services: RPCSS Service (registry key): ClipSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: ClipBook Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\clipsrv.exe Image size: 33280 Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE Control Set: CurrentControlSet Start: 4 Type: 16 Error Control: 1 Depends On services: NetDDE Service (registry key): CmdIde Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): COMSysApp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: COM+ System Application Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 5120 Image MD5: DD87DB7387B9EB441C5674888A0D840C Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: rpcss Service (registry key): ContentFilter Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): ContentIndex Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Cpqarray Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): CryptSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Cryptographic Services Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): dac2w2k Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 0 Service (registry key): dac960nt Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): DcomLaunch Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: DCOM Server Process Launcher Description: Provides launch functionality for DCOM services. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost -k DcomLaunch Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): Dhcp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: DHCP Client Description: Manages network configuration by registering and updating IP addresses and DNS names. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd,NetBT Service (registry key): Disk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Disk Driver Image path: System32\DRIVERS\disk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): dmadmin Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Logical Disk Manager Administrative Service Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. Object name: LocalSystem Image path: %SystemRoot%\System32\dmadmin.exe /com Image size: 224768 Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay,DmServer Service (registry key): dmboot Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\drivers\dmboot.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): dmio Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\drivers\dmio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): dmload Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\drivers\dmload.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): dmserver Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Logical Disk Manager Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay Service (registry key): DMusic Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Kernel DLS Syntheiszer Image path: system32\drivers\DMusic.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Dnscache Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: DNS Client Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip Service (registry key): dpti2o Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): drmkaud Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Kernel DRM Audio Descrambler Image path: system32\drivers\drmkaud.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ERSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Error Reporting Service Description: Allows error reporting for services and applictions running in non-standard environments. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Eventlog Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Event Log Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108032 Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): EventSystem Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: COM+ Event System Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): Fastfat Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Service (registry key): FastUserSwitchingCompatibility Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Fast User Switching Compatibility Description: Provides management for applications that require assistance in a multiple user environment. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: TermService Service (registry key): Fdc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Floppy Disk Controller Driver Image path: System32\DRIVERS\fdc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Fips Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): Flpydisk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Floppy Disk Driver Image path: System32\DRIVERS\flpydisk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): FltMgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: FltMgr Description: File System Filter Manager Driver Image path: system32\drivers\fltmgr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 2 Error Control: 1 Service (registry key): Fs_Rec Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 8 Error Control: 0 Service (registry key): Ftdisk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Volume Manager Driver Image path: System32\DRIVERS\ftdisk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): GEARAspiWDM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: GEARAspiWDM Image path: System32\Drivers\GEARAspiWDM.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Gpc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Generic Packet Classifier Description: Generic Packet Classifier Image path: System32\DRIVERS\msgpc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): helpsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Help and Support Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): HidServ Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Human Interface Device Access Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): hpn Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): HTTP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: HTTP Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Image path: System32\Drivers\HTTP.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): HTTPFilter Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: HTTP SSL Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): i2omgmt Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): i2omp Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): i8042prt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: i8042 Keyboard and PS/2 Mouse Port Driver Image path: System32\DRIVERS\i8042prt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): Imapi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: CD-Burning Filter Driver Image path: System32\DRIVERS\imapi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): ImapiService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IMAPI CD-Burning COM Service Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %systemroot%\system32\imapi.exe Image size: 150016 Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): InCDfs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: InCD File System Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Service (registry key): InCDPass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: InCDPass Image path: System32\DRIVERS\InCDPass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): InCDrec Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 8 Error Control: 1 Service (registry key): InCDsrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: InCD Helper Description: Helper service for the InCD filesystem driver Object name: LocalSystem Image path: C:\Program Files\Ahead\InCD\InCDsrv.exe Image size: 876656 Image MD5: FD1912A1CE744B452F4B3DD42E6ED767 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): inetaccs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): ini910u Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Inport Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): IntelIde Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ip6fw Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IPv6 Windows Firewall Driver Description: Provides intrusion prevention service for a home or small office network. Image path: system32\drivers\ip6fw.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): IpFilterDriver Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IP Traffic Filter Driver Description: IP Traffic Filter Driver Image path: System32\DRIVERS\ipfltdrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpInIp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IP in IP Tunnel Driver Description: IP in IP Tunnel Driver Image path: System32\DRIVERS\ipinip.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpNat Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IP Network Address Translator Description: IP Network Address Translator Image path: System32\DRIVERS\ipnat.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): iPod Service Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: iPod Service Description: iPod hardware management services Object name: LocalSystem Image path: C:\Program Files\iPod\bin\iPodService.exe Image size: 501048 Image MD5: D462588D99310A87F758A2AF4A82D98F Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RpcSs Service (registry key): IPSec Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IPSEC driver Description: IPSEC driver Image path: System32\DRIVERS\ipsec.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): IRENUM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IR Enumerator Service Image path: System32\DRIVERS\irenum.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ISAPISearch Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): isapnp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: PnP ISA/EISA Bus Driver Image path: System32\DRIVERS\isapnp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): JavaQuickStarterService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Java Quick Starter Description: Prefetches JRE files for faster startup of Java applets and applications Object name: LocalSystem Image path: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" Image size: 152984 Image MD5: 5FD5865DC1A2100F8D4CF000EE5409A3 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): Kbdclass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Keyboard Class Driver Image path: System32\DRIVERS\kbdclass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): KLIF Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: KLIF Description: KLIF Minifilter Image path: system32\DRIVERS\klif.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): kmixer Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Kernel Wave Audio Mixer Image path: system32\drivers\kmixer.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): KSecDD Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): lanmanserver Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Server Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): lanmanworkstation Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Workstation Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): lbrtfdc Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): ldap Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): LicenseService Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): LmHosts Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: TCP/IP NetBIOS Helper Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: NetBT,Afd Service (registry key): Messenger Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Messenger Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS Service (registry key): mnmdd Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): mnmsrvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NetMeeting Remote Desktop Sharing Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\mnmsrvc.exe Image size: 32768 Image MD5: F6415361201915B9FE3896B0E4E724FF Control Set: CurrentControlSet Start: 3 Type: 272 Error Control: 1 Service (registry key): Modem Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): Mouclass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Mouse Class Driver Image path: System32\DRIVERS\mouclass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): MountMgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Mount Point Manager Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): mraid35x Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): MRxDAV Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WebDav Client Redirector Description: WebDav Client Redirector Image path: System32\DRIVERS\mrxdav.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): MRxSmb Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: MRXSMB Description: MRXSMB Image path: System32\DRIVERS\mrxsmb.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): MSDTC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Distributed Transaction Coordinator Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\NetworkService Image path: C:\WINDOWS\System32\msdtc.exe Image size: 6144 Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS,SamSS Service (registry key): Msfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): MSIServer Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Windows Installer Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %systemroot%\system32\msiexec.exe /V Image size: 77312 Image MD5: 4236AE241F193F58ADAB141CECCFD5F4 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): MSKSSRV Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Streaming Service Proxy Image path: system32\drivers\MSKSSRV.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPCLOCK Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Streaming Clock Proxy Image path: system32\drivers\MSPCLOCK.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPQM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Streaming Quality Manager Proxy Image path: system32\drivers\MSPQM.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): mssmbios Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft System Management BIOS Driver Image path: System32\DRIVERS\mssmbios.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MSTEE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Streaming Tee/Sink-to-Sink Converter Image path: system32\drivers\MSTEE.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Mup Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Mup Control Set: CurrentControlSet Start: 0 Type: 2 Error Control: 1 Service (registry key): NABTSFEC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NABTS/FEC VBI Codec Image path: System32\DRIVERS\NABTSFEC.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NDIS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NDIS System Driver Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): NdisIP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft TV/Video Connection Image path: System32\DRIVERS\NdisIP.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NdisTapi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Access NDIS TAPI Driver Description: Remote Access NDIS TAPI Driver Image path: System32\DRIVERS\ndistapi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Ndisuio Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NDIS Usermode I/O Protocol Description: NDIS Usermode I/O Protocol Image path: System32\DRIVERS\ndisuio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NdisWan Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Access NDIS WAN Driver Description: Remote Access NDIS WAN Driver Image path: System32\DRIVERS\ndiswan.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NDProxy Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NetBIOS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NetBIOS Interface Description: NetBIOS Interface Image path: System32\DRIVERS\netbios.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): NetBT Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NetBios over Tcpip Description: NetBios over Tcpip Image path: System32\DRIVERS\netbt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): NetDDE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Network DDE Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 111104 Image MD5: 05AFB5AD06462257BEA7495283C86D50 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Depends On services: NetDDEDSDM Service (registry key): NetDDEdsdm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Network DDE DSDM Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 111104 Image MD5: 05AFB5AD06462257BEA7495283C86D50 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Service (registry key): Netlogon Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Net Logon Description: Supports pass-through authentication of account logon events for computers in a domain. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F4D55C6146EBF6065D75D2 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): Netman Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Network Connections Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): Nla Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Network Location Awareness (NLA) Description: Collects and stores network configuration and location information, and notifies applications when this information changes. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd Service (registry key): Npfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): Ntfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Service (registry key): NtLmSsp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NT LM Security Support Provider Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Object name: LocalSystem Image path: %SystemRoot%\System32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F4D55C6146EBF6065D75D2 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): NtmsSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Removable Storage Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): nTuneService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: nTune Service Description: Service to allow a remote administrator to access this machine for gathering information, and performing performance updates Object name: LocalSystem Image path: C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService Image size: 110592 Image MD5: 0F6792DB70FE20755FA4548EA1D032E5 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 0 Service (registry key): Null Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): nv Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\DRIVERS\nv4_mini.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): NVENETFD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NVIDIA nForce Networking Controller Driver Image path: System32\DRIVERS\NVENETFD.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): nvnetbus Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NVIDIA Network Bus Enumerator Image path: System32\DRIVERS\nvnetbus.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NVSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NVIDIA Display Driver Service Description: Provides system and desktop level support to the NVIDIA display driver Object name: LocalSystem Image path: %SystemRoot%\System32\nvsvc32.exe Image size: 131139 Image MD5: 95CAEC95D6777CE7D6B7091BC4D91CEB Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): NwlnkFlt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IPX Traffic Filter Driver Description: IPX Traffic Filter Driver Image path: System32\DRIVERS\nwlnkflt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: NwlnkFwd Service (registry key): NwlnkFwd Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IPX Traffic Forwarder Driver Description: IPX Traffic Forwarder Driver Image path: System32\DRIVERS\nwlnkfwd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): PageDefrag Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Parport Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Parallel port driver Image path: System32\DRIVERS\parport.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): PartMgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Partition Manager Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): ParVdm Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 0 Depends On services: Parport Depends On group: "Parallel arbitrator" Service (registry key): PCI Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: PCI Bus Driver Image path: System32\DRIVERS\pci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): PCIDump Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): PCIIde Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\DRIVERS\pciide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): Pcmcia Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): PDCOMP Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): PDFRAME Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRELI Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRFRAME Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): perc2 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): perc2hib Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): PerfDisk Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfNet Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfOS Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfProc Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): PlugPlay Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Plug and Play Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108032 Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): PolicyAgent Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IPSEC Services Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F4D55C6146EBF6065D75D2 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS,Tcpip,IPSec Service (registry key): PptpMiniport Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WAN Miniport (PPTP) Description: WAN Miniport (PPTP) Image path: System32\DRIVERS\raspptp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Processor Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Processor Driver Image path: System32\DRIVERS\processr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): ProtectedStorage Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Protected Storage Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F4D55C6146EBF6065D75D2 Control Set: CurrentControlSet Start: 2 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): PSched Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: QoS Packet Scheduler Description: QoS Packet Scheduler Image path: System32\DRIVERS\psched.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Gpc Service (registry key): Ptilink Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Direct Parallel Link Driver Description: Direct Parallel Link Driver Image path: System32\DRIVERS\ptilink.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): PxHelp20 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\DRIVERS\PxHelp20.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): ql1080 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Ql10wnt Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ql12160 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ql1240 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ql1280 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): RasAcd Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Access Auto Connection Driver Description: Remote Access Auto Connection Driver Image path: System32\DRIVERS\rasacd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): RasAuto Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Access Auto Connection Manager Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RasMan,Tapisrv Service (registry key): Rasl2tp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WAN Miniport (L2TP) Description: WAN Miniport (L2TP) Image path: System32\DRIVERS\rasl2tp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): RasMan Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Access Connection Manager Description: Creates a network connection. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: Tapisrv Service (registry key): RasPppoe Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Access PPPOE Driver Description: Remote Access PPPOE Driver Image path: System32\DRIVERS\raspppoe.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Raspti Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Direct Parallel Description: Direct Parallel Image path: System32\DRIVERS\raspti.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Rdbss Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Rdbss Description: Rdbss Image path: System32\DRIVERS\rdbss.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): RDPCDD Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\DRIVERS\RDPCDD.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): RDPDD Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): RDPNP Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): RDPWD Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): RDSessMgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Desktop Help Session Manager Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. Object name: LocalSystem Image path: C:\WINDOWS\system32\sessmgr.exe Image size: 140800 Image MD5: 729798E0933076B8FCFCD9934698F164 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): redbook Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Digital CD Audio Playback Filter Driver Image path: System32\DRIVERS\redbook.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): RemoteAccess Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Routing and Remote Access Description: Offers routing services to businesses in local area and wide area network environments. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Depends On services: RpcSS Depends On group: NetBIOSGroup Service (registry key): RpcLocator Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Procedure Call (RPC) Locator Description: Manages the RPC name service database. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\locator.exe Image size: 75264 Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): RpcSs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Procedure Call (RPC) Description: Provides the endpoint mapper and other miscellaneous RPC services. Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\svchost -k rpcss Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): RSVP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: QoS RSVP Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. Object name: LocalSystem Image path: %SystemRoot%\System32\rsvp.exe Image size: 132608 Image MD5: 471B3F9741D762ABE75E9DEEA4787E47 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: TcpIp,Afd,RpcSs Service (registry key): SamSs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Security Accounts Manager Description: Stores security information for local user accounts. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F4D55C6146EBF6065D75D2 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): SCardSvr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Smart Card Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\SCardSvr.exe Image size: 95744 Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 0 Depends On services: PlugPlay Service (registry key): Schedule Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Task Scheduler Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): ScsiPort Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: %SystemRoot%\system32\drivers\scsiport.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Secdrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Secdrv Description: SafeDisc driver Image path: System32\DRIVERS\secdrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): seclogon Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Secondary Logon Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 288 Error Control: 0 Service (registry key): SENS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: System Event Notification Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: EventSystem Service (registry key): serenum Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Serenum Filter Driver Image path: System32\DRIVERS\serenum.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Serial Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Serial port driver Image path: System32\DRIVERS\serial.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): Sfloppy Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Depends On group: "SCSI miniport" Service (registry key): SharedAccess Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Windows Firewall/Internet Connection Sharing (ICS) Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Netman,WinMgmt Service (registry key): ShellHWDetection Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Shell Hardware Detection Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Simbad Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): SLIP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: BDA Slip De-Framer Image path: System32\DRIVERS\SLIP.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Sparrow Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): splitter Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Kernel Audio Splitter Image path: system32\drivers\splitter.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Spooler Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Print Spooler Description: Loads files to memory for later printing. Object name: LocalSystem Image path: %SystemRoot%\system32\spoolsv.exe Image size: 57856 Image MD5: 7435B108B935E42EA92CA94F59C8E717 Control Set: CurrentControlSet Start: 2 Type: 272 Error Control: 1 Depends On services: RPCSS Service (registry key): sr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: System Restore Filter Driver Image path: System32\DRIVERS\sr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 2 Error Control: 1 Service (registry key): srescan Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\ZoneLabs\srescan.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 0 Service (registry key): srservice Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: System Restore Service Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Srv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Srv Description: Srv Image path: System32\DRIVERS\srv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): SSDPSRV Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: SSDP Discovery Service Description: Enables discovery of UPnP devices on your home network. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): stisvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Windows Image Acquisition (WIA) Description: Provides image acquisition services for scanners and cameras. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k imgsvc Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): streamip Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: BDA IPSink Image path: System32\DRIVERS\StreamIP.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): swenum Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Software Bus Driver Image path: System32\DRIVERS\swenum.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): swmidi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Kernel GS Wavetable Synthesizer Image path: system32\drivers\swmidi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): SwPrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: MS Software Shadow Copy Provider Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{052CB1E4-7329-44BB-A873-ED357F88AD03} Image size: 5120 Image MD5: DD87DB7387B9EB441C5674888A0D840C Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 0 Depends On services: rpcss Service (registry key): swwd Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): symc810 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): symc8xx Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): sym_hi Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): sym_u3 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): sysaudio Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Kernel System Audio Device Image path: system32\drivers\sysaudio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): SysmonLog Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Performance Logs and Alerts Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\smlogsvc.exe Image size: 89600 Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): TapiSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Telephony Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): Tcpip Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: TCP/IP Protocol Driver Description: TCP/IP Protocol Driver Image path: System32\DRIVERS\tcpip.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: IPSec Service (registry key): TDPIPE Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): TDTCP Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): TermDD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Terminal Device Driver Image path: System32\DRIVERS\termdd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): TermService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Terminal Services Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost -k DComLaunch Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): Themes Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Themes Description: Provides user experience theme management. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): tmcomm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: tmcomm Image path: \??\C:\WINDOWS\system32\drivers\tmcomm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 1 Service (registry key): TosIde Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): TrkWks Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Distributed Link Tracking Client Description: Maintains links between NTFS files within a computer or across computers in a network domain. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): TSDDD Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Udfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Service (registry key): ultra Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Update Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microcode Update Driver Image path: System32\DRIVERS\update.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): upnphost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Universal Plug and Play Device Host Description: Provides support to host Universal Plug and Play devices. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: SSDPSRV,HTTP Service (registry key): UPS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Uninterruptible Power Supply Description: Manages an uninterruptible power supply (UPS) connected to the computer. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\ups.exe Image size: 18432 Image MD5: 3F5DF65B0758675F95A2D43918A740A3 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): usbehci Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver Image path: System32\DRIVERS\usbehci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbhub Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: USB2 Enabled Hub Image path: System32\DRIVERS\usbhub.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbohci Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft USB Open Host Controller Miniport Driver Image path: System32\DRIVERS\usbohci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): USBSTOR Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: USB Mass Storage Driver Image path: System32\DRIVERS\USBSTOR.SYS Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): VgaSave Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: VGA Display Controller. Description: Controls the VGA display adapter to provide basic display capabilities. Image path: \SystemRoot\System32\drivers\vga.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): ViaIde Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): VolSnap Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): vsdatant Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: vsdatant Image path: System32\vsdatant.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: TCPIP Service (registry key): vsmon Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: TrueVector Internet Monitor Description: Monitors internet traffic and generates alerts for disallowed access. Object name: LocalSystem Image path: C:\WINDOWS\system32\ZONELABS\vsmon.exe -service Image size: 75304 Image MD5: 4ABE946715D5E17C013D70FABB9E9780 Control Set: CurrentControlSet Start: 2 Type: 272 Error Control: 1 Depends On services: Afd,RpcSs,vsdatant Service (registry key): VSS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Volume Shadow Copy Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\vssvc.exe Image size: 289792 Image MD5: 3EE00364AE0FD8D604F46CBAF512838A Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): W32Time Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Windows Time Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): W3SVC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Wanarp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Access IP ARP Driver Description: Remote Access IP ARP Driver Image path: System32\DRIVERS\wanarp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): WDICA Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): wdmaud Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft WINMM WDM Audio Compatibility Driver Image path: system32\drivers\wdmaud.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): WebClient Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WebClient Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: MRxDAV Service (registry key): winmgmt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Windows Management Instrumentation Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 0 Depends On services: RPCSS,Eventlog Service (registry key): Winsock Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 4 Error Control: 1 Service (registry key): Winsock - Google Desktop Search Backup Before First Install Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 4 Error Control: 1 Service (registry key): Winsock - Google Desktop Search Backup Before Last Install Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 4 Error Control: 1 Service (registry key): WinSock2 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Winsock2 - Google Desktop Search Backup Before First Install Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Winsock2 - Google Desktop Search Backup Before Last Install Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): WinTrust Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): WmdmPmSN Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Portable Media Serial Number Service Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): Wmi Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): WmiApRpl Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): WmiApSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WMI Performance Adapter Description: Provides performance library information from WMI HiPerf providers. Object name: LocalSystem Image path: C:\WINDOWS\System32\wbem\wmiapsrv.exe Image size: 126464 Image MD5: BA8CECC3E813E1F7C441B20393D4F86C Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): WS2IFSL Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment Image path: \SystemRoot\System32\drivers\ws2ifsl.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): wscsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Security Center Description: Monitors system security settings and configurations. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,winmgmt Service (registry key): WSTCODEC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: World Standard Teletext Codec Image path: System32\DRIVERS\WSTCODEC.SYS Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): wuauserv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Automatic Updates Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Object name: LocalSystem Image path: %systemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): WZCSVC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Wireless Zero Configuration Description: Provides automatic configuration for the 802.11 adapters Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,Ndisuio Service (registry key): XIRLINK Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IBM PC Camera Image path: System32\DRIVERS\C-itnt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): xmlprov Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Network Provisioning Service Description: Manages XML configuration files on a domain basis for automatic network provisioning. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): {8DCB8AFA-787D-47F3-B80B-B7EAD2AF120C} Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): {F657796D-9707-478D-8EB8-56BEF1BC81CB} Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 |
|
|
|
|
Nov 18 2008, 04:11 PM
Post
#10
|
|
|
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Cookies aren't anything to be concerned about.
No signs of virtumonde.dll, so that's good. Please download JavaRa and unzip it to your Desktop. ***Please close any instances of Internet Explorer or Firefox before continuing!*** * Double-click on JavaRa.exe to start the program. * From the drop-down menu, choose English and click on Select. * JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. * Click Yes when prompted. * When JavaRa is finished, a notice will appear that a logfile has been produced. Click OK. * A logfile will pop up. Please post that log back here. Finally, reboot the computer. How does IE run? Are you having the same issues with it as you are with Firefox? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 18 2008, 04:22 PM
Post
#11
|
|
|
New Member Group: Members Posts: 11 Joined: 14-November 08 Member No.: 256,654 |
logfile for JavaRa is below.
I only use IE on a very limited basis. No issues with IE as it operates fine for me. JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Nov 18 16:18:34 2008 Found and removed: C:\Program Files\Java\jre1.6.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting. |
|
|
|
|
Nov 18 2008, 04:52 PM
Post
#12
|
|
|
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Open notepad and copy this text into it.
CODE if exist %systemdrive%\look.txt del %systemdrive%\look.txt cd\ cd %appdata%\Mozilla\Firefox\Profiles\cr0lciql.default\extensions dir /x /o:-d >> %systemdrive%\look.txt cd %programfiles%\\Mozilla Firefox\plugins dir /x /o:-d >> %systemdrive%\look.txt start notepad %systemdrive%\look.txt Save it to your desktop as "look.bat" Make sure to include the quotation marks so it's not saved as a text file. Please post back with the log it creates. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 18 2008, 05:10 PM
Post
#13
|
|
|
New Member Group: Members Posts: 11 Joined: 14-November 08 Member No.: 256,654 |
Results of "look.bat" are below. Thanks !
Volume in drive C is 80gWinXP Volume Serial Number is C04D-32CF Directory of C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\cr0lciql.default\extensions 06/19/2008 11:42 AM <DIR> {D10D0~1 {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} 10/29/2007 03:36 PM <DIR> MOVEPL~1.COM moveplayer@movenetworks.com 06/25/2007 02:56 PM <DIR> .. 06/25/2007 02:56 PM <DIR> . 0 File(s) 0 bytes 4 Dir(s) 57,184,845,824 bytes free Volume in drive C is 80gWinXP Volume Serial Number is C04D-32CF Directory of C:\Program Files\Mozilla Firefox\plugins 11/15/2008 11:34 AM 410,976 NPDEPL~1.DLL npdeploytk.dll 11/14/2008 10:13 AM 65,536 npnul32.dll 06/18/2008 02:43 AM 86,016 NPCOUP~1.DLL npCouponPrinter.dll 12/14/2007 04:30 PM 24,673 NPZONESB.DLL NPZoneSB.dll 08/09/2007 11:24 AM 131,072 NPQTPL~3.DLL npqtplugin3.dll 08/09/2007 11:24 AM 131,072 NPQTPL~1.DLL npqtplugin.dll 08/09/2007 11:24 AM 131,072 NPB260~1.DLL npqtplugin5.dll 08/09/2007 11:24 AM 131,072 NPB660~1.DLL npqtplugin6.dll 08/09/2007 11:24 AM 131,072 NPBA60~1.DLL npqtplugin7.dll 08/09/2007 11:24 AM 4,208 QUICKT~1.CLA QuickTimePlugin.class 08/09/2007 11:24 AM 131,072 NPQTPL~4.DLL npqtplugin4.dll 08/09/2007 11:24 AM 131,072 NPQTPL~2.DLL npqtplugin2.dll 07/31/2007 06:44 PM 69,632 npitunes.dll 07/31/2007 06:44 PM 219 npitunes.xpt 06/25/2007 02:56 PM <DIR> . 06/25/2007 02:56 PM <DIR> .. 04/10/2007 05:21 PM 163,256 np-mswmp.dll 03/30/2007 10:43 AM 3,352 WMPFIR~1.TXT WMP Firefox Plugin RelNotes.txt 03/30/2007 10:43 AM 149,569 WMPFIR~1.RTF WMP Firefox Plugin License.rtf 17 File(s) 1,894,941 bytes 2 Dir(s) 57,184,845,824 bytes free |
|
|
|
|
Nov 18 2008, 06:23 PM
Post
#14
|
|
|
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Ok, I have good news and I have bad news.
The good news is that I don't find any indication of an active malware infection on your computer.  The bad news is that your issues with Firefox seem to have something to do with the update that was just installed a few days ago when you first noticed the issues. So you need to troubleshoot Firefox and that's not really my thing. But I do have some suggestions for you to try. Usually when there are issues with Firefox it has something to do the add-ons or themes that you have installed. Check out this link to troubleshoot those. http://support.mozilla.com/en-US/kb/Troubl...ions+and+themes Here are some other troubleshooting steps you can take, including creating a new profile for Firefox to see if that makes a difference. http://support.mozilla.com/en-US/kb/Basic+...e_a_new_profile Let me know how it goes. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 18 2008, 06:53 PM
Post
#15
|
|
|
New Member Group: Members Posts: 11 Joined: 14-November 08 Member No.: 256,654 |
I think I've finally found the problem. Disabled an extension -- AVG SAFE SEARCH -- in Firefox and it appears Firefox is no
longer crashing. Your help was tremendous ! A million thanks, Sam. 
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th July 2009 - 08:31 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.