 Spybot Is Showing "deskmate.tahni" |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Oct 24 2006, 06:23 PM
Post
#1
|
|
|
Member  Group: Members Posts: 29 Joined: 23-February 05 Member No.: 12,855  |
I am running Windows XP with SP2 and use Mozilla/Firefox browser. I am pretty security conscious and a routine Spybot scan came up with "Desktop.Tahni" which keeps reappearing. I don't know if this is a false positive but in case not an HJT log is posted. I would be very grateful if you could tell me if I have a problem. So you know, I have disabled System Restore and selected options to show hidden files. I have not seleted the option to show protected operating system files. Thanks again for your help. Logfile of HijackThis v1.99.1 Scan saved at 00:14:07, on 25/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [IW_Drop_Icon] D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
 |
 
|
|
Oct 31 2006, 02:01 PM
Post
#2
|
|
 malware expert Group: HJT Team Posts: 14,957 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hello neophyte,
Welcome to the forum, according to the website for this junk, it can be uninstalled like this: http://www.oska.com/support.php?Product=Ta...mp;MH=Uninstall I have never tried the uninstaller so let me know how it works. This post has been edited by SifuMike: Oct 31 2006, 02:06 PM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!  Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Nov 2 2006, 03:55 AM
Post
#3
|
|
|
Member Group: Members Posts: 29 Joined: 23-February 05 Member No.: 12,855 |
Thanks for your reply SifuMike.
The uninstaller didn't work I am afraid. The suggestion was that I would go Start » Programs » DeskMates and then select the "Uninstall" option. However, there was no "DeskMates" option following "Start » Programs »". It doesn't look as though I have any "DeskMates" at all: I certainly can't do any of the things that are mentioned on the link you sent. Maybe a false positive? Have recently signed up to an internet poker site - maybe something on the software for that? Not noticing any adverse symptoms on the computer. |
|
|
|
|
Nov 2 2006, 01:16 PM
Post
#4
|
|
|
malware expert Group: HJT Team Posts: 14,957 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hello neophyte,
Open HijackThis Go to ‘config’ Go to ‘misc tools’ Press the button ‘open uninstall manager’ Press 'save list' A notepad file will open. Post the content here in your reply. Close HijackThis. Please post the log from your Spybot 1.4 last scan. You can get the log by opening Spybot 1.4> select Mode> Advanced > Tools> View Report> copy and paste the report to your reply. -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Nov 3 2006, 04:23 PM
Post
#5
|
|
|
Member Group: Members Posts: 29 Joined: 23-February 05 Member No.: 12,855 |
Thanks a lot. Will do two posts because of the amount of info:
Here is the info from the HJT Uninstall Manager Here are the results: Ad-Aware SE Personal Adobe Download Manager 2.0 (Remove Only) Adobe Reader 7.0.5 Apple Software Update ArcSoft PhotoStudio 5.5 Athlon 64 Processor Driver Canon MP Drivers Canon MP Toolbox 4.1.1.0.mp10 CC_ccProxyExt ccCommon CCleaner (remove only) ccPxyCore ewido anti-spyware 4.0 HijackThis 1.99.1 iPod for Windows 2005-11-17 iTunes J2SE Runtime Environment 5.0 Update 8 Kaspersky Online Scanner LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Logitech iTouch Software Logitech MouseWare 9.61 Logitech Resource Center Marvell Miniport Driver Mesh Online MetaFrame Presentation Server Web Client for Win32 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Works 7.0 Mozilla Firefox (1.5.0.7) MSRedist MUSICMATCH Jukebox Norton AntiSpam Norton AntiSpam Norton AntiVirus 2006 Norton Ghost 10.0 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2006 (Symantec Corporation) Norton Protection Center Norton WMI Update Norton WMI Update OmniPage SE 2.0 Pacific Poker Panda ActiveScan Pinnacle InstantCD/DVD Suite Pinnacle InstantCD/DVD Suite Update QuickTime Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB925486) SoftK56 Data Fax Voice Speakerphone CARP SoundMAX SPBBC Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) VIA Platform Device Manager Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 Yahoo! Toolbar |
|
|
|
|
Nov 3 2006, 04:37 PM
Post
#6
|
|
|
malware expert Group: HJT Team Posts: 14,957 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
I notice you are still using an old version of FireFox. The new version is 2.0. You should download the new version of FireFox and install it.
I recommend the addon called AdBlock Plus. You forget to post the Spybot log.  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java:
This post has been edited by SifuMike: Nov 3 2006, 04:39 PM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Nov 3 2006, 04:42 PM
Post
#7
|
|
|
Member Group: Members Posts: 29 Joined: 23-February 05 Member No.: 12,855 |
This is Part 1 of Spybot Log
-- Search result list --- --- System information --- Windows XP (Build: 2600) Service Pack 2 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734) / Windows XP / SP1: Windows XP Hotfix - KB826939 / Windows XP / SP2: Windows XP Service Pack 2 / Windows XP / SP3: Windows XP Hotfix - KB873339 / Windows XP / SP3: Windows XP Hotfix - KB885250 / Windows XP / SP3: Windows XP Hotfix - KB885835 / Windows XP / SP3: Windows XP Hotfix - KB885836 / Windows XP / SP3: Windows XP Hotfix - KB886185 / Windows XP / SP3: Windows XP Hotfix - KB887472 / Windows XP / SP3: Windows XP Hotfix - KB887742 / Windows XP / SP3: Windows XP Hotfix - KB888113 / Windows XP / SP3: Windows XP Hotfix - KB888302 / Windows XP / SP3: Security Update for Windows XP (KB890046) / Windows XP / SP3: Windows XP Hotfix - KB890859 / Windows XP / SP3: Windows XP Hotfix - KB891781 / Windows XP / SP3: Security Update for Windows XP (KB893066) / Windows XP / SP3: Security Update for Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Update for Windows XP (KB894391) / Windows XP / SP3: Security Update for Windows XP (KB896358) / Windows XP / SP3: Security Update for Windows XP (KB896422) / Windows XP / SP3: Security Update for Windows XP (KB896423) / Windows XP / SP3: Security Update for Windows XP (KB896424) / Windows XP / SP3: Security Update for Windows XP (KB896428) / Windows XP / SP3: Security Update for Windows XP (KB896688) / Windows XP / SP3: Update for Windows XP (KB898461) / Windows XP / SP3: Security Update for Windows XP (KB899587) / Windows XP / SP3: Security Update for Windows XP (KB899591) / Windows XP / SP3: Update for Windows XP (KB900485) / Windows XP / SP3: Security Update for Windows XP (KB900725) / Windows XP / SP3: Security Update for Windows XP (KB901017) / Windows XP / SP3: Security Update for Windows XP (KB901214) / Windows XP / SP3: Security Update for Windows XP (KB902400) / Windows XP / SP3: Security Update for Windows XP (KB904706) / Windows XP / SP3: Security Update for Windows XP (KB905414) / Windows XP / SP3: Security Update for Windows XP (KB905749) / Windows XP / SP3: Security Update for Windows XP (KB905915) / Windows XP / SP3: Security Update for Windows XP (KB908519) / Windows XP / SP3: Security Update for Windows XP (KB908531) / Windows XP / SP3: Update for Windows XP (KB910437) / Windows XP / SP3: Update for Windows XP (KB911280) / Windows XP / SP3: Security Update for Windows XP (KB911562) / Windows XP / SP3: Security Update for Windows XP (KB911567) / Windows XP / SP3: Security Update for Windows XP (KB911927) / Windows XP / SP3: Security Update for Windows XP (KB912812) / Windows XP / SP3: Security Update for Windows XP (KB912919) / Windows XP / SP3: Security Update for Windows XP (KB913446) / Windows XP / SP3: Security Update for Windows XP (KB913580) / Windows XP / SP3: Security Update for Windows XP (KB914388) / Windows XP / SP3: Security Update for Windows XP (KB914389) / Windows XP / SP3: Security Update for Windows XP (KB916281) / Windows XP / SP3: Update for Windows XP (KB916595) / Windows XP / SP3: Security Update for Windows XP (KB917159) / Windows XP / SP3: Security Update for Windows XP (KB917344) / Windows XP / SP3: Security Update for Windows XP (KB917422) / Windows XP / SP3: Security Update for Windows XP (KB917953) / Windows XP / SP3: Security Update for Windows XP (KB918439) / Windows XP / SP3: Security Update for Windows XP (KB918899) / Windows XP / SP3: Security Update for Windows XP (KB919007) / Windows XP / SP3: Security Update for Windows XP (KB920214) / Windows XP / SP3: Security Update for Windows XP (KB920670) / Windows XP / SP3: Security Update for Windows XP (KB920683) / Windows XP / SP3: Security Update for Windows XP (KB920685) / Windows XP / SP3: Update for Windows XP (KB920872) / Windows XP / SP3: Security Update for Windows XP (KB921398) / Windows XP / SP3: Security Update for Windows XP (KB921883) / Windows XP / SP3: Update for Windows XP (KB922582) / Windows XP / SP3: Security Update for Windows XP (KB922616) / Windows XP / SP3: Security Update for Windows XP (KB922819) / Windows XP / SP3: Security Update for Windows XP (KB923191) / Windows XP / SP3: Security Update for Windows XP (KB923414) / Windows XP / SP3: Security Update for Windows XP (KB924191) / Windows XP / SP3: Security Update for Windows XP (KB924496) / Windows XP / SP3: Security Update for Windows XP (KB925486) --- Startup entries list --- Located: HK_LM:Run, CARPService command: carpserv.exe file: C:\WINDOWS\system32\carpserv.exe size: 4608 MD5: 9aaf44fdf3a5517066b286b80c4a149f Located: HK_LM:Run, ccApp command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe size: 53408 MD5: 8c5d5b71e4e8a1fb8f1fa6cc57fe411e Located: HK_LM:Run, EM_EXEC command: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE file: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE size: 28672 MD5: 621e303c3d83ad5ac6072f446e5232b3 Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 229952 MD5: ceccc68b54e8e27c93dbede85f160c96 Located: HK_LM:Run, MMTray command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe size: 90112 MD5: d30c9012eff1d64737d3026a55782962 Located: HK_LM:Run, Norton Ghost 10.0 command: "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" file: C:\Program Files\Norton Ghost\Agent\GhostTray.exe size: 1537648 MD5: 5f8bdc81ac2063c1c4bbafb23f219b90 Located: HK_LM:Run, OpwareSE2 command: "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" file: C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe size: 49152 MD5: 882539219b40107d5bc0557e0088dd79 Located: HK_LM:Run, PinnacleDriverCheck command: C:\WINDOWS\system32\PSDrvCheck.exe file: C:\WINDOWS\system32\PSDrvCheck.exe size: 406016 MD5: 39d31d333c39caa9a13b738804b43284 Located: HK_LM:Run, Ptipbmf command: rundll32.exe ptipbmf.dll,SetWriteCacheMode file: C:\WINDOWS\system32\rundll32.exe size: 33280 MD5: da285490bbd8a1d0ce6623577d5ba1ff Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\qttask.exe" -atboottime file: C:\Program Files\QuickTime\qttask.exe size: 282624 MD5: d2c900031fd445b5464abb5629388be3 Located: HK_LM:Run, RaidTool command: C:\Program Files\VIA\RAID\raid_tool.exe file: C:\Program Files\VIA\RAID\raid_tool.exe size: 589824 MD5: 1cf881aae046fa887e684b5b8d5d3156 Located: HK_LM:Run, SoundMAX command: "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray file: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe size: 794624 MD5: 0a83aedefade30b5cd28049031e149fa Located: HK_LM:Run, SoundMAXPnP command: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe file: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe size: 1368064 MD5: d3333768300f462f6b309ab53f75bb25 Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" file: C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe size: 49263 MD5: ffb2d7833002457d3801aa4422ffb44f Located: HK_LM:Run, zBrowser Launcher command: C:\Program Files\Logitech\iTouch\iTouch.exe file: C:\Program Files\Logitech\iTouch\iTouch.exe size: 631362 MD5: fd8f1b9e5760660cdd4e6e6a0a8be902 Located: HK_CU:Run, CTFMON.EXE command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996a38c0b0cf151c2140ae29fc8 Located: HK_CU:Run, InstantTray command: C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe file: C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe size: 772096 MD5: 7b3a795131afbf1aa7b8fbf14d48dd4a Located: HK_CU:Run, IW_Drop_Icon command: D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc file: Located: Startup (common), Adobe Reader Speed Launch.lnk command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe size: 29696 MD5: 43362b96870ce8649f4f2ec893da93f0 Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll Located: WinLogon, WgaLogon command: WgaLogon.dll file: WgaLogon.dll Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll --- Browser helper object list --- {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) BHO name: CLSID name: Yahoo! Toolbar Helper description: Yahoo Companion! classification: Legitimate known filename: Ycomp*_*_*_*.dll info link: http://companion.yahoo.com/ info source: TonyKlein Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\ Long name: yt.dll Short name: Date (created): 19/03/2006 10:15:52 Date (last access): 03/11/2006 21:16:42 Date (last write): 07/12/2005 15:06:36 Filesize: 399424 Attributes: archive MD5: 8CF01BFFB40C1CD6951E5C0A4F0B90A0 CRC32: 6BD6EA97 Version: 2005.12.7.1 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) BHO name: CLSID name: AcroIEHlprObj Class description: Adobe Acrobat reader classification: Legitimate known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll info link: http://www.adobe.com/products/acrobat/readstep2.html info source: TonyKlein Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 23/09/2005 20:12:08 Date (last access): 03/11/2006 21:16:42 Date (last write): 23/09/2005 20:12:08 Filesize: 63136 Attributes: archive MD5: B61D5D651ECC6055C29BF826CA7B1141 CRC32: FEF15799 Version: 7.0.5.172 {53707962-6F74-2D53-2644-206D7942484F} () BHO name: CLSID name: description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: D:\PROGRA~1\Spybot\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 03/12/2005 17:55:06 Date (last access): 03/11/2006 21:16:42 Date (last write): 31/05/2005 01:04:00 Filesize: 853672 Attributes: archive MD5: 250D787A5712D7768DDC133B3E477759 CRC32: D4589A41 Version: 1.4.0.0 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) BHO name: CLSID name: SSVHelper Class Path: C:\Program Files\Java\jre1.5.0_08\bin\ Long name: ssv.dll Short name: Date (created): 26/07/2006 02:03:18 Date (last access): 03/11/2006 21:16:42 Date (last write): 26/07/2006 02:17:56 Filesize: 434279 Attributes: archive MD5: 77036728E730F810CD479EF9F48398C5 CRC32: E3502158 Version: 5.0.80.3 {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (Norton Internet Security 2006) BHO name: Norton Internet Security 2006 CLSID name: CNisExtBho Class description: NIS 2004, classification: Legitimate known filename: NISShExt.dll info link: http://www.symantec.com/sabu/nis/nis_pe/ info source: TonyKlein Path: C:\Program Files\Common Files\Symantec Shared\AdBlocking\ Long name: NISShExt.dll Short name: Date (created): 25/09/2005 04:20:26 Date (last access): 03/11/2006 21:16:42 Date (last write): 25/09/2005 04:20:26 Filesize: 94336 Attributes: archive MD5: AC8D3465325E25BE348E1A73B5B04FCC CRC32: 8F142F4F Version: 9.0.0.73 {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (NAV Helper) BHO name: NAV Helper CLSID name: CNavExtBho Class Path: C:\Program Files\Norton Internet Security\Norton AntiVirus\ Long name: NAVSHEXT.DLL Short name: Date (created): 24/09/2005 01:37:48 Date (last access): 03/11/2006 21:16:42 Date (last write): 05/02/2006 01:03:32 Filesize: 140960 Attributes: archive MD5: 2BBF8C0CF0E439ADA20789CD3D0FB57B CRC32: F87D6BA5 Version: 12.2.0.13 --- ActiveX list --- {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) DPF name: CLSID name: CKAVWebScan Object Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf Codebase: http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab description: classification: Legitimate known filename: info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\ Long name: kavwebscan.dll Short name: KAVWEB~1.DLL Date (created): 20/03/2006 12:17:20 Date (last access): 03/11/2006 21:16:42 Date (last write): 20/03/2006 12:17:20 Filesize: 798720 Attributes: archive MD5: F74B09086C2097BC535C5DCCCD3402AC CRC32: 01AA9D3D Version: 5.0.83.0 {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf Codebase: http://go.microsoft.com/fwlink/?linkid=39204 description: classification: Legitimate known filename: LegitCheckControl.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.dll Short name: LEGITC~1.DLL Date (created): 12/07/2005 18:04:22 Date (last access): 03/11/2006 20:56:36 Date (last write): 19/06/2006 15:19:42 Filesize: 571184 Attributes: archive MD5: 31BF58C9814F840EB10A2B7A410ABEA3 CRC32: DAFAE165 Version: 1.5.540.0 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) DPF name: Java Runtime Environment 1.5.0 CLSID name: Java Plug-in 1.5.0_08 Installer: Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre1.5.0_08\bin\ Long name: NPJPI150_08.dll Short name: NPJPI1~1.DLL Date (created): 26/07/2006 02:03:18 Date (last access): 03/11/2006 21:16:42 Date (last write): 26/07/2006 02:17:56 Filesize: 69746 Attributes: archive MD5: C10D603F2BD3B0A2EAC4EC5B743430D3 CRC32: 1EB99B36 Version: 5.0.80.3 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) DPF name: CLSID name: ActiveScan Installer Class Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab description: classification: Legitimate known filename: ASINST.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: asinst.dll Short name: Date (created): 11/04/2006 16:10:10 Date (last access): 03/11/2006 21:16:42 Date (last write): 11/04/2006 16:10:10 Filesize: 135168 Attributes: archive MD5: 7267AE9C8DF527C30885DC29687D2A9B CRC32: 1B1733A3 Version: 58.5.0.0 {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) DPF name: Java Runtime Environment 1.5.0 CLSID name: Java Plug-in 1.5.0_08 Installer: Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.5.0_08\bin\ Long name: NPJPI150_08.dll Short name: NPJPI1~1.DLL Date (created): 26/07/2006 02:03:18 Date (last access): 03/11/2006 21:16:42 Date (last write): 26/07/2006 02:17:56 Filesize: 69746 Attributes: archive MD5: C10D603F2BD3B0A2EAC4EC5B743430D3 CRC32: 1EB99B36 Version: 5.0.80.3 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) DPF name: Java Runtime Environment 1.5.0 CLSID name: Java Plug-in 1.5.0_08 Installer: Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.5.0_08\bin\ Long name: NPJPI150_08.dll Short name: NPJPI1~1.DLL Date (created): 26/07/2006 02:03:18 Date (last access): 03/11/2006 21:16:42 Date (last write): 26/07/2006 02:17:56 Filesize: 69746 Attributes: archive MD5: C10D603F2BD3B0A2EAC4EC5B743430D3 CRC32: 1EB99B36 Version: 5.0.80.3 --- Process list --- PID: 0 ( 0) [System] PID: 704 ( 4) \SystemRoot\System32\smss.exe PID: 768 ( 704) \??\C:\WINDOWS\system32\csrss.exe PID: 792 ( 704) \??\C:\WINDOWS\system32\winlogon.exe PID: 836 ( 792) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PID: 848 ( 792) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 996 ( 836) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1076 ( 836) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1172 ( 836) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1232 ( 836) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1360 ( 836) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1600 ( 836) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe size: 169632 MD5: 92C27887787E637185FEC2EE43DA390F PID: 1628 ( 836) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe size: 192160 MD5: FF7DAA264887E850ABFDB8167A8685C9 PID: 1760 (1736) C:\WINDOWS\Explorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64 PID: 1808 ( 836) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe size: 202400 MD5: F4CBCA2089A8419BF3397A1BC248C54D PID: 1820 ( 836) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe size: 214720 MD5: 0D411EEA92751C1ECD8453892F41E726 PID: 1888 ( 836) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe size: 1160848 MD5: 1567D41313BB856FE150CF6DECC80174 PID: 1920 ( 836) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe size: 1119888 MD5: 2DCEF866D958573DE3D9960CD72E9A0C PID: 456 ( 836) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PID: 812 ( 836) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe size: 100032 MD5: B825F25B8FC988F18C2EAA6737E83512 PID: 1016 ( 836) C:\Program Files\ewido anti-spyware 4.0\guard.exe size: 172032 MD5: F8D982556A9E0795829632FF0812DC2D PID: 1028 ( 836) C:\WINDOWS\System32\GEARSec.exe size: 53248 MD5: B6E01969246FCB67470E87E6957EE147 PID: 1120 ( 836) C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe size: 139936 MD5: 0B9744394FA53C720BCE0D0DE96070E7 PID: 1240 ( 836) C:\Program Files\Norton Ghost\Agent\VProSvc.exe size: 2066024 MD5: 89573B6F88A851EBA44BABE98543C007 PID: 1332 ( 836) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe size: 45056 MD5: 3978F082274F723AD5A0A8058C2417DD PID: 1548 ( 836) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1352 ( 836) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 1544 (1760) C:\Program Files\Common Files\Symantec Shared\ccApp.exe size: 53408 MD5: 8C5D5B71E4E8A1FB8F1FA6CC57FE411E PID: 2096 (1760) C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe size: 49152 MD5: 882539219B40107D5BC0557E0088DD79 PID: 2184 (1760) C:\Program Files\Logitech\iTouch\iTouch.exe size: 631362 MD5: FD8F1B9E5760660CDD4E6E6A0A8BE902 PID: 2236 (1760) C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE size: 28672 MD5: 621E303C3D83AD5AC6072F446E5232B3 PID: 2268 (1760) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe size: 90112 MD5: D30C9012EFF1D64737D3026A55782962 PID: 2292 (1760) C:\Program Files\VIA\RAID\raid_tool.exe size: 589824 MD5: 1CF881AAE046FA887E684B5B8D5D3156 PID: 2304 (1760) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe size: 1368064 MD5: D3333768300F462F6B309AB53F75BB25 PID: 2376 (1760) C:\Program Files\Analog Devices\SoundMAX\Smax4.exe size: 794624 MD5: 0A83AEDEFADE30B5CD28049031E149FA PID: 2404 (1760) C:\WINDOWS\system32\carpserv.exe size: 4608 MD5: 9AAF44FDF3A5517066B286B80C4A149F PID: 2600 (1760) C:\Program Files\Norton Ghost\Agent\GhostTray.exe size: 1537648 MD5: 5F8BDC81AC2063C1C4BBAFB23F219B90 PID: 2724 (1760) C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe size: 49263 MD5: FFB2D7833002457D3801AA4422FFB44F PID: 2748 (1760) C:\Program Files\QuickTime\qttask.exe size: 282624 MD5: D2C900031FD445B5464ABB5629388BE3 PID: 2824 (1760) C:\Program Files\iTunes\iTunesHelper.exe size: 229952 MD5: CECCC68B54E8E27C93DBEDE85F160C96 PID: 2836 (1760) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 PID: 2856 (1760) C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe size: 772096 MD5: 7B3A795131AFBF1AA7B8FBF14D48DD4A PID: 3016 (1760) D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe size: 1122816 MD5: 84FC22AF576212BA952373D1CCE40A22 PID: 3332 ( 836) C:\Program Files\iPod\bin\iPodService.exe size: 451136 MD5: 216D2B5F6B9B81E5422E67416C7CE91C PID: 1720 ( 836) C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE size: 750768 MD5: 24A7C31963943E9CF453C043648E6E4D PID: 956 (1760) C:\Program Files\Mozilla Firefox\firefox.exe size: 7190637 MD5: 43658E87F7B183F2245491FBCC695E05 PID: 132 (1760) C:\Program Files\HijackThis\HijackThis.exe size: 218112 MD5: EE86268E59E4B38961E7C40D16BE5BB4 PID: 2076 (1760) D:\Program Files\Spybot\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System PID: 3184 ( 996) C:\Program Files\Messenger\msmsgs.exe size: 1694208 MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259 --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 03/11/2006 21:21:58 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\windows\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@ http://home.microsoft.com/access/autosearch.asp?p=%s HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\windows\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 1: MSAFD Tcpip [UDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A92E0895-C539-4021-92A6-A92353AC84A9}] SEQPACKET 5 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A92E0895-C539-4021-92A6-A92353AC84A9}] DATAGRAM 5 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{240BE06D-2D99-4283-BB6B-47731EEDBB5E}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{240BE06D-2D99-4283-BB6B-47731EEDBB5E}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{72EC585D-75CA-438B-B834-C258060429FD}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{72EC585D-75CA-438B-B834-C258060429FD}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC488680-98DE-4611-AF31-749D64368770}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC488680-98DE-4611-AF31-749D64368770}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{98A1C8EF-4866-4B61-833E-73A1A87B317B}] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{98A1C8EF-4866-4B61-833E-73A1A87B317B}] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDC6E8B3-CA28-4366-A7C7-4B8C8AB4960A}] SEQPACKET 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDC6E8B3-CA28-4366-A7C7-4B8C8AB4960A}] DATAGRAM 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Network Location Awareness (NLA) Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace --- Uninstall list --- Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal) uninstall cmd: D:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG publisher: Lavasoft help link: http://www.lavasoft.com (AddressBook) Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD) uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe" (Branding) CCleaner (remove only) (CCleaner) uninstall cmd: "C:\Documents and Settings\Jonathan\My Documents\CCleaner\uninst.exe" SoftK56 Data Fax Voice Speakerphone CARP (CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200414F1) uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200414F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200414F1 (Connection Manager) (DirectAnimation) (DirectDrawEx) (DXM_Runtime) ewido anti-spyware 4.0 (ewidoantispyware4) install location: C:\Program Files\ewido anti-spyware 4.0 uninstall cmd: C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe publisher: ewido networks help link: http://www.ewido.net (Fontcore) HijackThis 1.99.1 1.99.1 (HijackThis) uninstall cmd: C:\Program Files\HijackThis\HijackThis.exe /uninstall publisher: Soeperman Enterprises Ltd. (ICW) (IE40) (IE4Data) (IE5BAKEX) (IEData) (InstallShield Uninstall Information) VIA Platform Device Manager 1.12 (InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) version: 17563648 version (major): 1 version (minor): 12 estimated size: 2648 install date: 20051119 install source: E:\Drivers\4in1\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} publisher: VIA Technologies, Inc. comments: VIA Hyperion Pro Setup Program contact: http://forums.viaarena.com/ help link: http://www.viaarena.com/ help telephone: NULL readme: NULL iPod for Windows 2005-11-17 4.7.0 (InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}) version: 67567616 version (major): 4 version (minor): 7 estimated size: 66632 install date: 20060109 install location: C:\Program Files\iPod\ install source: C:\WINDOWS\Downloaded Installations\{F79A82EE-88D7-4394-B01A-BEB28F9AF944}\ uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033 publisher: Apple Computer, Inc. contact: AppleCare help link: http://www.info.apple.com readme: http://www.info.apple.com/support/downloads.html Kaspersky Online Scanner 5.0.83.0 (Kaspersky Online Scanner) estimated size: 6040 install location: C:\WINDOWS\system32\KASPER~1\KASPER~1 uninstall cmd: C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe publisher: Kaspersky Lab contact: Customer Support Department help link: http://www.kaspersky.com/support.asp Windows XP Hotfix - KB826939 20030902.222339 (KB826939) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=826939 Windows XP Hotfix - KB873339 20041117.092459 (KB873339) uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=873339 (KB884016) Windows XP Hotfix - KB885250 20050118.202711 (KB885250) uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885250 Windows XP Hotfix - KB885835 20041027.181713 (KB885835) uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885835 Windows XP Hotfix - KB885836 20041028.173203 (KB885836) uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885836 Windows XP Hotfix - KB886185 20041021.090540 (KB886185) uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=886185 Windows XP Hotfix - KB887472 20041014.162858 (KB887472) uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=887472 Windows XP Hotfix - KB887742 20041103.095002 (KB887742) uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=887742 Windows XP Hotfix - KB888113 20041116.131036 (KB888113) uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888113 Windows XP Hotfix - KB888302 20041207.111426 (KB888302) uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888302 Security Update for Windows XP (KB890046) 1 (KB890046) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890046 Windows XP Hotfix - KB890859 1 (KB890859) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890859 Windows XP Hotfix - KB891781 20050110.165439 (KB891781) uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=891781 Security Update for Windows XP (KB893066) 2 (KB893066) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893066 Security Update for Windows XP (KB893756) 1 (KB893756) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893756 3.1 (KB893803) help link: http://go.microsoft.com/fwlink/?LinkId=42467 Windows Installer 3.1 (KB893803) (KB893803v2) uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://go.microsoft.com/fwlink/?LinkId=42467 Update for Windows XP (KB894391) 1 (KB894391) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=894391 Security Update for Windows XP (KB896358) 1 (KB896358) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896358 Security Update for Windows XP (KB896422) 1 (KB896422) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896422 Security Update for Windows XP (KB896423) 1 (KB896423) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896423 Security Update for Windows XP (KB896424) 1 (KB896424) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896424 Security Update for Windows XP (KB896428) 1 (KB896428) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896428 Security Update for Windows XP (KB896688) 1 (KB896688) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896688 Update for Windows XP (KB898461) 1 (KB898461) install date: 20051119 uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=898461 Security Update for Windows XP (KB899587) 1 (KB899587) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899587 Security Update for Windows XP (KB899591) 1 (KB899591) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899591 Update for Windows XP (KB900485) 2 (KB900485) install date: 20060506 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900485 Security Update for Windows XP (KB900725) 1 (KB900725) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900725 Security Update for Windows XP (KB901017) 1 (KB901017) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901017 Security Update for Windows XP (KB901214) 1 (KB901214) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901214 Security Update for Windows XP (KB902400) 1 (KB902400) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=902400 Security Update for Windows XP (KB904706) 1 (KB904706) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=904706 Security Update for Windows XP (KB905414) 1 (KB905414) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905414 Security Update for Windows XP (KB905749) 1 (KB905749) install date: 20051120 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905749 Security Update for Windows XP (KB905915) 1 (KB905915) install date: 20051218 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905915 Security Update for Windows XP (KB908519) 1 (KB908519) install date: 20060110 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908519 Security Update for Windows XP (KB908531) 1 (KB908531) install date: 20060414 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908531 Update for Windows XP (KB910437) 1 (KB910437) install date: 20051218 uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=910437 Update for Windows XP (KB911280) 2 (KB911280) install date: 20060627 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911280 Security Update for Windows XP (KB911562) 1 (KB911562) install date: 20060414 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911562 Security Update for Windows Media Player (KB911564) (KB911564) install date: 20060217 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=911564 Security Update for Windows Media Player 9 (KB911565) (KB911565) install date: 20060217 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=911565 Security Update for Windows XP (KB911567) 1 (KB911567) install date: 20060414 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911567 Security Update for Windows XP (KB911927) 1 (KB911927) install date: 20060217 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911927 Security Update for Windows XP (KB912812) 1 (KB912812) install date: 20060414 uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=912812 Security Update for Windows XP (KB912919) 1 (KB912919) install date: 20060108 uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=912919 Security Update for Windows XP (KB913433) (KB913433) uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=913433 Security Update for Windows XP (KB913446) 1 (KB913446) install date: 20060217 uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=913446 Security Update for Windows XP (KB913580) 1 (KB913580) install date: 20060509 uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=913580 Security Update for Windows XP (KB914388) 1 (KB914388) install date: 20060716 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914388 Security Update for Windows XP (KB914389) 1 (KB914389) install date: 20060617 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914389 Security Update for Windows XP (KB916281) 1 (KB916281) install date: 20060617 uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbi |
|
|
|
|
Nov 3 2006, 04:44 PM
Post
#8
|
|
|
Member Group: Members Posts: 29 Joined: 23-February 05 Member No.: 12,855 |
And this is part two of the Spybot Log
System Services --- Service (registry key): .NET CLR Data Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET CLR Networking Start: 0 Type: 0 Error Control: 0 Service (registry key): .NETFramework Start: 0 Type: 0 Error Control: 0 Service (registry key): Abiosdsk Start: 4 Type: 1 Error Control: 0 Service (registry key): abp480n5 Start: 4 Type: 1 Error Control: 1 Service (registry key): ACPI Display name: Microsoft ACPI Driver Image path: System32\DRIVERS\ACPI.sys Image size: 187776 Image MD5: A10C7534F7223F4A73A948967D00E69B Start: 0 Type: 1 Error Control: 1 Service (registry key): ACPIEC Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Start: 4 Type: 1 Error Control: 1 Service (registry key): aeaudio Image path: system32\drivers\aeaudio.sys Image size: 116176 Image MD5: 75BEE80A25FC7F690DCD57570DC159C1 Start: 3 Type: 1 Error Control: 1 Service (registry key): aec Display name: Microsoft Kernel Acoustic Echo Canceller Image path: system32\drivers\aec.sys Image size: 142464 Image MD5: 1EE7B434BA961EF845DE136224C30FEC Start: 3 Type: 1 Error Control: 1 Service (registry key): AFD Display name: AFD Networking Support Environment Description: AFD Networking Support Environment Image path: \SystemRoot\System32\drivers\afd.sys Start: 1 Type: 1 Error Control: 1 Service (registry key): Aha154x Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78u2 Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78xx Start: 4 Type: 1 Error Control: 1 Service (registry key): Alerter Display name: Alerter Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 4 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): ALG Display name: Application Layer Gateway Service Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 44544 Image MD5: F1958FBF86D5C004CF19A5951A9514B7 Start: 3 Type: 16 Error Control: 1 Service (registry key): AliIde Start: 4 Type: 1 Error Control: 1 Service (registry key): AmdK8 Display name: AMD Athlon64 Processor Driver Image path: system32\DRIVERS\AmdK8.sys Image size: 35840 Image MD5: E6A2299284013EC4DE3419481A62069F Start: 1 Type: 1 Error Control: 1 Service (registry key): amsint Start: 4 Type: 1 Error Control: 1 Service (registry key): AppMgmt Display name: Application Management Description: Provides software installation services such as Assign, Publish, and Remove. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Service (registry key): Arp1394 Display name: 1394 ARP Client Protocol Description: 1394 ARP Client Protocol Image path: System32\DRIVERS\arp1394.sys Image size: 60800 Image MD5: F0D692B0BFFB46E30EB3CEA168BBC49F Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): ASAPIW2K Display name: ASAPIW2K Image path: System32\Drivers\ASAPIW2K.sys Image size: 11264 Image MD5: 4F9CBBF95E8F7A0D4C0EDCFE3B78102E Start: 3 Type: 1 Error Control: 1 Service (registry key): asc Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3350p Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3550 Start: 4 Type: 1 Error Control: 1 Service (registry key): ASInsHelp Display name: ASInsHelp Image path: \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys Start: 2 Type: 1 Error Control: 1 Service (registry key): ASP.NET Start: 0 Type: 0 Error Control: 0 Service (registry key): ASP.NET_1.1.4322 Start: 0 Type: 0 Error Control: 0 Service (registry key): aspnet_state Display name: ASP.NET State Service Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Image size: 32768 Image MD5: E1A1206A4FB19B675E947B29CCD25FBA Start: 3 Type: 16 Error Control: 1 Service (registry key): AsyncMac Display name: RAS Asynchronous Media Driver Description: RAS Asynchronous Media Driver Image path: System32\DRIVERS\asyncmac.sys Image size: 14336 Image MD5: 02000ABF34AF4C218C35D257024807D6 Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Display name: Standard IDE/ESDI Hard Disk Controller Image path: System32\DRIVERS\atapi.sys Image size: 95360 Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51 Start: 0 Type: 1 Error Control: 1 Service (registry key): Atdisk Start: 4 Type: 1 Error Control: 0 Service (registry key): ati2mtag Image path: System32\DRIVERS\ati2mtag.sys Image size: 701440 Image MD5: 8759322FFC1A50569C1E5528EE8026B7 Start: 3 Type: 1 Error Control: 0 Service (registry key): Atmarpc Display name: ATM ARP Client Protocol Description: ATM ARP Client Protocol Image path: System32\DRIVERS\atmarpc.sys Image size: 59904 Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): AudioSrv Display name: Windows Audio Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): audstub Display name: Audio Stub Driver Image path: System32\DRIVERS\audstub.sys Image size: 3072 Image MD5: D9F724AA26C010A217C97606B160ED68 Start: 3 Type: 1 Error Control: 1 Service (registry key): Automatic LiveUpdate Scheduler Display name: Automatic LiveUpdate Scheduler Description: Manages the scheduling of Automatic LiveUpdate sessions Object name: LocalSystem Image path: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" Image size: 100032 Image MD5: B825F25B8FC988F18C2EAA6737E83512 Start: 2 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): basic2 Image path: System32\DRIVERS\HSF_BSC2.sys Image size: 67167 Image MD5: 1B9C81AB9A456EABD9F8335F04B5F495 Start: 3 Type: 1 Error Control: 0 Service (registry key): BattC Start: 0 Type: 0 Error Control: 0 Service (registry key): Beep Start: 1 Type: 1 Error Control: 1 Service (registry key): BITS Display name: Background Intelligent Transfer Service Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: Rpcss Service (registry key): Browser Display name: Computer Browser Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): cbidf2k Start: 4 Type: 1 Error Control: 1 Service (registry key): ccEvtMgr Display name: Symantec Event Manager Description: Event propagation and logging service Object name: LocalSystem Image path: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" Image size: 192160 Image MD5: FF7DAA264887E850ABFDB8167A8685C9 Start: 2 Type: 16 Error Control: 0 Depends On services: RPCSS,ccSetMgr Service (registry key): ccISPwdSvc Display name: Symantec Internet Security Password Validation Description: User account management service Object name: LocalSystem Image path: "C:\Program Files\Norton Internet Security\ccPwdSvc.exe" Image size: 72328 Image MD5: ACC28D305B3C57A51B94B01559638A81 Start: 3 Type: 16 Error Control: 0 Service (registry key): ccProxy Display name: Symantec Network Proxy Description: Symantec Proxy Service Object name: LocalSystem Image path: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" Image size: 202400 Image MD5: F4CBCA2089A8419BF3397A1BC248C54D Start: 2 Type: 272 Error Control: 0 Service (registry key): ccPwdSvc Display name: Symantec Password Validation Description: Symantec Password Validation Service Object name: LocalSystem Image path: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" Image size: 79472 Image MD5: C007B1B36C4803A735B30B5AF86D268C Start: 3 Type: 16 Error Control: 0 Service (registry key): ccSetMgr Display name: Symantec Settings Manager Description: Settings storage and management service Object name: LocalSystem Image path: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" Image size: 169632 Image MD5: 92C27887787E637185FEC2EE43DA390F Start: 2 Type: 16 Error Control: 0 Depends On services: RPCSS Service (registry key): cd20xrnt Start: 4 Type: 1 Error Control: 1 Service (registry key): Cdaudio Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdfs Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): cdrdrv Display name: Cdrdrv Description: InstantWrite Recorder driver Image path: System32\Drivers\Cdrdrv.sys Image size: 62976 Image MD5: 6110B5C478A0DA030BE698EDD362658F Start: 3 Type: 1 Error Control: 1 Service (registry key): Cdrom Display name: CD-ROM Driver Image path: System32\DRIVERS\cdrom.sys Image size: 49536 Image MD5: AF9C19B3100FE010496B1A27181FBF72 Start: 1 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): Changer Start: 1 Type: 1 Error Control: 0 Service (registry key): cisvc Display name: Indexing Service Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Object name: LocalSystem Image path: C:\WINDOWS\System32\cisvc.exe Image size: 5632 Image MD5: 3192BD04D032A9C4A85A3278C268A13A Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): ClipSrv Display name: ClipBook Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\clipsrv.exe Image size: 33280 Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE Start: 4 Type: 16 Error Control: 1 Depends On services: NetDDE Service (registry key): CmdIde Start: 4 Type: 1 Error Control: 1 Service (registry key): comHost Display name: COM Host Description: COM aggregation host service Object name: LocalSystem Image path: "C:\Program Files\Norton Internet Security\comHost.exe" Image size: 45744 Image MD5: 74D1457916D5ABA84D0B26BA1BBDD498 Start: 3 Type: 16 Error Control: 0 Depends On services: RpcSs Service (registry key): COMSysApp Display name: COM+ System Application Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 5120 Image MD5: DD87DB7387B9EB441C5674888A0D840C Start: 3 Type: 16 Error Control: 1 Depends On services: rpcss Service (registry key): ContentFilter Start: 0 Type: 0 Error Control: 0 Service (registry key): ContentIndex Start: 0 Type: 0 Error Control: 0 Service (registry key): Cpqarray Start: 4 Type: 1 Error Control: 1 Service (registry key): CryptSvc Display name: Cryptographic Services Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): dac2w2k Start: 4 Type: 1 Error Control: 0 Service (registry key): dac960nt Start: 4 Type: 1 Error Control: 1 Service (registry key): DcomLaunch Display name: DCOM Server Process Launcher Description: Provides launch functionality for DCOM services. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost -k DcomLaunch Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Service (registry key): Dhcp Display name: DHCP Client Description: Manages network configuration by registering and updating IP addresses and DNS names. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd,NetBT Service (registry key): Disk Display name: Disk Driver Image path: System32\DRIVERS\disk.sys Image size: 36352 Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0 Start: 0 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): dmadmin Display name: Logical Disk Manager Administrative Service Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. Object name: LocalSystem Image path: %SystemRoot%\System32\dmadmin.exe /com Image size: 224768 Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay,DmServer Service (registry key): dmboot Image path: System32\drivers\dmboot.sys Image size: 799744 Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D Start: 4 Type: 1 Error Control: 1 Service (registry key): dmio Image path: System32\drivers\dmio.sys Image size: 153344 Image MD5: F5E7B358A732D09F4BCF2824B88B9E28 Start: 4 Type: 1 Error Control: 1 Service (registry key): dmload Image path: System32\drivers\dmload.sys Image size: 5888 Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F Start: 4 Type: 1 Error Control: 1 Service (registry key): dmserver Display name: Logical Disk Manager Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay Service (registry key): DMusic Display name: Microsoft Kernel DLS Syntheiszer Image path: system32\drivers\DMusic.sys Image size: 52864 Image MD5: A6F881284AC1150E37D9AE47FF601267 Start: 3 Type: 1 Error Control: 1 Service (registry key): Dnscache Display name: DNS Client Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip Service (registry key): dpti2o Start: 4 Type: 1 Error Control: 1 Service (registry key): drmkaud Display name: Microsoft Kernel DRM Audio Descrambler Image path: system32\drivers\drmkaud.sys Image size: 2944 Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E Start: 3 Type: 1 Error Control: 1 Service (registry key): eeCtrl Display name: Symantec Eraser Control driver Image path: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys Image size: 387432 Image MD5: FB069D8270853023F6E315745B5BBAD4 Start: 1 Type: 1 Error Control: 1 Depends On services: FltMgr Service (registry key): EL2000 Display name: 3Com 3C2000x EtherLink XL Adapter Image path: system32\DRIVERS\EL2K_XP.sys Image size: 147328 Image MD5: D0C7F8CA97D16263D434D943B4B7004F Start: 3 Type: 1 Error Control: 1 Service (registry key): EraserUtilRebootDrv Display name: EraserUtilRebootDrv Image path: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys Image size: 102760 Image MD5: C2B7492EAEA689E812BBBD01EBC9418A Start: 3 Type: 1 Error Control: 1 Service (registry key): ERSvc Display name: Error Reporting Service Description: Allows error reporting for services and applictions running in non-standard environments. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Eventlog Display name: Event Log Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108032 Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4 Start: 2 Type: 32 Error Control: 1 Service (registry key): EventSystem Display name: COM+ Event System Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): ewido anti-spyware 4.0 driver Display name: ewido anti-spyware 4.0 driver Image path: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys Image size: 3968 Image MD5: 9B6B54865BD0EC9ED2532DAD89554969 Start: 1 Type: 1 Error Control: 1 Service (registry key): ewido anti-spyware 4.0 guard Display name: ewido anti-spyware 4.0 guard Object name: LocalSystem Image path: C:\Program Files\ewido anti-spyware 4.0\guard.exe Image size: 172032 Image MD5: F8D982556A9E0795829632FF0812DC2D Start: 2 Type: 16 Error Control: 1 Service (registry key): Fallback Image path: System32\DRIVERS\HSF_FALL.sys Image size: 289887 Image MD5: C823DEBE2548656549F84A875D65237B Start: 2 Type: 1 Error Control: 0 Service (registry key): Fastfat Start: 4 Type: 2 Error Control: 1 Service (registry key): fasttx2k Image path: system32\DRIVERS\fasttx2k.sys Image size: 167762 Image MD5: 73280B805857684B3AC06AB90AFF93BD Start: 0 Type: 1 Error Control: 1 Service (registry key): FastUserSwitchingCompatibility Display name: Fast User Switching Compatibility Description: Provides management for applications that require assistance in a multiple user environment. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: TermService Service (registry key): Fdc Display name: Floppy Disk Controller Driver Image path: System32\DRIVERS\fdc.sys Image size: 27392 Image MD5: CED2E8396A8838E59D8FD529C680E02C Start: 3 Type: 1 Error Control: 1 Service (registry key): Fips Start: 1 Type: 1 Error Control: 1 Service (registry key): Flpydisk Display name: Floppy Disk Driver Image path: System32\DRIVERS\flpydisk.sys Image size: 20480 Image MD5: 0DD1DE43115B93F4D85E889D7A86F548 Start: 3 Type: 1 Error Control: 1 Service (registry key): FltMgr Display name: FltMgr Description: File System Filter Manager Driver Image path: system32\drivers\fltmgr.sys Image size: 128896 Image MD5: 3D234FB6D6EE875EB009864A299BEA29 Start: 0 Type: 2 Error Control: 1 Service (registry key): Fsks Image path: System32\DRIVERS\HSF_FSKS.sys Image size: 115807 Image MD5: 6483414841D4CAB6C3B4DB2AC6EDD70B Start: 2 Type: 1 Error Control: 0 Service (registry key): Fs_Rec Start: 1 Type: 8 Error Control: 0 Service (registry key): Ftdisk Display name: Volume Manager Driver Image path: System32\DRIVERS\ftdisk.sys Image size: 125056 Image MD5: 6AC26732762483366C3969C9E4D2259D Start: 0 Type: 1 Error Control: 1 Service (registry key): gagp30kx Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms Image path: System32\DRIVERS\gagp30kx.sys Image size: 46464 Image MD5: 4216CD545E5C30807B560C5DCAA812E6 Start: 0 Type: 1 Error Control: 1 Service (registry key): GEARAspiWDM Display name: GearAspiWDM Image path: System32\Drivers\GEARAspiWDM.sys Image size: 14448 Image MD5: 8C18F85EDD5D47F34068F3EFD5689FA9 Start: 3 Type: 1 Error Control: 1 Service (registry key): GEARSecurity Object name: LocalSystem Image path: %SystemRoot%\System32\GEARSec.exe Image size: 53248 Image MD5: B6E01969246FCB67470E87E6957EE147 Start: 2 Type: 16 Error Control: 0 Service (registry key): Gpc Display name: Generic Packet Classifier Description: Generic Packet Classifier Image path: System32\DRIVERS\msgpc.sys Image size: 35072 Image MD5: C0F1D4A21DE5A415DF8170616703DEBF Start: 3 Type: 1 Error Control: 1 Service (registry key): helpsvc Display name: Help and Support Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): HidServ Display name: Human Interface Device Access Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 4 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): hpn Start: 4 Type: 1 Error Control: 1 Service (registry key): hpt3xx Start: 4 Type: 1 Error Control: 1 Service (registry key): HSFHWBS2 Image path: system32\DRIVERS\HSFHWBS2.sys Image size: 160083 Image MD5: 127F6638EB09050F5A490BBD6507B37A Start: 3 Type: 1 Error Control: 0 Service (registry key): HSF_DP Image path: system32\DRIVERS\HSF_DP.sys Image size: 1171488 Image MD5: 0ADE6A9622FF72599EF2980036112F17 Start: 3 Type: 1 Error Control: 0 Service (registry key): hsf_msft Image path: System32\DRIVERS\HSF_MSFT.sys Image size: 542879 Image MD5: 74E379857D4C0DFB56DE2D19B8F4C434 Start: 3 Type: 1 Error Control: 0 Service (registry key): HTTP Display name: HTTP Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Image path: System32\Drivers\HTTP.sys Image size: 262784 Image MD5: CB77BB47E67E84DEB17BA29632501730 Start: 3 Type: 1 Error Control: 1 Service (registry key): HTTPFilter Display name: HTTP SSL Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): i2omgmt Start: 1 Type: 1 Error Control: 1 Service (registry key): i2omp Start: 4 Type: 1 Error Control: 1 Service (registry key): i8042prt Display name: i8042 Keyboard and PS/2 Mouse Port Driver Image path: System32\DRIVERS\i8042prt.sys Image size: 52736 Image MD5: 5502B58EEF7486EE6F93F3F164DCB808 Start: 1 Type: 1 Error Control: 1 Service (registry key): IDriverT Display name: InstallDriver Table Manager Description: Provides support for the Running Object Table for InstallShield Drivers Object name: LocalSystem Image path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" Image size: 69632 Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C Start: 3 Type: 16 Error Control: 0 Service (registry key): Imapi Display name: CD-Burning Filter Driver Image path: system32\DRIVERS\imapi.sys Image size: 41856 Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6 Start: 1 Type: 1 Error Control: 1 Service (registry key): ImapiService Display name: IMAPI CD-Burning COM Service Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\imapi.exe Image size: 150016 Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931 Start: 3 Type: 16 Error Control: 1 Service (registry key): inetaccs Start: 0 Type: 0 Error Control: 0 Service (registry key): ini910u Start: 4 Type: 1 Error Control: 1 Service (registry key): Inport Start: 0 Type: 0 Error Control: 0 Service (registry key): IntelIde Start: 4 Type: 1 Error Control: 1 Service (registry key): ip6fw Display name: IPv6 Windows Firewall Driver Description: Provides intrusion prevention service for a home or small office network. Image path: system32\drivers\ip6fw.sys Image size: 29056 Image MD5: 4448006B6BC60E6C027932CFC38D6855 Start: 3 Type: 1 Error Control: 1 Service (registry key): IpFilterDriver Display name: IP Traffic Filter Driver Description: IP Traffic Filter Driver Image path: System32\DRIVERS\ipfltdrv.sys Image size: 32896 Image MD5: 731F22BA402EE4B62748ADAF6363C182 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpInIp Display name: IP in IP Tunnel Driver Description: IP in IP Tunnel Driver Image path: System32\DRIVERS\ipinip.sys Image size: 20992 Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpNat Display name: IP Network Address Translator Description: IP Network Address Translator Image path: System32\DRIVERS\ipnat.sys Image size: 134912 Image MD5: E2168CBC7098FFE963C6F23F472A3593 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): iPod Service Display name: iPod Service Description: iPod hardware management services Object name: LocalSystem Image path: "C:\Program Files\iPod\bin\iPodService.exe" Image size: 451136 Image MD5: 216D2B5F6B9B81E5422E67416C7CE91C Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): IPSec Display name: IPSEC driver Description: IPSEC driver Image path: System32\DRIVERS\ipsec.sys Image size: 74752 Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1 Start: 1 Type: 1 Error Control: 1 Service (registry key): IRENUM Display name: IR Enumerator Service Image path: System32\DRIVERS\irenum.sys Image size: 11264 Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410 Start: 3 Type: 1 Error Control: 1 Service (registry key): ISAPISearch Start: 0 Type: 0 Error Control: 0 Service (registry key): isapnp Display name: PnP ISA/EISA Bus Driver Image path: System32\DRIVERS\isapnp.sys Image size: 35840 Image MD5: E504F706CCB699C2596E9A3DA1596E87 Start: 0 Type: 1 Error Control: 3 Service (registry key): itchfltr Display name: iTouch Keyboard Filter Image path: system32\DRIVERS\itchfltr.sys Image size: 12640 Image MD5: 936123D83E80C1CB3EA042D7FB98DA25 Start: 3 Type: 1 Error Control: 0 Service (registry key): K56 Image path: System32\DRIVERS\HSF_K56K.sys Image size: 391199 Image MD5: 9C5E3FDBFCC30CF71A49CA178B9AD442 Start: 2 Type: 1 Error Control: 0 Service (registry key): Kbdclass Display name: Keyboard Class Driver Image path: System32\DRIVERS\kbdclass.sys Image size: 24576 Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246 Start: 1 Type: 1 Error Control: 1 Service (registry key): kmixer Display name: Microsoft Kernel Wave Audio Mixer Image path: system32\drivers\kmixer.sys Image size: 172416 Image MD5: BA5DEDA4D934E6288C2F66CAF58D2562 Start: 3 Type: 1 Error Control: 1 Service (registry key): KSecDD Start: 0 Type: 1 Error Control: 1 Service (registry key): l8042pr2 Display name: Logitech PS/2 Mouse Filter Driver Image path: system32\DRIVERS\L8042Pr2.sys Image size: 52166 Image MD5: 956E6D0D0994491BCF62C3BCD4D05CE4 Start: 3 Type: 1 Error Control: 1 Service (registry key): L8042PRT Start: 0 Type: 0 Error Control: 0 Service (registry key): lanmanserver Display name: Server Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Service (registry key): lanmanworkstation Display name: Workstation Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Service (registry key): lbrtfdc Start: 1 Type: 1 Error Control: 0 Service (registry key): ldap Start: 0 Type: 0 Error Control: 0 Service (registry key): LicenseService Start: 0 Type: 0 Error Control: 0 Service (registry key): LiveUpdate Display name: LiveUpdate Description: LiveUpdate Core Engine Object name: LocalSystem Image path: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" Image size: 2086592 Image MD5: 7570EC7CC3E3E13379037FDE7EF282B3 Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): LKbdFlt2 Display name: Logitech Keyboard Class Filter Driver Image path: system32\DRIVERS\LKbdFlt2.sys Image size: 5846 Image MD5: BBC297EA4FC97FC7B85F70915345C80A Start: 3 Type: 1 Error Control: 1 Service (registry key): LmHosts Display name: TCP/IP NetBIOS Helper Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: NetBT,Afd Service (registry key): LMouFlt2 Display name: Logitech Mouse Class Filter Driver Image path: system32\DRIVERS\LMouFlt2.sys Image size: 68886 Image MD5: 45DF10F44F6A140A4F3DD377676603F2 Start: 3 Type: 1 Error Control: 1 Service (registry key): LSERMOUS Start: 0 Type: 0 Error Control: 0 Service (registry key): mdmxsdk Image path: system32\DRIVERS\mdmxsdk.sys Image size: 9855 Image MD5: A1E9D936EAC07EE9386E87BAC1377FAD Start: 2 Type: 1 Error Control: 0 Service (registry key): Messenger Display name: Messenger Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 4 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS Service (registry key): MidiSyn Display name: MidiSyn Image path: system32\drivers\MidiSyn.sys Image size: 235100 Image MD5: 63C34814492AA65FC517B002DE77B191 Start: 3 Type: 1 Error Control: 1 Service (registry key): mnmdd Start: 1 Type: 1 Error Control: 0 Service (registry key): mnmsrvc Display name: NetMeeting Remote Desktop Sharing Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\mnmsrvc.exe Image size: 32768 Image MD5: F6415361201915B9FE3896B0E4E724FF Start: 3 Type: 272 Error Control: 1 Service (registry key): Modem Start: 3 Type: 1 Error Control: 0 Service (registry key): MODEMCSA Display name: Unimodem Streaming Filter Device Image path: system32\drivers\MODEMCSA.sys Image size: 16128 Image MD5: 1992E0D143B09653AB0F9C5E04B0FD65 Start: 3 Type: 1 Error Control: 1 Service (registry key): Mouclass Display name: Mouse Class Driver Image path: System32\DRIVERS\mouclass.sys Image size: 23040 Image MD5: 34E1F0031153E491910E12551400192C Start: 1 Type: 1 Error Control: 1 Service (registry key): MountMgr Display name: Mount Point Manager Start: 0 Type: 1 Error Control: 1 Service (registry key): mraid35x Start: 4 Type: 1 Error Control: 1 Service (registry key): MRxDAV Display name: WebDav Client Redirector Description: WebDav Client Redirector Image path: System32\DRIVERS\mrxdav.sys Image size: 181248 Image MD5: 46EDCC8F2DB2F322C24F48785CB46366 Start: 3 Type: 2 Error Control: 1 Service (registry key): MRxSmb Display name: MRXSMB Description: MRXSMB Image path: System32\DRIVERS\mrxsmb.sys Image size: 453120 Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E Start: 1 Type: 2 Error Control: 1 Service (registry key): MSDTC Display name: Distributed Transaction Coordinator Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\NetworkService Image path: C:\WINDOWS\System32\msdtc.exe Image size: 6144 Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1 Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS,SamSS Service (registry key): Msfs Start: 1 Type: 2 Error Control: 1 Service (registry key): MSIServer Display name: Windows Installer Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\system32\msiexec.exe /V Image size: 78848 Image MD5: F5F0146580E7023ADB963879840777F8 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): MSKSSRV Display name: Microsoft Streaming Service Proxy Image path: system32\drivers\MSKSSRV.sys Image size: 7552 Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0 Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPCLOCK Display name: Microsoft Streaming Clock Proxy Image path: system32\drivers\MSPCLOCK.sys Image size: 5376 Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448 Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPQM Display name: Microsoft Streaming Quality Manager Proxy Image path: system32\drivers\MSPQM.sys Image size: 4992 Image MD5: 1988A33FF19242576C3D0EF9CE785DA7 Start: 3 Type: 1 Error Control: 1 Service (registry key): mssmbios Display name: Microsoft System Management BIOS Driver Image path: System32\DRIVERS\mssmbios.sys Image size: 15488 Image MD5: 469541F8BFD2B32659D5D463A6714BCE Start: 3 Type: 1 Error Control: 1 Service (registry key): Mup Display name: Mup Start: 0 Type: 2 Error Control: 1 Service (registry key): MxlW2k Display name: MxlW2k Start: 3 Type: 1 Error Control: 1 Service (registry key): navapsvc Display name: Norton AntiVirus Auto-Protect Service Description: Handles Norton AntiVirus Auto-Protect events. Object name: LocalSystem Image path: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" Image size: 139936 Image MD5: 0B9744394FA53C720BCE0D0DE96070E7 Start: 2 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): NAVENG Display name: NAVENG Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061103.019\NAVENG.Sys Image size: 79240 Image MD5: EF04748A7A7266EDBDBE02B161A0685D Start: 3 Type: 1 Error Control: 1 Service (registry key): NAVEX15 Display name: NAVEX15 Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061103.019\NavEx15.Sys Image size: 831880 Image MD5: 09F3BFDC47718459B42D696CB671F65F Start: 3 Type: 1 Error Control: 1 Service (registry key): NDIS Display name: NDIS System Driver Start: 0 Type: 1 Error Control: 1 Service (registry key): NdisTapi Display name: Remote Access NDIS TAPI Driver Description: Remote Access NDIS TAPI Driver Image path: System32\DRIVERS\ndistapi.sys Image size: 9600 Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C Start: 3 Type: 1 Error Control: 1 Service (registry key): Ndisuio Display name: NDIS Usermode I/O Protocol Description: NDIS Usermode I/O Protocol Image path: System32\DRIVERS\ndisuio.sys Image size: 12928 Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF Start: 3 Type: 1 Error Control: 1 Service (registry key): NdisWan Display name: Remote Access NDIS WAN Driver Description: Remote Access NDIS WAN Driver Image path: System32\DRIVERS\ndiswan.sys Image size: 91776 Image MD5: 0B90E255A9490166AB368CD55A529893 Start: 3 Type: 1 Error Control: 1 Service (registry key): NDProxy Start: 3 Type: 1 Error Control: 1 Service (registry key): NetBIOS Display name: NetBIOS Interface Description: NetBIOS Interface Image path: System32\DRIVERS\netbios.sys Image size: 34560 Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4 Start: 1 Type: 2 Error Control: 1 Service (registry key): NetBT Display name: NetBios over Tcpip Description: NetBios over Tcpip Image path: System32\DRIVERS\netbt.sys Image size: 162816 Image MD5: 0C80E410CD2F47134407EE7DD19CC86B Start: 1 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): NetDDE Display name: Network DDE Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 111104 Image MD5: 05AFB5AD06462257BEA7495283C86D50 Start: 4 Type: 32 Error Control: 1 Depends On services: NetDDEDSDM Service (registry key): NetDDEdsdm Display name: Network DDE DSDM Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 111104 Image MD5: 05AFB5AD06462257BEA7495283C86D50 Start: 4 Type: 32 Error Control: 1 Service (registry key): Netlogon Display name: Net Logon Description: Supports pass-through authentication of account logon events for computers in a domain. Object name: LocalSystem Image path: %SystemRoot%\System32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F4D55C6146EBF6065D75D2 Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): Netman Display name: Network Connections Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): NIC1394 Display name: 1394 Net Driver Image path: System32\DRIVERS\nic1394.sys Image size: 61824 Image MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC Start: 3 Type: 1 Error Control: 1 Service (registry key): Nla Display name: Network Location Awareness (NLA) Description: Collects and stores network configuration and location information, and notifies applications when this information changes. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd Service (registry key): Norton Ghost Display name: Norton Ghost Description: Administrative service for scheduling and disk imaging. Object name: LocalSystem Image path: C:\Program Files\Norton Ghost\Agent\VProSvc.exe Image size: 2066024 Image MD5: 89573B6F88A851EBA44BABE98543C007 Start: 2 Type: 16 Error Control: 1 Depends On services: RPCSS,EventLog,PlugPlay Service (registry key): Npfs Start: 1 Type: 2 Error Control: 1 Service (registry key): NSCService Display name: Norton Protection Center Service Description: Norton Console Service Object name: LocalSystem Image path: "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" Image size: 750768 Image MD5: 24A7C31963943E9CF453C043648E6E4D Start: 3 Type: 16 Error Control: 0 Service (registry key): Ntfs Start: 4 Type: 2 Error Control: 1 Service (registry key): NtLmSsp Display name: NT LM Security Support Provider Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Object name: LocalSystem Image path: %SystemRoot%\System32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F4D55C6146EBF6065D75D2 Start: 3 Type: 32 Error Control: 1 Service (registry key): NtmsSvc Display name: Removable Storage Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Null Start: 1 Type: 1 Error Control: 1 Service (registry key): NwlnkFlt Display name: IPX Traffic Filter Driver Description: IPX Traffic Filter Driver Image path: System32\DRIVERS\nwlnkflt.sys Image size: 12416 Image MD5: B305F3FAD35083837EF46A0BBCE2FC57 Start: 3 Type: 1 Error Control: 1 Depends On services: NwlnkFwd Service (registry key): NwlnkFwd Display name: IPX Traffic Forwarder Driver Description: IPX Traffic Forwarder Driver Image path: System32\DRIVERS\nwlnkfwd.sys Image size: 32512 Image MD5: C99B3415198D1AAB7227F2C88FD664B9 Start: 3 Type: 1 Error Control: 1 Service (registry key): ohci1394 Display name: VIA OHCI Compliant IEEE 1394 Host Controller Image path: System32\DRIVERS\ohci1394.sys Image size: 61056 Image MD5: 0951DB8E5823EA366B0E408D71E1BA2A Start: 0 Type: 1 Error Control: 1 Service (registry key): Parport Display name: Parallel port driver Image path: System32\DRIVERS\parport.sys Image size: 80128 Image MD5: 29744EB4CE659DFE3B4122DEB45BC478 Start: 3 Type: 1 Error Control: 1 Service (registry key): PartMgr Display name: Partition Manager Start: 0 Type: 1 Error Control: 1 Service (registry key): ParVdm Start: 2 Type: 1 Error Control: 0 Depends On services: Parport Depends On group: "Parallel arbitrator" Service (registry key): PCI Display name: PCI Bus Driver Image path: System32\DRIVERS\pci.sys Image size: 68224 Image MD5: 8086D9979234B603AD5BC2F5D890B234 Start: 0 Type: 1 Error Control: 3 Service (registry key): PCIDump Start: 1 Type: 1 Error Control: 0 Service (registry key): PCIIde Start: 4 Type: 1 Error Control: 1 Service (registry key): Pcmcia Start: 4 Type: 1 Error Control: 1 Service (registry key): PDCOMP Start: 3 Type: 1 Error Control: 0 Service (registry key): PDFRAME Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRELI Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRFRAME Start: 3 Type: 1 Error Control: 0 Service (registry key): perc2 Start: 4 Type: 1 Error Control: 1 Service (registry key): perc2hib Start: 4 Type: 1 Error Control: 1 Service (registry key): PerfDisk Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfNet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfOS Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfProc Start: 0 Type: 0 Error Control: 0 Service (registry key): PlugPlay Display name: Plug and Play Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108032 Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4 Start: 2 Type: 32 Error Control: 1 Service (registry key): PolicyAgent Display name: IPSEC Services Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Object name: LocalSystem Image path: %SystemRoot%\System32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F4D55C6146EBF6065D75D2 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS,Tcpip,IPSec Service (registry key): PptpMiniport Display name: WAN Miniport (PPTP) Description: WAN Miniport (PPTP) Image path: System32\DRIVERS\raspptp.sys Image size: 48384 Image MD5: 1C5CC65AAC0783C344F16353E60B72AC Start: 3 Type: 1 Error Control: 1 Service (registry key): Processor Display name: Processor Driver Image path: System32\DRIVERS\processr.sys Image size: 35328 Image MD5: 0D97D88720A4087EC93AF7DBB303B30A Start: 1 Type: 1 Error Control: 1 Service (registry key): ProtectedStorage Display name: Protected Storage Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 84885F9B82F |
|
|
|
|
Nov 3 2006, 04:55 PM
Post
#9
|
|
|
malware expert Group: HJT Team Posts: 14,957 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
I am not seeing anything in the Spybot log.
 Update and run Spybot 1.4 again and see if you get the same DeskMate.tahni error message. If you get the DeskMate.tahni error, copy the exact location down and post it. This post has been edited by SifuMike: Nov 3 2006, 04:57 PM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Nov 3 2006, 05:24 PM
Post
#10
|
|
|
Member Group: Members Posts: 29 Joined: 23-February 05 Member No.: 12,855 |
Still getting the Deskmate.Tahni error. Here are the results:
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2 DeskMate.Tahni: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-21-436374069-2147311999-839522115-1004\Software\VHLD --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-12-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2006-02-06 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2006-02-20 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2006-11-03 Includes\Cookies.sbi (*) 2006-10-13 Includes\Dialer.sbi (*) 2006-11-03 Includes\DialerC.sbi (*) 2006-11-03 Includes\Hijackers.sbi (*) 2006-11-03 Includes\HijackersC.sbi (*) 2006-10-27 Includes\Keyloggers.sbi (*) 2006-11-03 Includes\KeyloggersC.sbi (*) 2006-10-13 Includes\Malware.sbi (*) 2006-11-03 Includes\MalwareC.sbi (*) 2006-10-20 Includes\PUPS.sbi (*) 2006-11-03 Includes\PUPSC.sbi (*) 2006-11-03 Includes\Revision.sbi (*) 2006-10-13 Includes\Security.sbi (*) 2006-11-03 Includes\SecurityC.sbi (*) 2006-10-13 Includes\Spybots.sbi (*) 2006-11-03 Includes\SpybotsC.sbi (*) 2005-02-17 Includes\Tracks.uti 2006-11-03 Includes\Trojans.sbi (*) 2006-11-03 Includes\TrojansC.sbi (*) |
|
|
|
|
Nov 3 2006, 06:19 PM
Post
#11
|
|
|
malware expert Group: HJT Team Posts: 14,957 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi neophyte,
Download SUPERantispyware
-------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Nov 4 2006, 07:24 AM
Post
#12
|
|
|
Member Group: Members Posts: 29 Joined: 23-February 05 Member No.: 12,855 |
Thanks for your help SifuMike.
Here are the results of the SuperSpyware scan. They don't look too bad to my admittedly untrained eye... SUPERAntiSpyware Scan Log Generated 11/04/2006 at 12:14 PM Application Version : 3.3.1020 Core Rules Database Version : 3120 Trace Rules Database Version: 1142 Scan type : Complete Scan Total Scan Time : 00:19:58 Memory items scanned : 508 Memory threats detected : 0 Registry items scanned : 4901 Registry threats detected : 0 File items scanned : 25364 File threats detected : 3 Adware.Tracking Cookie C:\Documents and Settings\Jonathan\Cookies\jonathan@new-pcp[1].txt C:\Documents and Settings\Jonathan\Cookies\jonathan@en[1].txt C:\Documents and Settings\Jonathan\Cookies\jonathan@www.pacificpoker[2].txt |
|
|
|
|
Nov 4 2006, 11:07 AM
Post
#13
|
|
|
malware expert Group: HJT Team Posts: 14,957 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi neophyte
QUOTE Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2 Read this: http://forums.spybot.info/showthread.php?t=75 QUOTE Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information. Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans. In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those. The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves. The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective. Were both of these in one folder in the Spybot listing (the +)? If so, I would say it is a false positive. QUOTE Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2 DeskMate.Tahni: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-21-436374069-2147311999-839522115-1004\Software\VHLD This post has been edited by SifuMike: Nov 4 2006, 01:31 PM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Nov 4 2006, 03:12 PM
Post
#14
|
|
|
Member Group: Members Posts: 29 Joined: 23-February 05 Member No.: 12,855 |
Thanks.
I have been ignoring the "Windows Security Center" notification for a while now on the basis that I assumed it was just my Norton firewall disabling Windows' own firewall. QUOTE Were both of these in one folder in the Spybot listing (the +)? If so, I would say it is a false positive. QUOTE Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2 DeskMate.Tahni: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-21-436374069-2147311999-839522115-1004\Software\VHLD The two registry keys you mention came under separate folders in Spybot. The first "+" was called Microsoft.WindowsSecurityCenter_disabled and when I clicked on the "+" it showed me HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2. The second "+" was called "Deskmate.Tahni" and showed me HKEY_USERS\S-1-5-21-436374069-2147311999-839522115-1004\Software\VHLD |
|
|
|
|
Nov 4 2006, 04:16 PM
Post
#15
|
|
|
malware expert Group: HJT Team Posts: 14,957 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi neophyte,
QUOTE The first "+" was called Microsoft.WindowsSecurityCenter_disabled and when I clicked on the "+" it showed me HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2. The first one is not a problem, but an information message. QUOTE The second "+" was called "Deskmate.Tahni" and showed me HKEY_USERS\S-1-5-21-436374069-2147311999-839522115-1004\Software\VHLD The second looks like a false positive from Spybot. Best to let Spybot know of this key, as it could be effecting many other Spybot users. I suggest you post a thread a the Spybot forum and they should be able to help you. The fastest way to get an answer from Spybot is to use their email contact to report "Detections". If you go http://www.spybot.info/en/contact/index.html Ways to contact Team Spybot > select "Dectections". Let me know what the techies at Spybot tell you.
This post has been edited by SifuMike: Nov 4 2006, 04:19 PM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 04:32 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.