Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit? Cf Card Infection To Osx To Xp - C:=unknown File Type


  • Please log in to reply
8 replies to this topic

#1 andwhy

andwhy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 24 October 2007 - 09:11 AM

Hi,

I have a problem. Thanks for helping if you can.

I have a laptop running OSX and a desktop running Japanese XP SP2. I only have acess to the web on XP systems at work or at random wifi spots near my house using my mac. I have no internet connection for my home PC. The original point of infection was a CF card in my digital camera, from being plugged into a comprimized PC in a hostel in Taipei. This CF card showed a file called Flashy.exe and the directory names (DCIM and MISC) were masked by files of the same name. A Norton scan on my Mac found these files carried "the macro or PC virus W32.Glupzy.A" and sucessfully quarantined and deleted them... however, after transerring the pics on my CF card to my PC using a portable drive it turns out that I needed to manually update my virus defs, which I did, and then 4 files called ntdelect.com were detected, quarantined and deleted for carrying "the macro or PC virus W32.Gammima.AG". I also updated and re-scanned my PC in safe-mode, finding Gammima and hacktool.roootkit. I turned off system restore, and ran a program called rootkit revealer. Unfortunately the C: D: and G: drives still come up with a dialog box as if they are an unknown file type, and if I browse and select "explorer.exe" to open them it only works once.

I have re-updated and rescanned my PC and my Mac. Unfortunately, neither system can find any issue with an autorun.inf file that I have tried to delete with no sucess. I still CANNOT delete it using OSX, and if I delete it with XP it just comes back the next time the drive is mounted. The Autorun.inf file contains these instructions:

[AutoRun]

open=ntdelect.com

;shell\open=Open(&O)

shell\open\Command=ntdelect.com

shell\open\Default=1

;shell\explore=Manager(&X)

shell\explore\Command=ntdelect.com

Though I cannot see a ntdelect.com file on my portable drive in OSX or in XP I do not know what keeps the mac OS from altering, quarantining, or deleting autorun.inf and any copy of autorun.inf that exists on my portable drive, nor do I understand why XP seems to delete it without any problem, but it reappears when the drive is viewed in OSX.

More confusing, a "System Volume Information" folder appears on the portable drive now (only when viewed in OSX, where it comes back on re-mount if deleted), it holds a folder named "_restore{87D6F8BF-9D79-4695-97F6-AA1F5A3B5545}" even though I turned off system restore in XP after updating my Symantec defs and doing a full scan in safe mode. It holds a folder called "RP623", which holds 8 files:

A0053383.INF

[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com


A0053384.INF

[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com


change.log.1
մ\Device\HarddiskVolume4\System Volume Information\_restore{87D6F8BF-9D79-4695-97F6-AA1F5A3B5545}\RP623\change.log∏մ@ˇˇˇˇΩ*&\._AUTORUN.INF,\Recycled\Df1.INF"	_AUTOR~1.INF∏pմ!*,\AUTORUN copy.INFpմ@ˇˇˇˇ*,\AUTORUN copy.INF,\Recycled\Df2.INF"	AUTORU~1.INFtմ!*0\AUTORUN copy 1.INFtմ@ˇˇˇˇ*0\AUTORUN copy 1.INF,\Recycled\Df3.INF"	AUTORU~3.INF∫մ*4\Recycled\desktop.ini"A0053381.ini	 DESKTOP.INI∫մ *,\Recycled\Df1.INF"A0053382.INF	DF1.INFpմ! *,\Recycled\Df2.INFpմ *,\Recycled\Df2.INF"A0053383.INF	DF2.INFpմ!*,\Recycled\Df3.INFpմ *,\Recycled\Df3.INF"A0053384.INF	DF3.INFxմ ˇˇˇˇ*4\Recycled\desktop.inix`մ*\Recycled`xմˇˇˇˇ*4\Recycled\desktop.inixxմ ˇˇˇˇ*4\Recycled\desktop.inix|մ ˇˇˇˇ*8\avg75free_488a1157.exe|xմˇˇˇˇ*4\Recycled\desktop.inixxմ ˇˇˇˇı*4\Recycled\desktop.inix

A0053381.INI

[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}


A0053411.INI

[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}


CHANGE.LOG


մ\Device\HarddiskVolume4\System Volume Information\_restore{87D6F8BF-9D79-4695-97F6-AA1F5A3B5545}\RP623\change.log^մˇˇˇˇw+\∞eW0D00000^մˇˇˇˇx+\∞eW0D00000*\New Virus Stuff ∞eW0D0~1˛մ@ˇˇˇˇy+<\spybotsd_newest-defs.exe\\New Virus Stuff\spybotsd_newest-defs.exe" SPYBOT~3.EXE˛մ@ˇˇˇˇz+(\spybotsd15.exeH\New Virus Stuff\spybotsd15.exe" SPYBOT~1.EXERմ@ˇˇˇˇ{+f\Windows-KB890830-V1.34-malicious-soft-rem.exe\New Virus Stuff\Windows-KB890830-V1.34-malicious-soft-rem.exe" WINDOW~1.EXERմ@ˇˇˇˇ|+8\avg75free_488a1157.exeX\New Virus Stuff\avg75free_488a1157.exe" AVG75F~1.EXE


change.log.2

մ\Device\HarddiskVolume3\System Volume Information\_restore{87D6F8BF-9D79-4695-97F6-AA1F5A3B5545}\RP623\change.loglմ ˇˇˇˇ_+(\spybotsd15.exelմ ˇˇˇˇ`+f\Windows-KB890830-V1.34-malicious-soft-rem.exezմ ˇˇˇˇc+6\spybotsd_includes.exezմ@ˇˇˇˇd+6\spybotsd_includes.exe<\spybotsd_newest-defs.exe"	SPYBOT~2.EXE∫մo+4\Recycled\desktop.ini"A0053411.ini	 DESKTOP.INI∫xմ ˇˇˇˇp+4\Recycled\desktop.inix`մq+\Recycled`


A0053382.INF

	2 R

Additionally there is a "Recycled" folder on the root of my portable drive (when viewed in OSX) that includes two items each time following an instance of use in XP, reguardless of whether I delete any items while using XP. "desktop.ini" and "INFO2" are there. "DESKTOP.INI" read in TextEdit shows:
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}

however, the INFO2 file cannot be read in TextEdit, though it says it is only 64k on disk (1,358 bytes)...

OK! On to the logs! Here is my hijackthis (renamed jiznackdat):

Quick note: some directory names or file names from the hijackthis.log are displayed incorrectly because they were written in Japanese characters. Gomenasai.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:02 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe
C:\Program Files\Fujitsu\R}l[W[\IRRCManager.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\fjuty\wallbtn\FMVLauncher.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Documents and Settings\Owner\fXNgbv\More Virus Stuff\jiznakdat.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [INETCONDSP] "C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\?????R?g?}?l?[?W???[\IRRCManager.exe
O4 - HKLM\..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
O4 - HKLM\..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
O4 - HKLM\..\Run: [FMV`[] C:\fjuty\wallbtn\FMVLauncher.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [MyMedia Server Helper] "C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Microsoft Excel DžGNX|[g(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?g?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: ???T?[?` - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PUSCSRVC - C:\WINDOWS\SYSTEM32\PUSCSRVC.dll
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - [ - C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsubleepa Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VRService - Matsubleepa Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe

--
End of file - 10490 bytes

I got spybot S&D, unhackme, and rootkit revealer and ran them on my PC (see included screenshot). I also got a piece of software called OS-X-Rootkit-Hunter-0.1.dmg but it didn't seem to do anything except open the terminal and wait idly. Additional information about securing my mac would realieve my nerves quite a bit. :thumbsup:

That's all I've got 'til I get a reply. Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 26 October 2007 - 03:15 AM

Hi andwhy and Welcome to the Bleeping Computer!

Additional information about securing my mac would realieve my nerves quite a bit.



I dont know MACs at all but I do know PCs and I can tell you this,the lesson you learned here,will last a lifetime.

MAC or any other OS out there has a direct set of Vulnerabilities.

In todays world,even the best of the Internet Security Suites will fall short in some areas.

Take this into consideration,if the PC is a lifeline then do your best to secure it with a few extra dollars.

This is strictly my opinion but Kaspersky Internet Security 7.0 is about as good as it gets and Symantec is just falling short in this area,this comes from a bog Symantec fan for years.
http://www.kaspersky.com/

Now,plug in all the little drives you think need a scan and then follow the steps below and post the resulting log and lets see if we can rip this bugger outa there.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 andwhy

andwhy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 28 October 2007 - 10:39 PM

Thanks very much for the help :thumbsup: . So far I have taken all the steps all my antivirus software has reccommended to delete these viruses. I hope they are gone, but I definitely need help with the clean-up. 3 logs to post, and one extra bit of information. I plugged my camera into my PC (for the first time since suspected infection) in order to run the program you suggested as asked. The Flashy.exe and ntdelect.com files all appeared in the explorer window briefly - then dissappeared. I don't know if this is due to malicious software or something I recently installed to protect the PC against such software because no dialog messages or other warnings popped up afterwards. Also, the DCIM and MISC folders that are always on my camera's CF card did not show up AT ALL in windows explorer... Luckily when I unplug the USB cable to the camera all the pictures are still browsable naitivly on the device itself (and I assume can still be copied to my mac). End of storytime. Logfiletime!


ComboFix 07-10-23.2 - Owner 2007-10-29 2:31:44.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.239 [GMT 9:00]

Running from: G:\ComboFix.exe

* Created a new restore point

.



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\Autorun.inf

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\EEUNAG4M\www.broadcaster.com

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\EEUNAG4M\www.broadcaster.com\played_list.sol

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\EEUNAG4M\www.broadcaster.com\video_queue.sol

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\WINDOWS\system32\PUSCSRVC.dll

D:\Autorun.inf

G:\autorun.inf

H:\autorun.inf



.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))

.



2007-10-22 19:39 <DIR> d-------- C:\RootkitNO

2007-10-22 19:08 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys

2007-10-22 19:08 22,528 --a------ C:\WINDOWS\system32\Partizan.exe

2007-10-22 19:08 C:\WINDOWS\(2) C:\ComboFix\winstart.bat

2007-10-22 19:07 8,944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys

2007-10-19 12:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-28 06:19 --------- d-----w C:\Program Files\Norton Security Scan

2007-10-22 10:01 --------- d-----w C:\Program Files\Symantec AntiVirus

2007-10-22 09:50 --------- d-----w C:\Program Files\Screenshot Pilot

2007-09-30 06:30 --------- d--h--w C:\Documents and Settings\Owner\Application Data\CNSViewer

2006-03-20 06:37 5,689,344 ----a-w C:\Program Files\mplayerc.exe

.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"@"="" []

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 21:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 21:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 21:00]

"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 15:10 C:\WINDOWS\AGRSMMSG.exe]

"KPDrv4Xp"="C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE" [2005-02-21 19:15]

"IndicatorUtility"="C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe" [2005-06-08 09:11]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]

"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe" [2005-06-13 11:14]

"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-06-13 11:39]

"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 09:20]

"INETCONDSP"="C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe" [2005-01-14 20:48]

"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2004-02-18 07:53]

"IRRCManager"="C:\Program Files\Fujitsu\?????R?g?}?l?[?W???[\IRRCManager.exe" []

"PUSCKAPLEXE"="C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe" [2005-06-27 16:30]

"LoadPUSCDaemon"="C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe" [2005-06-27 14:43]

"FMV`["="C:\fjuty\wallbtn\FMVLauncher.exe" [2005-02-17 13:22]

"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\chitose\updatenv.exe" [2006-03-30 14:55]

"MyMedia Server Helper"="C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe" [2005-06-17 15:33]

"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 C:\WINDOWS\SOUNDMAN.EXE]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-01-01 02:39]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 06:22]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 08:15]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 21:23]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-29 04:21]

"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-05 21:00]

"FMV??g?`???["="C:\fjuty\wallbtn\FMVLauncher.exe" [2005-02-17 13:22]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"@"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 06:35]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon.exe" [2007-09-17 16:37]



[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"ctfmon.exe"=ctfmon.exe

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t



R0 FJGPNV;FJGPNV;C:\WINDOWS\system32\drivers\FJGPNV.SYS

R2 bgsvclib;B's Recorder GOLD Library Service;C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe

R2 FlashDrv;FlashDrv;\??\C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys

R2 LampDrv;LampDrv;\??\C:\Program Files\Fujitsu\iNetConDsp\LampDrv.sys

R2 MMKBD;Fujitsu USB HID Device Filter Driver;C:\WINDOWS\system32\DRIVERS\mmkbd.sys

R2 MrnTS_Sync5;Morrin Thumbnail Synchronized Service 5;"C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe"

R2 PSS Core;PSS Core;C:\Program Files\Common Files\Panasonic\PSSCore.exe

R2 PUSCSYS;PUSCSYS;\??\C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSYS.sys

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys

R3 mb86395PCI;mb86395PCI;C:\WINDOWS\system32\DRIVERS\pxmb395pci.sys

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys

S3 ADVNTDRV;ADVNTDRV;C:\WINDOWS\system32\drivers\ADVNTDRV.SYS

S3 KS396U;Fujitsu Built-In TV WDM Video Capture;C:\WINDOWS\system32\DRIVERS\KS396U.sys

S3 OS;OS;C:\DOCUME~1\Owner\LOCALS~1\Temp\OS.exe

S3 putlrsrv;PowerUtility Remote Power Management Service;C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe

S3 PxDtvPci;PIX-DTTV/P1W;C:\WINDOWS\system32\DRIVERS\pxdtvpci.sys

S3 sh2bus;SHARP 902SH_802SH USB Control driver (WDM);C:\WINDOWS\system32\DRIVERS\sh2bus.sys

S3 sh2mdfl;SHARP 902SH_802SH Modem Filter;C:\WINDOWS\system32\DRIVERS\sh2mdfl.sys

S3 sh2mdm;SHARP 902SH_802SH Modem Driver;C:\WINDOWS\system32\DRIVERS\sh2mdm.sys

S3 sh2mgmt;SHARP 902SH_802SH AT Command Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sh2mgmt.sys

S3 sh2obex;SHARP 902SH_802SH OBEX Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sh2obex.sys



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

AutoRun\command - ntdelect.com

explore\Command - ntdelect.com

open\Command - ntdelect.com



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command - ntdelect.com

explore\Command - ntdelect.com

open\Command - ntdelect.com



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command - ntdelect.com

explore\Command - ntdelect.com

open\Command - ntdelect.com



.

Contents of the 'Scheduled Tasks' folder

"2007-10-26 08:09:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

"2007-10-28 17:39:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2007-10-26 06:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************



catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-29 08:36:24

Windows 5.1.2600 Service Pack 2 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



scanning hidden files ...



scan completed successfully

hidden files: 0



**************************************************************************



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FMV`["="C:\\fjuty\\wallbtn\\FMVLauncher.exe"

.

Completion time: 2007-10-29 8:37:52 - machine was rebooted

.

--- E O F ---




:blink:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:15 AM, on 10/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\fjuty\wallbtn\FMVLauncher.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Documents and Settings\Owner\fXNgbv\More Virus Stuff\jiznakdat.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [INETCONDSP] "C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\?????R??g?}?l?[?W???[\IRRCManager.exe
O4 - HKLM\..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
O4 - HKLM\..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
O4 - HKLM\..\Run: [FMV`[] C:\fjuty\wallbtn\FMVLauncher.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [MyMedia Server Helper] "C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [FMV??g?`???[] C:\fjuty\wallbtn\FMVLauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Microsoft Excel DžGNX|[g(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?g?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: ???T?[?` - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - [ - C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: OS - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\OS.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsubleepa Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VRService - Matsubleepa Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe

--
End of file - 10387 bytes

THANKS Cretemonster!

-A

#4 andwhy

andwhy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 28 October 2007 - 10:45 PM

This info was too much for the site to handle in the last post so it is included here... just another log:

:thumbsup:

SpyHolesList Version:2.1

10/29/2007 8:50:40 AM

WinDir=C:\WINDOWS

Startup=C:\Documents and Settings\Owner\X^[g j[\vO\X^[gAbv\

Common Startup=C:\Documents and Settings\All Users\X^[g j[\vO\X^[gAbv\

Microsoft Windows XP Service Pack 2 (5.1.2600)

Internet Explorer 6.0.2900.2180

[Internet Explorer]

[Default Home Page] :HKLM Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[Current Home Page] :HKCU Start Page=http://www.google.com/ig?hl=en

[Current Home Page] :HKCU HOMEOldSP=""

[Search URL Template] :HKLM 1=www.%s.co.jp

[Search URL Template] :HKLM 2=www.%s.org

[Search URL Template] :HKLM 3=www.%s.net

[Search URL Template] :HKLM 4=www.%s.edu

[All Users Search] :HKLM Default_Search_URL=http://www.google.com/ie

[All Users Search] :HKLM Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[Current Users Search] :HKCU Search Page=http://www.google.com

[Current Users Search] :HKCU Search Bar=http://www.google.com/ie

[IE Local Blank Page] :HKCU Local Page=C:\WINDOWS\system32\blank.htm

[IE Local Blank Page] :HKLM Local Page=%SystemRoot%\system32\blank.htm

[Browser Helper Objects] {7E853D72-626A-48EC-A868-BA8D5E23E045}

### File is deleted or hidden by rootkit or could not be located.

[Browser Helper Objects] {A57EE9D7-0534-496A-B2B0-E95866D0C1B0}

### File is deleted or hidden by rootkit or could not be located.

[Browser Helper Objects] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll

### Google IE Client Toolbar Google Inc. Google Toolbar for IE 4, 0, 1602, 1060

[Browser Helper Objects] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

### File is deleted or hidden by rootkit or could not be located.

[Auto Search URL] :HKCU provider=gogl

[Auto Search URL] :HKCU "Default Value"=http://www.google.com/search?q=%s

[Search Assistant] :HKCU SearchAssistant=http://www.google.com/ie

[Search Assistant] :HKLM SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[Search Assistant] :HKCU CustomizeSearch=""

[Search Assistant] :HKLM CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

[CustomizeSearch] :HKLM CustomizeSearch=""

[URLSearchHook] :HKCU {CFBFAE00-17A6-11D0-99CB-00C04FD64497}=%SystemRoot%\system32\shdocvw.dll

### Shell Doc Object and Control Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Default Prefix] :HKLM "Default Value"=http://

[URL Default Prefixes] :HKLM ftp=ftp://

[URL Default Prefixes] :HKLM gopher=gopher://

[URL Default Prefixes] :HKLM home=http://

[URL Default Prefixes] :HKLM mosaic=http://

[URL Default Prefixes] :HKLM www=http://

[Safe Sites] :HKLM ie.search.msn.com=http://ie.search.msn.com/*

[AboutURLs] :HKLM NavigationFailure=res://shdoclc.dll/navcancl.htm

[AboutURLs] :HKLM DesktopItemNavigationFailure=res://shdoclc.dll/navcancl.htm

[AboutURLs] :HKLM NavigationCanceled=res://shdoclc.dll/navcancl.htm

[AboutURLs] :HKLM OfflineInformation=res://shdoclc.dll/offcancl.htm

[AboutURLs] :HKLM Home=270

[AboutURLs] :HKLM blank=res://mshtml.dll/blank.htm

[AboutURLs] :HKLM PostNotCached=res://mshtml.dll/repost.htm

[User Style Sheet] :HKCU User Stylesheet=""

[User Style Sheet] :HKUS User Stylesheet=""

[User Style Sheet] :HKCU Use My Stylesheet=0

[User Style Sheet] :HKUS Use My Stylesheet=0

[Execute unsigned ActiveX in My Computer Zone] :HKCU 1201=1

[Execute unsigned ActiveX in My Computer Zone] :HKLM 1201=1

[Execute unsigned ActiveX in Local Intranet Zone] :HKCU 1201=3

[Execute unsigned ActiveX in Local Intranet Zone] :HKLM 1201=3

[Execute unsigned ActiveX in Internet Zone] :HKCU 1201=3

[Execute unsigned ActiveX in Internet Zone] :HKLM 1201=3

[Links Toolbar] :HKCU LinksFolderName=N

[Toolbars] :HKLM {2318C2B1-4965-11d4-9B18-009027A5CD4F}=c:\program files\google\googletoolbar1.dll

### Google IE Client Toolbar Google Inc. Google Toolbar for IE 4, 0, 1602, 1060

[Explorer Bars] :HKLM {4D5C8C25-D075-11d0-B416-00C04FB90376}=%SystemRoot%\system32\shdocvw.dll

### Shell Doc Object and Control Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[IE Extensions - All Users] :HKLM {08B0E5C0-4FCB-11CF-AAA5-00401C608501}=%SystemRoot%\system32\shdocvw.dll

### Shell Doc Object and Control Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[IE Extensions - All Users] :HKLM {92780B25-18CC-41C8-B9BE-3C9C571A8263}=C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

### Allows you to use the Research Library and its collection of information services from Microsoft Internet Explorer Microsoft Corporation Research Library Explorer Bar 11.0.5510

[IE Extensions - All Users] :HKLM {FB5F1910-F110-11d2-BB9E-00C04F795683}=C:\Program Files\Messenger\msmsgs.exe

### Windows Messenger Microsoft Corporation Messenger Version 4.7.3001

[Context menu items] :HKCU Add to Google Photos Screensa&ver=res://C:\WINDOWS\system32\GPhotos.scr/200

### File is deleted or hidden by rootkit or could not be located.

[Context menu items] :HKCU Microsoft Excel DžGNX|[g(&X)=res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

### File is deleted or hidden by rootkit or could not be located.

[Proxy] :HKCU ProxyServer=""

[Proxy] :HKCU ProxyEnable=0

[Network Settings]

[Hosts File Path] :HKLM DataBasePath=%SystemRoot%\System32\drivers\etc

[Hosts File Contents] :HKLM 127.0.0.1 localhost

[Domain Name] :HKLM Domain=""

[WinSock2 Components] :HKLM mswsock.dll=%SystemRoot%\System32\mswsock.dll

### Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[WinSock2 Components] :HKLM winrnr.dll=%SystemRoot%\System32\winrnr.dll

### LDAP RnR Provider DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[WinSock2 Components] :HKLM rsvpsp.dll=%SystemRoot%\system32\rsvpsp.dll

### Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Windows Shell]

[Display Scrap's Extensions] :HKLM NeverShowExt=""

[ScreenSaver] :HKCU SCRNSAVE.EXE=""

### File is deleted or hidden by rootkit or could not be located.

[System.ini] shell=Explorer.exe

[Main File Extensions] :HKLM .exe="%1" %*

[Main File Extensions] :HKLM .com="%1" %*

[Main File Extensions] :HKLM .pif="%1" %*

[Main File Extensions] :HKLM .cmd="%1" %*

[Main File Extensions] :HKLM .scr="%1" /S

[Main File Extensions] :HKLM .jpg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1

[Main File Extensions] :HKLM .jpeg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1

[Shell Execute Hooks] :HKLM {AEB6717E-7E19-11d0-97EE-00C04FD91972}=shell32.dll

### Windows Shell Common Dll Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3051

[Shell Execute Hooks] :HKLM {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}=C:\PROGRA~1\WINDOW~4\MpShHook.dll

### Shell Execution Monitor Microsoft Corporation Windows Defender 1.1.1593.0

[UserInit Value] :HKLM UserInit=C:\WINDOWS\system32\userinit.exe,

[Winlogon Notification] :HKLM crypt32chain=crypt32.dll

### crypt32chain Crypto API32 Microsoft Corporation Microsoft® Windows® Operating System 5.131.2600.2180

[Winlogon Notification] :HKLM cryptnet=cryptnet.dll

### cryptnet Crypto Network Related API Microsoft Corporation MicrosoftR WindowsR Operating System 5.131.2600.2180

[Winlogon Notification] :HKLM cscdll=cscdll.dll

### cscdll Offline Network Agent Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Winlogon Notification] :HKLM igfxcui=igfxsrvc.dll

### igfxcui igfxsrvc Module Intel Corporation Intel® Common User Interface 7.0.0.4267

[Winlogon Notification] :HKLM NavLogon=C:\WINDOWS\system32\NavLogon.dll

### NavLogon Symantec AntiVirus Logon Notification Symantec Corporation Symantec AntiVirus 10.1.5.5000

[Winlogon Notification] :HKLM ScCertProp=wlnotify.dll

### ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Winlogon Notification] :HKLM Schedule=wlnotify.dll

### Schedule Common DLL to receive Winlogon notifications Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Winlogon Notification] :HKLM sclgntfy=sclgntfy.dll

### sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Winlogon Notification] :HKLM SensLogn=WlNotify.dll

### SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Winlogon Notification] :HKLM termsrv=wlnotify.dll

### termsrv Common DLL to receive Winlogon notifications Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Winlogon Notification] :HKLM WgaLogon=WgaLogon.dll

### WgaLogon Windows Genuine Advantage Notification Microsoft Corporation Windows Genuine Advantage 1.7.0018.5

[Winlogon Notification] :HKLM wlballoon=wlnotify.dll

### wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Shell Services DelayLoad] :HKLM PostBootReminder=%SystemRoot%\system32\SHELL32.dll

### Windows Shell Common Dll Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3051

[Shell Services DelayLoad] :HKLM CDBurn=%SystemRoot%\system32\SHELL32.dll

### Windows Shell Common Dll Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3051

[Shell Services DelayLoad] :HKLM WebCheck=%SystemRoot%\system32\webcheck.dll

### Web Site Monitor Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Shell Services DelayLoad] :HKLM SysTray=C:\WINDOWS\system32\stobject.dll

### Systray shell service object Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Prevents Display in Control Panel from running.] :HKCU NoDispCpl=0

[Disable Registry Tools ] :HKCU DisableRegistryTools =0

[SharedTaskScheduler] :HKLM {438755C2-A8BA-11D1-B96B-00A0C90312E1}=%SystemRoot%\system32\browseui.dll

### Shell Browser UI Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[SharedTaskScheduler] :HKLM {8C7461EF-2B13-11d2-BE35-3078302C2030}=%SystemRoot%\system32\browseui.dll

### Shell Browser UI Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Kernel Auto Boot]

[ActiveSetup] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}=C:\WINDOWS\inf\unregmp2.exe /ShowWMP

### Microsoft Windows Media Player ZbgAbv [eBeB Microsoft Corporation Microsoft® Windows Media Player 10.00.00.3650

[Bootexecute] :HKLM BootExecute=autocheck autochk *
Partizan

[KnownDLLs] :HKLM advapi32=advapi32.dll

[KnownDLLs] :HKLM comdlg32=comdlg32.dll

[KnownDLLs] :HKLM DllDirectory=%SystemRoot%\system32

[KnownDLLs] :HKLM gdi32=gdi32.dll

[KnownDLLs] :HKLM imagehlp=imagehlp.dll

[KnownDLLs] :HKLM kernel32=kernel32.dll

[KnownDLLs] :HKLM lz32=lz32.dll

[KnownDLLs] :HKLM ole32=ole32.dll

[KnownDLLs] :HKLM oleaut32=oleaut32.dll

[KnownDLLs] :HKLM olecli32=olecli32.dll

[KnownDLLs] :HKLM olecnv32=olecnv32.dll

[KnownDLLs] :HKLM olesvr32=olesvr32.dll

[KnownDLLs] :HKLM olethk32=olethk32.dll

[KnownDLLs] :HKLM rpcrt4=rpcrt4.dll

[KnownDLLs] :HKLM shell32=shell32.dll

[KnownDLLs] :HKLM url=url.dll

[KnownDLLs] :HKLM urlmon=urlmon.dll

[KnownDLLs] :HKLM user32=user32.dll

[KnownDLLs] :HKLM version=version.dll

[KnownDLLs] :HKLM wininet=wininet.dll

[KnownDLLs] :HKLM wldap32=wldap32.dll

[Environment - Path ] :HKLM Path=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\pcdNavi\bin;C:\Program Files\Justsystem\BeatJam Music Server\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Fujitsu\sadata\fsaax;C:\Program Files\QuickTime\QTSystem"

[List of Injected DLLs] :HKLM AppInit_DLLs=""

[Auto Services] AudioSrv

### Internal Name: AudioSrv. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * Windows x[X vOI[fBI foCXǵNj∑BDZT[rXǙ~≥ǃǢAI[fBI foCX∆I[fBI ≥ǵ≠@\ǵNjπBDZT[rXǙ≥ǻAIDžDZT[rXDž∂ǵǃǢ∑◊ǃT[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] bgsvclib

### Internal Name: bgsvclib. Status: service start pending. Actual File: C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe * B's Recorder GOLD Service Library B.H.A Corporation B's Recorder GOLD8 8, 0, 0, 0

[Auto Services] Browser

### Internal Name: Browser. Status: service stopped. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * lbg[NRs[^≈VǵAǪQ∆∆ǵǃw≥ΩRs[^DžǵNj∑BDZT[rXǙ~ǵǃǢAXVLJLJ≥NjπBDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] ccEvtMgr

### Internal Name: ccEvtMgr. Status: service running. Actual File: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" * Event propagation and logging service Symantec Event Manager Service Symantec Corporation Client and Host Security Platform 104.0.11.1

[Auto Services] ccSetMgr

### Internal Name: ccSetMgr. Status: service running. Actual File: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" * Settings storage and management service Symantec Settings Manager Service Symantec Corporation Client and Host Security Platform 104.0.11.1

[Auto Services] CryptSvc

### Internal Name: CryptSvc. Status: service start pending. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * ≥T[rXA 3 Ǭ≈∑BJ^O f[^x[X T[rX: Windows t@CmFǵNj∑B[g T[rX: M≥Ω[g@DZRs[^DžǮǗǵNj∑BL[ T[rX: pDZRs[^Džo^ǵNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] DcomLaunch

### Internal Name: DcomLaunch. Status: service running. Actual File: C:\WINDOWS\system32\svchost -k DcomLaunch * DCOM T[rXN∑@\ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] DefWatch

### Internal Name: DefWatch. Status: service start pending. Actual File: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" * Monitors and maintains virus definitions. Virus Definition Daemon Symantec Corporation Symantec AntiVirus 10.1.5.5000

[Auto Services] Dhcp

### Internal Name: Dhcp. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * IP AhX∆ DNS o^ǮǗXVǵǃlbg[N\ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] Dnscache

### Internal Name: Dnscache. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k NetworkService * DZRs[^hC l[ VXe (DNS) ǮǗLbVǵNj∑BDZT[rXǙ~ǵΩADZRs[^ DNS ≈Ǵ∏AActive Directory hC Rg[[ǬDZ∆Ǚ≈Ǵǻ≠ǻNj∑BDZT[rXǙgpsDž≥ΩADZT[rXDžIDž∂∑T[rX∑◊ǃN≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] ERSvc

### Internal Name: ERSvc. Status: service start pending. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * Allows error reporting for services and applictions running in non-standard environments. Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] Eventlog

### Internal Name: Eventlog. Status: service running. Actual File: C:\WINDOWS\system32\services.exe * Windows x[XvO∆ Windows R|[lgDžǡǃ≠s≥Cxg O bZ[WCxg r[A≈\ǵNj∑BDZT[rX~≈ǴNjπB Services and Controller app Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Auto Services] Fax

### Internal Name: Fax. Status: service stopped. Actual File: C:\WINDOWS\system32\fxssvc.exe * DZRs[^NjΩlbg[N FAX \[XgǡǃAFAX M\DžǵNj∑B FAX T[rX Microsoft Corporation Microsoft® Windows® Operating System 5.2.2600.2180

[Auto Services] gusvc

### Internal Name: gusvc. Status: service running. Actual File: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" * gusvc Google Google Updater 2.2.824.5515.beta

[Auto Services] helpsvc

### Internal Name: helpsvc. Status: service start pending. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * wv∆T|[g Z^[LDžǵADZRs[^≈s∑ǧDžǵNj∑BDZT[rX~∑∆Awv∆T|[g Z^[p∑DZ∆≈Ǵǻ≠ǻNj∑BDZT[rX≥Dž∑∆ADZT[rXDžIDž∂∑T[rXJnǵNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] HidServ

### Internal Name: HidServ. Status: service start pending. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * q[} C^[tFCX foCX (HID) LDžǵNj∑Bq[} C^[tFCX foCXAL[{[hA[gAǮǗ}` foCXDždžǩ∂fl`≥ǃǢzbg {^gpLDžǵǃAǵNj∑BDZT[rXǙ~≥ǃǢADZT[rXDžǡǃ≥ǃǢzbg {^@\ǵǻ≠ǻNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] lanmanserver

### Internal Name: lanmanserver. Status: service start pending. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * DZRs[^≈lbg[N∆Ǯǵǃt@CAAǮǗOtpCvLT|[gǵNj∑BDZT[rXǙ~ǵΩADZ@\p≈Ǵǻ≠ǻNj∑BDZT[rXǙgpsDž≥ΩADZT[rXDžIDž∂∑T[rX∑◊ǃN≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] lanmanworkstation

### Internal Name: lanmanworkstation. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * [g T[o[NCAg lbg[N⁄ǵAǵNj∑BDZT[rXǙ~ǵǃǢADZ⁄p≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] LmHosts

### Internal Name: LmHosts. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k LocalService * NetBIOS over TCP/IP (NetBT) T[rX∆ NetBIOS OΩflT|[gLDžǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] MDM

### Internal Name: MDM. Status: service start pending. Actual File: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" * Visual Studio ∆XNvg fobK[JǮǗ[g fobOT|[gǵNj∑BDZT[rX~∑∆AfobK≥Dž@\ǵNjπB Machine Debug Manager Microsoft Corporation MicrosoftR Visual Studio .NET 7.00.9466

[Auto Services] MrnTS_Sync5

### Internal Name: MrnTS_Sync5. Status: service stopped. Actual File: "C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe" * MNjflǻǫ≈p∑TlCA∑ΩflT[rX≈∑B Morrin Thumbnail Synchronized Service Module. [ Morrin Image-file Integrate Projects 5, 0, 0, 0

[Auto Services] MyMedia Server

### Internal Name: MyMedia Server. Status: service stopped. Actual File: C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe * MyMediaServer DigiOn MyMedia Server 2.31.2

[Auto Services] PlugPlay

### Internal Name: PlugPlay. Status: service running. Actual File: C:\WINDOWS\system32\services.exe * [U[ǩ≈ANjΩǻǵ≈ARs[^Ǚn[hEFAXFǵAǵNj∑B Services and Controller app Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Auto Services] PolicyAgent

### Internal Name: PolicyAgent. Status: service stopped. Actual File: C:\WINDOWS\system32\lsass.exe * IP ZLeB |V[ǵAISAKMP/Oakley (IKE) ∆ IP ZLeB hCoJnǵNj∑B LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] ProtectedStorage

### Internal Name: ProtectedStorage. Status: service stopped. Actual File: C:\WINDOWS\system32\lsass.exe * L[ǻǫdvǻf[^i[∑Ωfl≥ΩLǵAǻǢT[rXAǻǢvZXAǻǢ[U[DžANZXhǨNj∑B LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] PSS Core

### Internal Name: PSS Core. Status: service stopped. Actual File: C:\Program Files\Common Files\Panasonic\PSSCore.exe * Panasonic Application Shared Service Core PSSCore Module Matsubleepa Electric Industry Co., LTD. Panasonic Software Shared Server Core 1, 0, 50315, 1455

[Auto Services] RpcSs

### Internal Name: RpcSs. Status: service running. Actual File: C:\WINDOWS\system32\svchost -k rpcss * Gh |Cg }bp[ǂe RPC T[rXǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] SamSs

### Internal Name: SamSs. Status: service running. Actual File: C:\WINDOWS\system32\lsass.exe * [J [U[ AJEgZLeBi[ǵNj∑B LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] Schedule

### Internal Name: Schedule. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * [U[ARs[^^XN\ǮǗXPW[≈ǴNj∑BDZT[rXǙ~≥ǃǢAXPW[≥ΩDž^XNN≥NjπBDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] seclogon

### Internal Name: seclogon. Status: service stopped. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * i≈vZXJnǵNj∑BDZT[rXǙ~≥ΩADZOI ANZXp≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDžIDž∂ǵǃǢT[rX∑◊ǃJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] SENS

### Internal Name: SENS. Status: service stopped. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * Windows OIAlbg[NAdπCxgǻǫVXe CxgǵNj∑BCOM+ Cxg VXeDžADZCxg mǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] SharedAccess

### Internal Name: SharedAccess. Status: service stopped. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * z[ lbg[NNjΩKItBXlbg[NDžǵǃlbg[N AhX∑AAhXwAOAǮǗA^bNh~T[rXǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] ShellHWDetection

### Internal Name: ShellHWDetection. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * ∂n[hEFA Cxg mǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] SPBBCSvc

### Internal Name: SPBBCSvc. Status: service running. Actual File: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" * Symantec SPBBC SPBBC Service Symantec Corporation SPBBC 2.2.0.7

[Auto Services] Spooler

### Internal Name: Spooler. Status: service running. Actual File: C:\WINDOWS\system32\spoolsv.exe * x∑ΩflDžAt@CǛ≈Dži[ǵNj∑B Spooler SubSystem App Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2696

[Auto Services] srservice

### Internal Name: srservice. Status: service stopped. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * VXe≥@\sǵNj∑BT[rX~∑DžA}C Rs[^ [vpeB] [VXe≥] ^u≈AVXe≥≥Džǵǃ≠≥ǢB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] stisvc

### Internal Name: stisvc. Status: service stopped. Actual File: C:\WINDOWS\system32\svchost.exe -k imgsvc * XLi∆JΩflC[WT[rXǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] Themes

### Internal Name: Themes. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * e[}ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] TrkWks

### Internal Name: TrkWks. Status: service stopped. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * lbg[N hCNjΩRs[^ NTFS {[NǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] UMWdf

### Internal Name: UMWdf. Status: service stopped. Actual File: C:\WINDOWS\system32\wdfmgr.exe * Windows [U[ [h hCoLDžǵNj∑B Windows User Mode Driver Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.2.3790.1230

[Auto Services] VRService

### Internal Name: VRService. Status: service stopped. Actual File: C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe * DVD-VRfBXNL^∂sǢNj∑B VRService Module Matsubleepa Electric Industrial Co., Ltd. Panasonic DVDVR 2, 0, 1, 2

[Auto Services] W32Time

### Internal Name: W32Time. Status: service stopped. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * lbg[N∑◊ǃNCAg∆T[o[˙t∆˙ǵNj∑B

DZT[rXǙ~≥∆A˙t∆˙p≈Ǵǻ≠ǻNj∑BDZT[rX

≥Dž∑∆ADZT[rXDž∂ǵǃǢT[rX∑◊ǃJnDž∏sǵNj∑B

Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] WebClient

### Internal Name: WebClient. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k LocalService * Windows x[XvO≈C^[lbg x[Xt@CǮǗC≥ǵΩAC^[lbg x[Xt@CDžANZXǵΩ∑DZ∆Ǚ≈ǴNj∑BDZT[rXǙ~≥ΩADZ@\p≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDž∂∑T[rXJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] WinDefend

### Internal Name: WinDefend. Status: service running. Actual File: "C:\Program Files\Windows Defender\MsMpEng.exe" * Helps protect users from malicious software, spyware, and other potentially unwanted software Service Executable Microsoft Corporation Windows Defender 1.1.1593.0

[Auto Services] winmgmt

### Internal Name: winmgmt. Status: service stopped. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * Iy[eBO VXeAfoCXAAvP[VAT[rXǻǫDž∑DžANZX∑Ωfl C^[tFCX∆IuWFNg fǵNj∑BDZT[rXǙ~ǵǃǢ∆AWindows x[X\tgEFAǟ∆ǫǙ≥ǵ≠@\ǵNjπBDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] wscsvc

### Internal Name: wscsvc. Status: service stopped. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * VXe ZLeBǮǗ\ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] wuauserv

### Internal Name: wuauserv. Status: service stopped. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * Windows XV_E[h∆CXg[LDžǵNj∑BDZT[rX≥DžǵǃǢADZRs[^≈ XV@\∆ Windows Update Web TCggp≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Auto Services] WZCSVC

### Internal Name: WZCSVC. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * 802.11 A_v^\ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] ntkrnlpa.exe=C:\WINDOWS\SYSTEM32\NTKRNLPA.EXE

### NT Kernel & System Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.3093

[Drivers] hal.dll=C:\WINDOWS\SYSTEM32\HAL.DLL

### Hardware Abstraction Layer DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2562

[Drivers] KDCOM.DLL=C:\WINDOWS\SYSTEM32\KDCOM.DLL

### Kernel Debugger HW Extension DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] BOOTVID.dll=C:\WINDOWS\SYSTEM32\BOOTVID.DLL

### VGA Boot Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] ACPI.sys=C:\WINDOWS\system32\DRIVERS\ACPI.sys

### ACPI Driver for NT Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] WMILIB.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS

### WMILIB WMI support library Dll Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] pci.sys=C:\WINDOWS\system32\DRIVERS\pci.sys

### NT Plug and Play PCI Enumerator Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] isapnp.sys=C:\WINDOWS\system32\DRIVERS\isapnp.sys

### PNP ISA Bus Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Drivers] ohci1394.sys=C:\WINDOWS\system32\DRIVERS\ohci1394.sys

### 1394 OpenHCI Port Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] 1394BUS.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\1394BUS.SYS

### 1394 Bus Device Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] pciide.sys=C:\WINDOWS\system32\DRIVERS\pciide.sys

### Generic PCI IDE Bus Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Drivers] PCIIDEX.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDEX.SYS

### PCI IDE Bus Driver Extension Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] intelide.sys=C:\WINDOWS\system32\DRIVERS\intelide.sys

### Intel PCI IDE Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] pcmcia.sys=C:\WINDOWS\system32\DRIVERS\pcmcia.sys

### PCMCIA Bus Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] MountMgr.sys=C:\WINDOWS\system32\DRIVERS\MountMgr.sys

### Mount Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] ftdisk.sys=C:\WINDOWS\system32\DRIVERS\ftdisk.sys

### FT Disk Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Drivers] PartMgr.sys=C:\WINDOWS\system32\DRIVERS\PartMgr.sys

### Partition Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] VolSnap.sys=C:\WINDOWS\system32\DRIVERS\VolSnap.sys

### Volume Shadow Copy Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] atapi.sys=C:\WINDOWS\system32\DRIVERS\atapi.sys

### IDE/ATAPI Port Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] disk.sys=C:\WINDOWS\system32\DRIVERS\disk.sys

### PnP Disk Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] CLASSPNP.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\CLASSPNP.SYS

### SCSI Class System Dll Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] fltMgr.sys=C:\WINDOWS\system32\DRIVERS\fltMgr.sys

### Microsoft Filesystem Filter Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2978

[Drivers] sr.sys=C:\WINDOWS\system32\DRIVERS\sr.sys

### System Restore Filesystem Filter Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] PxHelp20.sys=C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

### Px Engine Device Driver for Windows 2000/XP Sonic Solutions PxHelp20

[Drivers] KSecDD.sys=C:\WINDOWS\system32\DRIVERS\KSecDD.sys

### Kernel Security Support Provider Interface Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] Ntfs.sys=C:\WINDOWS\system32\DRIVERS\Ntfs.sys

### NT File System Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.3081

[Drivers] NDIS.sys=C:\WINDOWS\system32\DRIVERS\NDIS.sys

### NDIS 5.1 wrapper driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] FJGPNV.SYS=C:\WINDOWS\system32\DRIVERS\FJGPNV.SYS

### GPNV/FBE ANZX hCo FUJITSU LIMITED FJGPNV 2, 6, 0, 0

[Drivers] rixdptsk.sys=C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

### RICOH XD SM Driver REDC R5C852 Ricoh xD Controller 2, 0, 0, 0

[Drivers] risdptsk.sys=C:\WINDOWS\system32\DRIVERS\risdptsk.sys

### RICOH SD/MMC Driver REDC RICOH SD/MMC Driver 1, 0, 0, 0

[Drivers] Mup.sys=C:\WINDOWS\system32\DRIVERS\Mup.sys

### Multiple UNC Provider driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] intelppm.sys=C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS

### Processor Device Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] FUJ02E3.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FUJ02E3.SYS

### WDM driver for FUJ02E3 PnP device FUJITSU LIMITED FUJ02E3 1.00

[Drivers] ialmnt5.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IALMNT5.SYS

### Intel Graphics Miniport Driver Intel Corporation Intel Graphics Accelerator Drivers for Windows NT® 6.14.10.4267

[Drivers] VIDEOPRT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\VIDEOPRT.SYS

### Video Port Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] usbuhci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS

### UHCI USB Miniport Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] USBPORT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBPORT.SYS

### USB 1.1 & 2.0 Port Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] usbehci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS

### EHCI eUSB Miniport Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] RTL8139.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS

### Realtek RTL8139/810x Family NDIS 5.0 Drv Realtek Semiconductor Corporation Realtek RTL8139/810x Family Fast Ethernet NIC 5.513.1014.2004

[Drivers] rimsptsk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RIMSPTSK.SYS

### RICOH MS Driver REDC Ricoh Memorystick Controller 2, 0, 0, 0

[Drivers] pxmb395pci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PXMB395PCI.SYS

### MB395 PCI Capture Driver(WDM) for x86 Pixela PIX-MPTV/P5W

PIX-MPTV/P6W

PIX-NTTV/P5W

PIX-NTTV/P6W

1.01.0018.12

[Drivers] ks.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KS.SYS

### Kernel CSA Library Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Drivers] ALCXWDM.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS

### Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. Windows ® WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab) 5.10.5890

[Drivers] portcls.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PORTCLS.SYS

### Port Class (Class Driver for Port/Miniport Devices) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] drmk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DRMK.SYS

### Microsoft Kernel DRM Descrambler Filter Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] AGRSM.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AGRSM.SYS

### SoftModem Device Driver Agere Systems Agere SoftModem Driver 2.1.49 2.1.49 12/20/2004 15:10:12

[Drivers] Modem.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MODEM.SYS

### Modem Device Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] imapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS

### IMAPI Kernel Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] ElbyDelay.sys=C:\WINDOWS\SYSTEM32\DRIVERS\ELBYDELAY.SYS

### Elby Delay Lower Filter Driver Elaborate Bytes AG CDRTools 5, 1, 0, 1

[Drivers] ElbyCDFL.sys=C:\WINDOWS\SYSTEM32\DRIVERS\ELBYCDFL.SYS

### ElbyCDIO Filter Driver SlySoft, Inc. CloneCD 5, 2, 1, 3

[Drivers] cdrbsdrv.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\CDRBSDRV.SYS

### CD-ROM Filter Driver for Windows2000/xp B.H.A Corporation B's Recorder GOLD 8. 0. 0. 0

[Drivers] cdrom.sys=C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS

### SCSI CD-ROM Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] redbook.sys=C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS

### Redbook Audio Filter Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] GEARAspiWDM.sys=C:\WINDOWS\SYSTEM32\DRIVERS\GEARASPIWDM.SYS

### CD/DVD Class Filter Driver GEAR Software Inc. GEAR.wrks 8.xx

[Drivers] fsvga.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS

### Full Screen Video Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Drivers] audstub.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS

### AudStub Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] rasl2tp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS

### RAS L2TP mini-port/call-manager driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] ndistapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS

### NDIS 3.0 connection wrapper driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] ndiswan.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS

### MS PPP Framing Driver (Strong Encryption) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] raspppoe.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS

### RAS PPPoE mini-port/call-manager driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] raspptp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS

### Peer-to-Peer Tunneling Protocol Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] TDI.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\TDI.SYS

### TDI Wrapper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] psched.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS

### MS QoS Packet Scheduler Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] msgpc.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS

### MS General Packet Classifier Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] ptilink.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS

### Parallel Technologies DirectParallel IO Library Parallel Technologies, Inc. MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] raspti.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS

### PTI DirectParallel® mini-port/call-manager driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] termdd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS

### Terminal Server Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] kbdclass.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS

### Keyboard Class Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] mouclass.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS

### Mouse Class Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] swenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS

### Plug and Play Software Device Enumerator Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Drivers] update.sys=C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS

### Update Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.3124

[Drivers] mssmbios.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS

### System Management BIOS Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] NDProxy.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NDPROXY.SYS

### NDIS Proxy Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] usbhub.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS

### Default Hub Driver for USB Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] USBD.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS

### Universal Serial Bus Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] savrt.sys=C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVRT.SYS

### AutoProtect Symantec Corporation Symantec AntiVirus AutoProtect 9.7

[Drivers] SYMEVENT.SYS=C:\PROGRAM FILES\SYMANTEC\SYMEVENT.SYS

### Symantec Event Library Symantec Corporation SYMEVENT 12.1.2.1

[Drivers] Savrtpel.sys=C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVRTPEL.SYS

### SAVRTPEL Symantec Corporation Symantec AntiVirus AutoProtect 9.7

[Drivers] navex15.sys=C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071018.034\NAVEX15.SYS

### AV Engine Symantec Corporation Symantec Antivirus Engine 20071.3.0.24

[Drivers] naveng.sys=C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071018.034\NAVENG.SYS

### AV Engine Symantec Corporation Symantec Antivirus Engine 20071.3.0.24

[Drivers] Fs_Rec.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS

### File System Recognizer Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] Null.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS

### NULL Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] Beep.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS

### BEEP Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] HIDPARSE.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\HIDPARSE.SYS

### Hid Parsing Library Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] SONYPVU1.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS

### Sony USB Lower Filter driver Sony Corporation Sony USB Lower Filter driver 1.3.0526.0

[Drivers] vga.sys=C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS

### VGA/Super VGA Video Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] USBSTOR.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS

### USB Mass Storage Class Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] mnmdd.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS

### Frame buffer simulator Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] RDPCDD.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS

### RDP Miniport Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] meiudf.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MEIUDF.SYS

### DVD-RAM UDF File System Driver Matsubleepa Electric Industrial Co.,Ltd.

[Drivers] Udfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\UDFS.SYS

### UDF File System Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] Msfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS

### Mailslot driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] Npfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS

### NPFS Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] rasacd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS

### RAS Automatic Connection Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] ipsec.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS

### IPSec Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] tcpip.sys=C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS

### TCP/IP Protocol Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2892

[Drivers] SYMTDI.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\SYMTDI.SYS

### Network Dispatch Driver Symantec Corporation Symantec Security Drivers 6.0

[Drivers] netbt.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS

### MBT Transport driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] afd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS

### Ancillary Function Driver for WinSock Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] netbios.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS

### NetBIOS interface driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] SPBBCDrv.sys=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCDRV.SYS

### SPBBC Driver Symantec Corporation SPBBC 2.2.0.7

[Drivers] ipnat.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS

### IP Network Address Translator Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2524

[Drivers] wanarp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS

### MS Remote Access and Routing ARP Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] SCDEmu.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\SCDEMU.SYS

### PowerISO Virtual Drive PowerISO Computing, Inc. scdemu 3, 7, 0, 0

[Drivers] rdbss.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS

### Redirected Drive Buffering SubSystem Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2902

[Drivers] mrxsmb.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS

### Windows NT SMB Minirdr Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2902

[Drivers] Fips.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS

### FIPS Crypto Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Drivers] eeCtrl.sys=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\EENGINE\EECTRL.SYS

### Symantec Eraser Control Driver Symantec Corporation ERASER ENGINE 107.2.0.100

[Drivers] EraserUtilRebootDrv.sys=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\EENGINE\ERASERUTILREBOOTDRV.SYS

### Symantec Eraser Utility Driver Symantec Corporation ERASER ENGINE 107.2.0.100

[Drivers] Fastfat.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FASTFAT.SYS

### Fast FAT File System Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] hidusb.sys=C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS

### USB Miniport Driver for Input Devices Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] HIDCLASS.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\HIDCLASS.SYS

### Hid Class Library Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] usbccgp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS

### USB Common Class Generic Parent Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] mmkbd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MMKBD.SYS

### Dritek USB Keyboard HID Filter Driver Dritek System Inc. Dritek USB Keyboard HID Filter Driver 6, 0, 0, 1214

[Drivers] kbdhid.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KBDHID.SYS

### HID Mouse Filter Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Drivers] mouhid.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS

### HID Mouse Filter Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Drivers] atapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_ATAPI.SYS

[Drivers] WMILIB.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_WMILIB.SYS

[Drivers] win32k.sys=C:\WINDOWS\SYSTEM32\WIN32K.SYS

### Multi-User Win32 Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.3099

[Drivers] Dxapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS

### DirectX API Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] watchdog.sys=C:\WINDOWS\SYSTEM32\WATCHDOG.SYS

### Watchdog Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] dxg.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXG.SYS

### DirectX Graphics Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] dxgthk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS

### DirectX Graphics Driver Thunk Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] ialmdnt5.dll=C:\WINDOWS\SYSTEM32\IALMDNT5.DLL

### Controller Hub for Intel Graphics Driver Intel Corporation Intel Graphics Accelerator Drivers for Windows NT® 6.14.10.4267

[Drivers] ialmrnt5.dll=C:\WINDOWS\SYSTEM32\IALMRNT5.DLL

### Controller Hub for Intel Graphics Driver Intel Corporation Intel Graphics Accelerator Drivers for Windows NT® 6.14.10.4267

[Drivers] ialmdev5.DLL=C:\WINDOWS\SYSTEM32\IALMDEV5.DLL

### Component GHAL Driver Intel Corporation Intel Graphics Accelerator Drivers for Windows NT® 6.14.10.4267

[Drivers] ialmdd5.DLL=C:\WINDOWS\SYSTEM32\IALMDD5.DLL

### DirectDraw® Driver for Intel® Graphics Technology Intel Corporation Intel Graphics Accelerator Drivers for Windows NT® 6.14.10.4267

[Drivers] ndisuio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS

### NDIS User mode I/O Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] mrxdav.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS

### Windows NT WebDav Minirdr Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] wdmaud.sys=C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS

### MMSYSTEM Wave/Midi API mapper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2929

[Drivers] sysaudio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS

### System Audio WDM Filter Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] splitter.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS

### Microsoft Kernel Audio Splitter Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2929

[Drivers] aec.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS

### Microsoft Acoustic Echo Canceller Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2601.2180

[Drivers] swmidi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS

### Microsoft GS Wavetable Synthesizer Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Drivers] DMusic.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS

### Microsoft Kernel DLS Synthesizer Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] kmixer.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS

### Kernel Mode Audio Mixer Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2929

[Drivers] drmkaud.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS

### Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Drivers] BtnHnd.sys=C:\PROGRAM FILES\FUJITSU\BTNHND\BTNHND.SYS

### Button handler driver (SYS) FUJITSU LIMITED Button handler 2, 7, 0, 0

[Drivers] ElbyCDIO.sys=C:\WINDOWS\SYSTEM32\DRIVERS\ELBYCDIO.SYS

### ElbyCD Windows NT/2000/XP I/O driver Elaborate Bytes AG CDRTools 6, 0, 0, 0

[Drivers] FlashDrv.sys=C:\PROGRA~1\FUJITSU\FLASHAID\FLASHDRV.SYS

### FlashAid Kernel Driver FUJITSU LIMITED FlashAid 1, 1, 0, 0

[Drivers] LampDrv.sys=C:\PROGRAM FILES\FUJITSU\INETCONDSP\LAMPDRV.SYS

### Lamp Driver (SYS) FUJITSU LIMITED Lamp Driver 1, 0, 0, 0

[Drivers] srv.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS

### Server driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2974

[Drivers] ntdll.dll=C:\WINDOWS\SYSTEM32\NTDLL.DLL

### NT Layer DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM .NET CLR Data

[Services detected by Partizan] :HKLM .NET CLR Networking

[Services detected by Partizan] :HKLM .NET Data Provider for Oracle

[Services detected by Partizan] :HKLM .NET Data Provider for SqlServer

[Services detected by Partizan] :HKLM .NETFramework

[Services detected by Partizan] :HKLM 61883=system32\DRIVERS\61883.sys

### Driver 61883 jbg foCX Start Type: loaded manually on demand 61883 Device Class Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Abiosdsk

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM abp480n5

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM ACPI=system32\DRIVERS\ACPI.sys

### Driver Microsoft ACPI Driver Start Type: loaded automatically by the Boot Loader ACPI Driver for NT Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ACPIEC

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM adpu160m

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM ADVNTDRV=\SystemRoot\System32\drivers\ADVNTDRV.SYS

### Driver ADVNTDRV Start Type: loaded manually on demand advntdrv.sys FUJITSU LIMITED. Microsoft® Windows NT™ Operating System 1.01

[Services detected by Partizan] :HKLM aec=system32\drivers\aec.sys

### Driver Microsoft Kernel Acoustic Echo Canceller Start Type: loaded manually on demand Microsoft Acoustic Echo Canceller Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2601.2180

[Services detected by Partizan] :HKLM AFD=\SystemRoot\System32\drivers\afd.sys

### Driver AFD AFD lbg[N T|[g Start Type: loaded automatically at Kernel initialization Ancillary Function Driver for WinSock Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM AgereSoftModem=system32\DRIVERS\AGRSM.sys

### Driver Agere Systems Soft Modem Start Type: loaded manually on demand SoftModem Device Driver Agere Systems Agere SoftModem Driver 2.1.49 2.1.49 12/20/2004 15:10:12

[Services detected by Partizan] :HKLM Aha154x

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM aic78u2

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM aic78xx

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM ALCXSENS=system32\drivers\ALCXSENS.SYS

### Driver Service for WDM 3D Audio Driver Start Type: loaded manually on demand Sensaura WDM 3D Audio Driver Sensaura

[Services detected by Partizan] :HKLM ALCXWDM=system32\drivers\ALCXWDM.SYS

### Driver Service for Realtek AC97 Audio (WDM) Start Type: loaded manually on demand Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. Windows ® WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab) 5.10.5890

[Services detected by Partizan] :HKLM Alerter=%SystemRoot%\system32\svchost.exe -k LocalService

### Service Alerter IǵΩ[U[∆Rs[^Džx mǵNj∑BT[rXǙ~ǵǃǢAxgp∑vOxMǵNjπBDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Start Type: disabled Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ALG=%SystemRoot%\System32\alg.exe

### Service Application Layer Gateway Service C^[lbg⁄LǮǗ Windows t@CAEH[ΩflAT[h p[eBvgRvOCT|[gǵNj∑B Start Type: loaded manually on demand Application Layer Gateway Service Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM AliIde

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM amsint

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM AppMgmt=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Application Management ǃAJAǻǫ\tgEFACXg[ T[rXǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Arp1394=system32\DRIVERS\arp1394.sys

### Driver 1394 ARP Client vgR 1394 ARP Client vgR Start Type: loaded manually on demand IP/1394 Arp Client Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM asc

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM asc3350p

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM asc3550

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM ASP.NET

[Services detected by Partizan] :HKLM ASP.NET_1.1.4322

[Services detected by Partizan] :HKLM ASP.NET_2.0.50727

[Services detected by Partizan] :HKLM aspnet_state=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

### Service ASP.NET State Service Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: loaded manually on demand Microsoft ASP.NET State Server Microsoft Corporation MicrosoftR .NET Framework 2.0.50727.832

[Services detected by Partizan] :HKLM AsyncMac=system32\DRIVERS\asyncmac.sys

### Driver RAS Asynchronous Media Driver RAS Asynchronous Media Driver Start Type: loaded manually on demand MS Remote Access serial network driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM atapi=system32\DRIVERS\atapi.sys

### Driver W IDE/ESDI n[h fBXN Rg[ Start Type: loaded automatically by the Boot Loader IDE/ATAPI Port Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Atdisk

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM Atmarpc=system32\DRIVERS\atmarpc.sys

### Driver ATM ARP NCAg vgR ATM ARP NCAg vgR Start Type: loaded manually on demand IP/ATM Arp Client Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM AudioSrv=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Windows Audio Windows x[X vOI[fBI foCXǵNj∑BDZT[rXǙ~≥ǃǢAI[fBI foCX∆I[fBI ≥ǵ≠@\ǵNjπBDZT[rXǙ≥ǻAIDžDZT[rXDž∂ǵǃǢ∑◊ǃT[rXJn≈ǴNjπB Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM audstub=system32\DRIVERS\audstub.sys

### Driver I[fBI X^u hCo Start Type: loaded manually on demand AudStub Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM Avc=system32\DRIVERS\avc.sys

### Driver AVC foCX Start Type: loaded manually on demand AVC Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM BattC

[Services detected by Partizan] :HKLM BeatJamMusicStreamingServer=C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe

### Service BeatJam Music Server - HTTP Start Type: loaded manually on demand Justsystem Corporation 3.0.00.16200 (2005)

[Services detected by Partizan] :HKLM BeatJamUPnPMusicServer=C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe

### Service BeatJam Music Server - UPnP Start Type: loaded manually on demand Justsystem Corporation 3.0.00.16200 (2005)

[Services detected by Partizan] :HKLM Beep

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM bgsvclib=C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe

### Service B's Recorder GOLD Library Service Start Type: loaded automatically by Server Manager B's Recorder GOLD Service Library B.H.A Corporation B's Recorder GOLD8 8, 0, 0, 0

[Services detected by Partizan] :HKLM BITS=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Background Intelligent Transfer Service obNOEh≈NCAg∆T[o[f[^]ǵNj∑BBITS ≥Dž∑∆AWindows Update ǻǫ@\Ǚ≥ǵ≠ǵǻ≠ǻNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Browser=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Computer Browser lbg[NRs[^≈VǵAǪQ∆∆ǵǃw≥ΩRs[^DžǵNj∑BDZT[rXǙ~ǵǃǢAXVLJLJ≥NjπBDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM BtnHnd=\??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys

### Driver BtnHnd Start Type: loaded automatically by Server Manager Button handler driver (SYS) FUJITSU LIMITED Button handler 2, 7, 0, 0

[Services detected by Partizan] :HKLM catchme=\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys

### Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.

[Services detected by Partizan] :HKLM cbidf2k

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM CCDECODE=system32\DRIVERS\CCDECODE.sys

### Driver N[Yh LvV fR[_ Start Type: loaded manually on demand WDM Closed Caption VBI Codec Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

### Service Symantec Event Manager Event propagation and logging service Start Type: loaded automatically by Server Manager Symantec Event Manager Service Symantec Corporation Client and Host Security Platform 104.0.11.1

[Services detected by Partizan] :HKLM ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

### Service Symantec Settings Manager Settings storage and management service Start Type: loaded automatically by Server Manager Symantec Settings Manager Service Symantec Corporation Client and Host Security Platform 104.0.11.1

[Services detected by Partizan] :HKLM cd20xrnt

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM Cdaudio

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM Cdfs

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM cdrbsdrv

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM Cdrom=system32\DRIVERS\cdrom.sys

### Driver CD-ROM hCo Start Type: loaded automatically at Kernel initialization SCSI CD-ROM Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Changer

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM CiSvc=%SystemRoot%\system32\cisvc.exe

### Service Indexing Service Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Start Type: loaded manually on demand Content Index service Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ClipSrv=%SystemRoot%\system32\clipsrv.exe

### Service ClipBook NbvubNgǡǃǵA[g Rs[^∆L∑DZ∆Ǚ≈ǴNj∑BT[rXǙ~≥ΩA[g Rs[^∆L≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDžIDž∂ǵǃǢT[rX∑◊ǃJn≈Ǵǻ≠ǻNj∑B Start Type: disabled Windows NT DDE Server Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM clr_optimization_v2.0.50727_32=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

### Service .NET Runtime Optimization Service v2.0.50727_X86 Microsoft .NET Framework NGEN Start Type: loaded manually on demand .NET Runtime Optimization Service Microsoft Corporation MicrosoftR .NET Framework 2.0.50727.832

[Services detected by Partizan] :HKLM CmdIde

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM COMSysApp=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

### Service COM+ System Application R|[lg IuWFNg f (COM)+ x[X R|[lg\∆ǵNj∑BT[rXǙ~∑∆ACOM+ x[X R|[lg≥ǵ≠@\ǵNjπBT[rXǙ≥Džǻ∆ADZT[rXDž∂∑T[rXJn≈Ǵǻ≠ǻNj∑B Start Type: loaded manually on demand COM Surrogate Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ContentFilter

[Services detected by Partizan] :HKLM ContentIndex

[Services detected by Partizan] :HKLM Cpqarray

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM CryptSvc=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Cryptographic Services ≥T[rXA 3 Ǭ≈∑BJ^O f[^x[X T[rX: Windows t@CmFǵNj∑B[g T[rX: M≥Ω[g@DZRs[^DžǮǗǵNj∑BL[ T[rX: pDZRs[^Džo^ǵNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM dac2w2k

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM dac960nt

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM DcomLaunch=%SystemRoot%\system32\svchost -k DcomLaunch

### Service DCOM Server Process Launcher DCOM T[rXN∑@\ǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM DefWatch="C:\Program Files\Symantec AntiVirus\DefWatch.exe"

### Service Symantec AntiVirus Definition Watcher Monitors and maintains virus definitions. Start Type: loaded automatically by Server Manager Virus Definition Daemon Symantec Corporation Symantec AntiVirus 10.1.5.5000

[Services detected by Partizan] :HKLM Dhcp=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service DHCP Client IP AhX∆ DNS o^ǮǗXVǵǃlbg[N\ǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Disk=system32\DRIVERS\disk.sys

### Driver fBXN hCo Start Type: loaded automatically by the Boot Loader PnP Disk Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM dmadmin=%SystemRoot%\System32\dmadmin.exe /com

### Service Logical Disk Manager Administrative Service n[h fBXN hCu∆{[\ǵNj∑BT[rXvZX\ΩflDžs≥A~≥Nj∑B Start Type: loaded manually on demand Logical Disk Manager service process Microsoft Corp., Veritas Software Logical Disk Manager for Windows NT 1.0

[Services detected by Partizan] :HKLM dmboot=System32\drivers\dmboot.sys

### Driver Start Type: disabled NT Disk Manager Startup Driver Microsoft Corp., Veritas Software VERITAS® NT Disk Manager 1.0

[Services detected by Partizan] :HKLM dmio=System32\drivers\dmio.sys

### Driver Start Type: disabled NT Disk Manager I/O Driver Microsoft Corp., Veritas Software VERITAS® NT Disk Manager 1.0

[Services detected by Partizan] :HKLM dmload=System32\drivers\dmload.sys

### Driver Start Type: disabled NT Disk Manager Startup Driver Microsoft Corp., Veritas Software. Logical Disk Manager for Windows NT 1.0

[Services detected by Partizan] :HKLM dmserver=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Logical Disk Manager VǵǢn[h fBXN hCuoAǵA\ΩflfBXN {[_fBXN }l[WT[rXDžMǵNj∑BDZT[rXǙ~ǵǃǢA_Ci~bN fBXN∆\Ǚ≈V≈ǻ≠ǻDZ∆ǙdžNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM DMusic=system32\drivers\DMusic.sys

### Driver Microsoft Kernel DLS Syntheiszer Start Type: loaded manually on demand Microsoft Kernel DLS Synthesizer Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Dnscache=%SystemRoot%\system32\svchost.exe -k NetworkService

### Service DNS Client DZRs[^hC l[ VXe (DNS) ǮǗLbVǵNj∑BDZT[rXǙ~ǵΩADZRs[^ DNS ≈Ǵ∏AActive Directory hC Rg[[ǬDZ∆Ǚ≈Ǵǻ≠ǻNj∑BDZT[rXǙgpsDž≥ΩADZT[rXDžIDž∂∑T[rX∑◊ǃN≈Ǵǻ≠ǻNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM dpti2o

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM drmkaud=system32\drivers\drmkaud.sys

### Driver Microsoft Kernel DRM Audio Descrambler Start Type: loaded manually on demand Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM eeCtrl=\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

### Driver Symantec Eraser Control driver Start Type: loaded automatically at Kernel initialization Symantec Eraser Control Driver Symantec Corporation ERASER ENGINE 107.2.0.100

[Services detected by Partizan] :HKLM ElbyCDFL=System32\Drivers\ElbyCDFL.sys

### Driver ElbyCDFL Start Type: loaded manually on demand ElbyCDIO Filter Driver SlySoft, Inc. CloneCD 5, 2, 1, 3

[Services detected by Partizan] :HKLM ElbyCDIO=System32\Drivers\ElbyCDIO.sys

### Driver ElbyCDIO Driver Start Type: loaded automatically by Server Manager ElbyCD Windows NT/2000/XP I/O driver Elaborate Bytes AG CDRTools 6, 0, 0, 0

[Services detected by Partizan] :HKLM ElbyDelay=System32\Drivers\ElbyDelay.sys

### Driver ElbyDelay Start Type: loaded manually on demand Elby Delay Lower Filter Driver Elaborate Bytes AG CDRTools 5, 1, 0, 1

[Services detected by Partizan] :HKLM EraserUtilRebootDrv=\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

### Driver EraserUtilRebootDrv Start Type: loaded manually on demand Symantec Eraser Utility Driver Symantec Corporation ERASER ENGINE 107.2.0.100

[Services detected by Partizan] :HKLM ERSvc=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Error Reporting Service Allows error reporting for services and applictions running in non-standard environments. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Eventlog=%SystemRoot%\system32\services.exe

### Service Event Log Windows x[XvO∆ Windows R|[lgDžǡǃ≠s≥Cxg O bZ[WCxg r[A≈\ǵNj∑BDZT[rX~≈ǴNjπB Start Type: loaded automatically by Server Manager Services and Controller app Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM EventSystem=C:\WINDOWS\system32\svchost.exe -k netsvcs

### Service COM+ Event System T|[g VXe Cxg mT[rX (SENS) ACxg m∆ǵǃo^≥Ω COM R|[lgDžCxgIDž mǵNj∑BT[rXǙ~∑∆ASENS IπǵAOIǂOIt m≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥ǻADZT[rXDž∂∑T[rXJn≈ǴNjπB Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Fastfat

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM FastUserSwitchingCompatibility=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Fast User Switching Compatibility [U[≈AVX^XǙKvǻAvP[VǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Fax=%systemroot%\system32\fxssvc.exe

### Service Fax DZRs[^NjΩlbg[N FAX \[XgǡǃAFAX M\DžǵNj∑B Start Type: loaded automatically by Server Manager FAX T[rX Microsoft Corporation Microsoft® Windows® Operating System 5.2.2600.2180

[Services detected by Partizan] :HKLM Fdc

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM Fips

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM FJGPNV=system32\drivers\FJGPNV.SYS

### Driver FJGPNV Start Type: loaded automatically by the Boot Loader GPNV/FBE ANZX hCo FUJITSU LIMITED FJGPNV 2, 6, 0, 0

[Services detected by Partizan] :HKLM FlashDrv=\??\C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys

### Driver FlashDrv Start Type: loaded automatically by Server Manager FlashAid Kernel Driver FUJITSU LIMITED FlashAid 1, 1, 0, 0

[Services detected by Partizan] :HKLM Flpydisk

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM FltMgr=system32\DRIVERS\fltMgr.sys

### Driver FltMgr t@C VXe tB^ }l[W hCo Start Type: loaded automatically by the Boot Loader Microsoft Filesystem Filter Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2978

[Services detected by Partizan] :HKLM FsVga=system32\DRIVERS\fsvga.sys

### Driver Start Type: loaded automatically at Kernel initialization Full Screen Video Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM Fs_Rec

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM Ftdisk=system32\DRIVERS\ftdisk.sys

### Driver {[ }l[W hCo Start Type: loaded automatically by the Boot Loader FT Disk Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM FUJ02E3=system32\DRIVERS\FUJ02E3.sys

### Driver Fujitsu FUJ02E3 Device Driver Start Type: loaded manually on demand WDM driver for FUJ02E3 PnP device FUJITSU LIMITED FUJ02E3 1.00

[Services detected by Partizan] :HKLM GEARAspiWDM=System32\Drivers\GEARAspiWDM.sys

### Driver GEARAspiWDM Start Type: loaded manually on demand CD/DVD Class Filter Driver GEAR Software Inc. GEAR.wrks 8.xx

[Services detected by Partizan] :HKLM Gpc=system32\DRIVERS\msgpc.sys

### Driver Generic Packet Classifier Generic Packet Classifier Start Type: loaded manually on demand MS General Packet Classifier Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM gusvc="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"

### Service Google Updater Service Start Type: loaded automatically by Server Manager gusvc Google Google Updater 2.2.824.5515.beta

[Services detected by Partizan] :HKLM helpsvc=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Help and Support wv∆T|[g Z^[LDžǵADZRs[^≈s∑ǧDžǵNj∑BDZT[rX~∑∆Awv∆T|[g Z^[p∑DZ∆≈Ǵǻ≠ǻNj∑BDZT[rX≥Dž∑∆ADZT[rXDžIDž∂∑T[rXJnǵNjπB Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM HidServ=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service HID Input Service q[} C^[tFCX foCX (HID) LDžǵNj∑Bq[} C^[tFCX foCXAL[{[hA[gAǮǗ}` foCXDždžǩ∂fl`≥ǃǢzbg {^gpLDžǵǃAǵNj∑BDZT[rXǙ~≥ǃǢADZT[rXDžǡǃ≥ǃǢzbg {^@\ǵǻ≠ǻNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM hidusb=system32\DRIVERS\hidusb.sys

### Driver Microsoft HID Class Driver Start Type: loaded manually on demand USB Miniport Driver for Input Devices Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM hpn

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM HTTP=System32\Drivers\HTTP.sys

### Driver HTTP DZT[rXAhypertext transfer protocol (HTTP) ǵNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded manually on demand HTTP Protocol Stack Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2869

[Services detected by Partizan] :HKLM HTTPFilter=%SystemRoot%\System32\svchost.exe -k HTTPFilter

### Service HTTP SSL DZT[rXASecure Socket Layer (SSL) gǡǃ HTTP T[rXΩflDž secure hypertext transfer protocol (HTTPS) ǵNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM i2omgmt

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM i2omp

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM i8042prt

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM ialm=system32\DRIVERS\ialmnt5.sys

### Driver Start Type: loaded manually on demand Intel Graphics Miniport Driver Intel Corporation Intel Graphics Accelerator Drivers for Windows NT® 6.14.10.4267

[Services detected by Partizan] :HKLM Imapi=system32\DRIVERS\imapi.sys

### Driver ǴǛtB^ hCo Start Type: loaded automatically at Kernel initialization IMAPI Kernel Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ImapiService=C:\WINDOWS\system32\imapi.exe

### Service IMAPI CD-Burning COM Service IMAPI (Image Mastering Applications Programming Interface) gp∑ CD L^ǵNj∑BDZT[rX~∑∆ADZRs[^≈ CD DžL^∑DZ∆Ǚ≈Ǵǻ≠ǻNj∑BDZT[rX≥Dž∑∆ADZT[rXDžIDž∂∑T[rXJnǵNjπB Start Type: loaded manually on demand IMAPI Module Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM inetaccs

[Services detected by Partizan] :HKLM ini910u

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM Inport

[Services detected by Partizan] :HKLM IntelIde=system32\DRIVERS\intelide.sys

### Driver Start Type: loaded automatically by the Boot Loader Intel PCI IDE Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM intelppm=system32\DRIVERS\intelppm.sys

### Driver Intel Processor Driver Start Type: loaded automatically at Kernel initialization Processor Device Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Ip6Fw=system32\DRIVERS\Ip6Fw.sys

### Driver IPv6 Windows Firewall Driver z[ lbg[NNjΩKItBXlbg[NDžǵǃA^bNh~T[rXǵNj∑B Start Type: loaded manually on demand IPv6 Windows Firewall Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM IpFilterDriver=system32\DRIVERS\ipfltdrv.sys

### Driver IP Traffic Filter Driver IP Traffic Filter Driver Start Type: loaded manually on demand IP FILTER DRIVER Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM IpInIp=system32\DRIVERS\ipinip.sys

### Driver IP in IP Tunnel Driver IP in IP Tunnel Driver Start Type: loaded manually on demand IP in IP Encapsulation Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM IpNat=system32\DRIVERS\ipnat.sys

### Driver IP Network Address Translator IP Network Address Translator Start Type: loaded manually on demand IP Network Address Translator Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2524

[Services detected by Partizan] :HKLM iPod Service="C:\Program Files\iPod\bin\iPodService.exe"

### Service iPod Service iPod hardware management services Start Type: loaded manually on demand iPodService Module Apple Inc. iTunes 7.1.1.5

[Services detected by Partizan] :HKLM IPSec=system32\DRIVERS\ipsec.sys

### Driver IPSEC driver IPSEC driver Start Type: loaded automatically at Kernel initialization IPSec Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM IRENUM=system32\DRIVERS\irenum.sys

### Driver IR Enumerator Service Start Type: loaded manually on demand Infra-Red Bus Enumerator Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ISAPISearch

[Services detected by Partizan] :HKLM isapnp=system32\DRIVERS\isapnp.sys

### Driver PnP ISA/EISA oX hCo Start Type: loaded automatically by the Boot Loader PNP ISA Bus Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM Kbdclass=system32\DRIVERS\kbdclass.sys

### Driver L[{[h NX hCo Start Type: loaded automatically at Kernel initialization Keyboard Class Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM kbdhid=system32\DRIVERS\kbdhid.sys

### Driver L[{[h HID hCo Start Type: loaded automatically at Kernel initialization HID Mouse Filter Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM kmixer=system32\drivers\kmixer.sys

### Driver Microsoft Kernel Wave Audio Mixer Start Type: loaded manually on demand Kernel Mode Audio Mixer Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2929

[Services detected by Partizan] :HKLM KS396U=system32\DRIVERS\KS396U.sys

### Driver Fujitsu Built-In TV WDM Video Capture Start Type: loaded manually on demand Fujitsu Built-In TV WDM Video Capture FUJITSU LIMITED KS396U 1, 0, 2, 30

[Services detected by Partizan] :HKLM KSecDD

### Driver Start Type: loaded automatically by the Boot Loader

[Services detected by Partizan] :HKLM LampDrv=\??\C:\Program Files\Fujitsu\iNetConDsp\LampDrv.sys

### Driver LampDrv Start Type: loaded automatically by Server Manager Lamp Driver (SYS) FUJITSU LIMITED Lamp Driver 1, 0, 0, 0

[Services detected by Partizan] :HKLM lanmanserver=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Server DZRs[^≈lbg[N∆Ǯǵǃt@CAAǮǗOtpCvLT|[gǵNj∑BDZT[rXǙ~ǵΩADZ@\p≈Ǵǻ≠ǻNj∑BDZT[rXǙgpsDž≥ΩADZT[rXDžIDž∂∑T[rX∑◊ǃN≈Ǵǻ≠ǻNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM lanmanworkstation=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Workstation [g T[o[NCAg lbg[N⁄ǵAǵNj∑BDZT[rXǙ~ǵǃǢADZ⁄p≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM lbrtfdc

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM ldap

[Services detected by Partizan] :HKLM LicenseService

[Services detected by Partizan] :HKLM LiveUpdate="C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"

### Service LiveUpdate LiveUpdate Core Engine Start Type: loaded manually on demand LiveUpdate Engine COM Module Symantec Corporation LiveUpdate 3.1.0.90

[Services detected by Partizan] :HKLM LmHosts=%SystemRoot%\system32\svchost.exe -k LocalService

### Service TCP/IP NetBIOS Helper NetBIOS over TCP/IP (NetBT) T[rX∆ NetBIOS OΩflT|[gLDžǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM mb86395PCI=system32\DRIVERS\pxmb395pci.sys

### Driver mb86395PCI Start Type: loaded manually on demand MB395 PCI Capture Driver(WDM) for x86 Pixela PIX-MPTV/P5W

PIX-MPTV/P6W

PIX-NTTV/P5W

PIX-NTTV/P6W

1.01.0018.12

[Services detected by Partizan] :HKLM MDM="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

### Service Machine Debug Manager Visual Studio ∆XNvg fobK[JǮǗ[g fobOT|[gǵNj∑BDZT[rX~∑∆AfobK≥Dž@\ǵNjπB Start Type: loaded automatically by Server Manager Machine Debug Manager Microsoft Corporation MicrosoftR Visual Studio .NET 7.00.9466

[Services detected by Partizan] :HKLM meiudf=System32\Drivers\meiudf.sys

### Driver meiudf Start Type: loaded automatically at Kernel initialization DVD-RAM UDF File System Driver Matsubleepa Electric Industrial Co.,Ltd.

[Services detected by Partizan] :HKLM Messenger=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Messenger lbg[NM∆xT[rX bZ[WANCAg∆T[o[≈]ǵNj∑BDZT[rX Windows bZW∆AǵǃǢNjπBDZT[rXǙ~ǵǃǢAxbZ[W]≥NjπBDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Start Type: disabled Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM MMKBD=system32\DRIVERS\mmkbd.sys

### Driver Fujitsu USB HID Device Filter Driver Start Type: loaded automatically by Server Manager Dritek USB Keyboard HID Filter Driver Dritek System Inc. Dritek USB Keyboard HID Filter Driver 6, 0, 0, 1214

[Services detected by Partizan] :HKLM mnmdd

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM mnmsrvc=C:\WINDOWS\system32\mnmsrvc.exe

### Service NetMeeting Remote Desktop Sharing ^ǶΩ[U[Ǚ NetMeeting gǡǃ∆Cglbg≈[gǩDZRs[^DžANZX∑DZ∆ǵNj∑BDZT[rXǙ~≥ǃǢA[g fXNgbvLp≈ǴNjπBDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded manually on demand NetMeeting Remote Desktop Sharing Microsoft Corporation Windows® NetMeeting® 3.01

[Services detected by Partizan] :HKLM Modem

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM Mouclass=system32\DRIVERS\mouclass.sys

### Driver }EX NX hCo Start Type: loaded automatically at Kernel initialization Mouse Class Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM mouhid=system32\DRIVERS\mouhid.sys

### Driver }EX HID hCo Start Type: loaded manually on demand HID Mouse Filter Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM MountMgr

### Driver Start Type: loaded automatically by the Boot Loader

[Services detected by Partizan] :HKLM mraid35x

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM MrnTS_Sync5="C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe"

### Service Morrin Thumbnail Synchronized Service 5 MNjflǻǫ≈p∑TlCA∑ΩflT[rX≈∑B Start Type: loaded automatically by Server Manager Morrin Thumbnail Synchronized Service Module. [ Morrin Image-file Integrate Projects 5, 0, 0, 0

[Services detected by Partizan] :HKLM MRxDAV=system32\DRIVERS\mrxdav.sys

### Driver WebDav NCAg _CN^ WebDav NCAg _CN^ Start Type: loaded manually on demand Windows NT WebDav Minirdr Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM MRxSmb=system32\DRIVERS\mrxsmb.sys

### Driver MRXSMB MRXSMB Start Type: loaded automatically at Kernel initialization Windows NT SMB Minirdr Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2902

[Services detected by Partizan] :HKLM MSCSPTISRV="C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"

### Service MSCSPTISRV Start Type: loaded manually on demand MSCSPTISRV Module Sony Corporation MSCSPTISRV Module 4.1.00.13180

[Services detected by Partizan] :HKLM MSDTC=C:\WINDOWS\system32\msdtc.exe

### Service Distributed Transaction Coordinator f[^x[XAbZ[W L[ANjΩt@C VXeǻǫA\[X }l[WDžU≥ΩgUNV≤ǵNj∑BDZT[rXǙ~∑∆ADZgUNVJn≈ǴNjπBDZT[rXǙ≥ǻADZT[rXDž∂∑T[rXJn≈ǴNjπB Start Type: loaded manually on demand MS DTC console program Microsoft Corporation Microsoft Distributed Transaction Coordinator 03.01.00.4414

[Services detected by Partizan] :HKLM MSDV=system32\DRIVERS\msdv.sys

### Driver Microsoft DV Camera and VCR Start Type: loaded manually on demand Microsoft DV Camera and VCR Driver Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM Msfs

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM MSIServer=C:\WINDOWS\system32\msiexec.exe /V

### Service Windows Installer Windows CXg[ (*.msi) pbP[W∆ǵǃ≥ΩAvP[VAC≥NjΩǵNj∑BDZT[rXǙgpsDžǻǡǃǢADZT[rXDž∂ǵǃǢT[rXJn∏sǵNj∑B Start Type: loaded manually on demand WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Services detected by Partizan] :HKLM MSKSSRV=system32\drivers\MSKSSRV.sys

### Driver Microsoft Streaming Service Proxy Start Type: loaded manually on demand MS KS Server Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM MSPCLOCK=system32\drivers\MSPCLOCK.sys

### Driver Microsoft Streaming Clock Proxy Start Type: loaded manually on demand MS Proxy Clock Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM MSPQM=system32\drivers\MSPQM.sys

### Driver Microsoft Streaming Quality Manager Proxy Start Type: loaded manually on demand MS Proxy Quality Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM mssmbios=system32\DRIVERS\mssmbios.sys

### Driver Microsoft System Management BIOS Driver Start Type: loaded manually on demand System Management BIOS Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM MSSQL$SONY_MEDIAMGR=C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR

### Service MSSQL$SONY_MEDIAMGR Start Type: loaded manually on demand SQL Server Windows NT Microsoft Corporation Microsoft SQL Server 8.00.760

[Services detected by Partizan] :HKLM MSSQLServerADHelper=C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

### Service MSSQLServerADHelper Start Type: loaded manually on demand Microsoft SQL Server Active Directory Helper Service Microsoft Corporation Microsoft SQL Server 8.00.760

[Services detected by Partizan] :HKLM MSTEE=system32\drivers\MSTEE.sys

### Driver Microsoft Streaming Tee/Sink-to-Sink Converter Start Type: loaded manually on demand WDM Tee/Communication Transform Filter Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM Mup

### Driver Mup Start Type: loaded automatically by the Boot Loader

[Services detected by Partizan] :HKLM MyMedia Server=C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe

### Service MyMedia Server Start Type: loaded automatically by Server Manager MyMediaServer DigiOn MyMedia Server 2.31.2

[Services detected by Partizan] :HKLM NABTSFEC=system32\DRIVERS\NABTSFEC.sys

### Driver NABTS/FEC VBI Codec Start Type: loaded manually on demand WDM NABTS/FEC VBI Codec Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM NAVENG=\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071018.034\naveng.sys

### Driver NAVENG Start Type: loaded manually on demand AV Engine Symantec Corporation Symantec Antivirus Engine 20071.3.0.24

[Services detected by Partizan] :HKLM NAVEX15=\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071018.034\navex15.sys

### Driver NAVEX15 Start Type: loaded manually on demand AV Engine Symantec Corporation Symantec Antivirus Engine 20071.3.0.24

[Services detected by Partizan] :HKLM NDIS

### Driver NDIS VXe hCo Start Type: loaded automatically by the Boot Loader

[Services detected by Partizan] :HKLM NdisIP=system32\DRIVERS\NdisIP.sys

### Driver Microsoft TV/rfI⁄ Start Type: loaded manually on demand Microsoft IP Driver Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM NdisTapi=system32\DRIVERS\ndistapi.sys

### Driver Remote Access NDIS TAPI Driver Remote Access NDIS TAPI Driver Start Type: loaded manually on demand NDIS 3.0 connection wrapper driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM Ndisuio=system32\DRIVERS\ndisuio.sys

### Driver NDIS Usermode I/O vgR NDIS Usermode I/O vgR Start Type: loaded manually on demand NDIS User mode I/O Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM NdisWan=system32\DRIVERS\ndiswan.sys

### Driver Remote Access NDIS WAN Driver Remote Access NDIS WAN Driver Start Type: loaded manually on demand MS PPP Framing Driver (Strong Encryption) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM NDProxy

[Services detected by Partizan] :HKLM NetBIOS=system32\DRIVERS\netbios.sys

### Driver NetBIOS C^[tFCX NetBIOS C^[tFCX Start Type: loaded automatically at Kernel initialization NetBIOS interface driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM NetBT=system32\DRIVERS\netbt.sys

### Driver NetBios over Tcpip NetBios over Tcpip Start Type: loaded automatically at Kernel initialization MBT Transport driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM NetDDE=%SystemRoot%\system32\netdde.exe

### Service Network DDE ∂Rs[^NjΩ Rs[^≈s≥ΩvOΩflDž Dynamic Data Exchange (DDE) lbg[N gX|[g∆ZLeBǵNj∑BDZT[rXǙ~≥ΩADDE gX|[g∆ZLeBp≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDžIDž∂ǵǃǢT[rX∑◊ǃJn≈Ǵǻ≠ǻNj∑B Start Type: disabled Network DDE - DDE Communication Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM NetDDEdsdm=%SystemRoot%\system32\netdde.exe

### Service Network DDE DSDM Dynamic Data Exchange (DDE) lbg[NLǵNj∑BDZT[rXǙ~≥ΩADDE lbg[NLp≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDžIDž∂ǵǃǢT[rX∑◊ǃJn≈Ǵǻ≠ǻNj∑B Start Type: disabled Network DDE - DDE Communication Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Netlogon=%SystemRoot%\system32\lsass.exe

### Service Net Logon hCDždžRs[^AJEg OI CxgpX X[FT|[gǵNj∑B Start Type: loaded manually on demand LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Netman=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Network Connections lbg[N∆_CAbv⁄tH_DždžIuWFNgǵNj∑B[J GA lbg[N∆[g⁄˚ǙtH_≈\≥Nj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM NIC1394=system32\DRIVERS\nic1394.sys

### Driver 1394 lbg hCo Start Type: loaded manually on demand IEEE1394 Ndis Miniport and Call Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Nla=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Network Location Awareness (NLA) lbg[N\∆˚Wǵi[ǵNj∑BDZǙX≥ΩAvP[VDž mǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Npfs

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM Ntfs

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM NtLmSsp=%SystemRoot%\system32\lsass.exe

### Service NT LM Security Support Provider OtǴpCvOgX|[ggǡǃǢ[g vV[W R[ (RPC) vODžZLeBǵNj∑B Start Type: loaded manually on demand LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM NtmsSvc=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Removable Storage Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Null

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM NwlnkFlt=system32\DRIVERS\nwlnkflt.sys

### Driver IPX Traffic Filter Driver IPX Traffic Filter Driver Start Type: loaded manually on demand NWLINK2 Traffic Filter Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM NwlnkFwd=system32\DRIVERS\nwlnkfwd.sys

### Driver IPX Traffic Forwarder Driver IPX Traffic Forwarder Driver Start Type: loaded manually on demand NWLINK2 Forwarder Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM ohci1394=system32\DRIVERS\ohci1394.sys

### Driver OHCI Compliant IEEE 1394 Host Controller Start Type: loaded automatically by the Boot Loader 1394 OpenHCI Port Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM OS=C:\DOCUME~1\Owner\LOCALS~1\Temp\OS.exe

### Service OS Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.

[Services detected by Partizan] :HKLM ose="C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

### Service Office Source Engine Abvf[gǂCDžgp≥CXg[pt@C∂ǵNj∑BNjΩAZbgAbvAbvf[gǂg\ G[ |[g_E[h∑DžKv≈∑B Start Type: loaded manually on demand Office Source Engine Microsoft Corporation Office Source Engine 11.0.5525

[Services detected by Partizan] :HKLM Outlook

[Services detected by Partizan] :HKLM PACSPTISVR="C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"

### Service PACSPTISVR Start Type: loaded manually on demand PACSPTISVR Module Sony Corporation PACSPTISVR Module 4.1.00.13180

[Services detected by Partizan] :HKLM Parport

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM Partizan=system32\drivers\Partizan.sys

### Driver Partizan Start Type: loaded manually on demand Partizan - Rootkit detector Greatis Software RegRun Security Suite 5,1,0,21

[Services detected by Partizan] :HKLM PartMgr

### Driver Start Type: loaded automatically by the Boot Loader

[Services detected by Partizan] :HKLM ParVdm

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM PCI=system32\DRIVERS\pci.sys

### Driver PCI oX hCo Start Type: loaded automatically by the Boot Loader NT Plug and Play PCI Enumerator Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM PCIDump

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM PCIIde=system32\DRIVERS\pciide.sys

### Driver Start Type: loaded automatically by the Boot Loader Generic PCI IDE Bus Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM Pcmcia=system32\DRIVERS\pcmcia.sys

### Driver Start Type: loaded automatically by the Boot Loader PCMCIA Bus Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM PDCOMP

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM PDFRAME

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM PDRELI

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM PDRFRAME

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM perc2

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM perc2hib

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM PerfDisk

[Services detected by Partizan] :HKLM PerfNet

[Services detected by Partizan] :HKLM PerfOS

[Services detected by Partizan] :HKLM PerfProc

[Services detected by Partizan] :HKLM PlugPlay=%SystemRoot%\system32\services.exe

### Service Plug and Play [U[ǩ≈ANjΩǻǵ≈ARs[^Ǚn[hEFAXFǵAǵNj∑B Start Type: loaded automatically by Server Manager Services and Controller app Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM PolicyAgent=%SystemRoot%\system32\lsass.exe

### Service IPSEC Services IP ZLeB |V[ǵAISAKMP/Oakley (IKE) ∆ IP ZLeB hCoJnǵNj∑B Start Type: loaded automatically by Server Manager LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM PptpMiniport=system32\DRIVERS\raspptp.sys

### Driver WAN Miniport (PPTP) WAN Miniport (PPTP) Start Type: loaded manually on demand Peer-to-Peer Tunneling Protocol Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ProtectedStorage=%SystemRoot%\system32\lsass.exe

### Service Protected Storage L[ǻǫdvǻf[^i[∑Ωfl≥ΩLǵAǻǢT[rXAǻǢvZXAǻǢ[U[DžANZXhǨNj∑B Start Type: loaded automatically by Server Manager LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM PSched=system32\DRIVERS\psched.sys

### Driver QoS pPbg XPW[ QoS pPbg XPW[ Start Type: loaded manually on demand MS QoS Packet Scheduler Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM PSS Core=C:\Program Files\Common Files\Panasonic\PSSCore.exe

### Service PSS Core Panasonic Application Shared Service Core Start Type: loaded automatically by Server Manager PSSCore Module Matsubleepa Electric Industry Co., LTD. Panasonic Software Shared Server Core 1, 0, 50315, 1455

[Services detected by Partizan] :HKLM Ptilink=system32\DRIVERS\ptilink.sys

### Driver Direct Parallel Link Driver Direct Parallel Link Driver Start Type: loaded manually on demand Parallel Technologies DirectParallel IO Library Parallel Technologies, Inc. MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM PUSCSYS=\??\C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSYS.sys

### Driver PUSCSYS Start Type: loaded automatically by Server Manager PowerUtility - XPW[ SYS FUJITSU LIMITED PowerUtility V2.2

[Services detected by Partizan] :HKLM putlrsrv=C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe

### Service PowerUtility Remote Power Management Service Start Type: loaded manually on demand PowerUtility - [gdπT[rX FUJITSU LIMITED PowerUtility 2, 4, 0, 0

[Services detected by Partizan] :HKLM PxDtvPci=system32\DRIVERS\pxdtvpci.sys

### Driver PIX-DTTV/P1W Start Type: loaded manually on demand Pixela DigitalTV Driver Pixela Pixela DigitalTV Driver 2005.06.15.2000

[Services detected by Partizan] :HKLM PxHelp20=System32\Drivers\PxHelp20.sys

### Driver PxHelp20 Start Type: loaded automatically by the Boot Loader Px Engine Device Driver for Windows 2000/XP Sonic Solutions PxHelp20

[Services detected by Partizan] :HKLM ql1080

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM Ql10wnt

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM ql12160

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM ql1240

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM ql1280

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM RasAcd=system32\DRIVERS\rasacd.sys

### Driver Remote Access Auto Connection Driver Remote Access Auto Connection Driver Start Type: loaded automatically at Kernel initialization RAS Automatic Connection Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM RasAuto=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Remote Access Auto Connection Manager vOǙ[g DNSANetBIOS NjΩ NetBIOS AhXQ∆∑∆ǴDžK∏A[g lbg[N⁄ǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Rasl2tp=system32\DRIVERS\rasl2tp.sys

### Driver WAN Miniport (L2TP) WAN Miniport (L2TP) Start Type: loaded manually on demand RAS L2TP mini-port/call-manager driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM RasMan=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Remote Access Connection Manager lbg[N⁄ǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM RasPppoe=system32\DRIVERS\raspppoe.sys

### Driver Remote Access PPPOE Driver Remote Access PPPOE Driver Start Type: loaded manually on demand RAS PPPoE mini-port/call-manager driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Raspti=system32\DRIVERS\raspti.sys

### Driver Direct Parallel Direct Parallel Start Type: loaded manually on demand PTI DirectParallel® mini-port/call-manager driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM Rdbss=system32\DRIVERS\rdbss.sys

### Driver Rdbss Rdbss Start Type: loaded automatically at Kernel initialization Redirected Drive Buffering SubSystem Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2902

[Services detected by Partizan] :HKLM RDPCDD=System32\DRIVERS\RDPCDD.sys

### Driver Start Type: loaded automatically at Kernel initialization RDP Miniport Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM RDPDD

[Services detected by Partizan] :HKLM RDPNP

[Services detected by Partizan] :HKLM RDPWD

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM RDSessMgr=C:\WINDOWS\system32\sessmgr.exe

### Service Remote Desktop Help Session Manager [g AVX^XǮǗǵNj∑BT[rXǙ~≥ǃǢA[g AVX^Xp≈ǴNjπBDZT[rX~∑ODžA[vpeB] _CAO {bNX [∂] ^umFǵǃ≠≥ǢB Start Type: loaded manually on demand Microsoft® Remote Desktop Help Session Manager Microsoft Corporation Microsoft® Windows ® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM redbook=system32\DRIVERS\redbook.sys

### Driver fW^ CD I[fBI∂tB^ hCo Start Type: loaded automatically at Kernel initialization Redbook Audio Filter Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM RemoteAccess=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Routing and Remote Access [J GA lbg[NǮǗCh GA lbg[NrWlXDž[eBO T[rXǵNj∑B Start Type: disabled Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM rimsptsk=system32\DRIVERS\rimsptsk.sys

### Driver Start Type: loaded manually on demand RICOH MS Driver REDC Ricoh Memorystick Controller 2, 0, 0, 0

[Services detected by Partizan] :HKLM risdptsk=system32\DRIVERS\risdptsk.sys

### Driver Start Type: loaded automatically by the Boot Loader RICOH SD/MMC Driver REDC RICOH SD/MMC Driver 1, 0, 0, 0

[Services detected by Partizan] :HKLM rismxdp=system32\DRIVERS\rixdptsk.sys

### Driver Ricoh xD-Picture Card Driver Start Type: loaded automatically by the Boot Loader RICOH XD SM Driver REDC R5C852 Ricoh xD Controller 2, 0, 0, 0

[Services detected by Partizan] :HKLM RpcLocator=%SystemRoot%\system32\locator.exe

### Service Remote Procedure Call (RPC) Locator RPC l[ T[rX f[^x[XǵNj∑B Start Type: loaded manually on demand Rpc Locator Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM RpcSs=%SystemRoot%\system32\svchost -k rpcss

### Service Remote Procedure Call (RPC) Gh |Cg }bp[ǂe RPC T[rXǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM RSVP=%SystemRoot%\system32\rsvp.exe

### Service QoS RSVP QoS vO∆AvbgDžAlbg[N VOi∆[J gtBbNZbgAbv@\ǵNj∑B Start Type: loaded manually on demand Microsoft RSVP Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM rtl8139=system32\DRIVERS\RTL8139.SYS

### Driver Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver Start Type: loaded manually on demand Realtek RTL8139/810x Family NDIS 5.0 Drv Realtek Semiconductor Corporation Realtek RTL8139/810x Family Fast Ethernet NIC 5.513.1014.2004

[Services detected by Partizan] :HKLM SamSs=%SystemRoot%\system32\lsass.exe

### Service Security Accounts Manager [J [U[ AJEgZLeBi[ǵNj∑B Start Type: loaded automatically by Server Manager LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM SavRoam="C:\Program Files\Symantec AntiVirus\SavRoam.exe"

### Service SAVRoam Symantec AntiVirus Roaming Service Start Type: loaded manually on demand SAVRoam symantec Symantec SAVRoam 10.1.5.5000

[Services detected by Partizan] :HKLM SAVRT=\??\C:\Program Files\Symantec AntiVirus\savrt.sys

### Driver SAVRT Start Type: loaded automatically at Kernel initialization AutoProtect Symantec Corporation Symantec AntiVirus AutoProtect 9.7

[Services detected by Partizan] :HKLM SAVRTPEL=\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys

### Driver SAVRTPEL Start Type: loaded automatically at Kernel initialization SAVRTPEL Symantec Corporation Symantec AntiVirus AutoProtect 9.7

[Services detected by Partizan] :HKLM SCardSvr=%SystemRoot%\System32\SCardSvr.exe

### Service Smart Card DZRs[^≈ǛX}[g J[hANZXǵNj∑BDZT[rXǙ~≥ΩADZRs[^X}[g J[hǛDZ∆≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDž∂∑T[rXJn≈Ǵǻ≠ǻNj∑B Start Type: loaded manually on demand Smart Card Resource Management Server Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM SCDEmu

### Driver Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM Schedule=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Task Scheduler [U[ARs[^^XN\ǮǗXPW[≈ǴNj∑BDZT[rXǙ~≥ǃǢAXPW[≥ΩDž^XNN≥NjπBDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM sdbus=system32\DRIVERS\sdbus.sys

### Driver Start Type: loaded manually on demand SecureDigital Bus Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Secdrv=system32\DRIVERS\secdrv.sys

### Driver Secdrv SafeDisc driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM seclogon=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Secondary Logon i≈vZXJnǵNj∑BDZT[rXǙ~≥ΩADZOI ANZXp≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDžIDž∂ǵǃǢT[rX∑◊ǃJn≈Ǵǻ≠ǻNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM SENS=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service System Event Notification Windows OIAlbg[NAdπCxgǻǫVXe CxgǵNj∑BCOM+ Cxg VXeDžADZCxg mǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Serial

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM Sfloppy=system32\DRIVERS\sfloppy.sys

### Driver xtbs[ fBXN hCu Start Type: loaded manually on demand SCSI Floppy Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM sh2bus=system32\DRIVERS\sh2bus.sys

### Driver SHARP 902SH_802SH USB Control driver (WDM) Start Type: loaded manually on demand SHARP 902SH_802SH USB Control Driver MCCI SHARP 902SH_802SH USB Control V4.22

[Services detected by Partizan] :HKLM sh2mdfl=system32\DRIVERS\sh2mdfl.sys

### Driver SHARP 902SH_802SH Modem Filter SHARP 902SH_802SH Modem Filter Start Type: loaded manually on demand SHARP 902SH_802SH Modem Filter Driver MCCI SHARP 902SH_802SH Modem Filter Driver V4.22

[Services detected by Partizan] :HKLM sh2mdm=system32\DRIVERS\sh2mdm.sys

### Driver SHARP 902SH_802SH Modem Driver SHARP 902SH_802SH Modem Driver Start Type: loaded manually on demand SHARP 902SH_802SH Modem Driver MCCI SHARP 902SH_802SH Modem V4.22

[Services detected by Partizan] :HKLM sh2mgmt=system32\DRIVERS\sh2mgmt.sys

### Driver SHARP 902SH_802SH AT Command Drivers (WDM) SHARP 902SH_802SH AT Command Drivers (WDM) Start Type: loaded manually on demand SHARP 902SH_802SH AT Command Driver MCCI SHARP 902SH_802SH AT Command V4.22

[Services detected by Partizan] :HKLM sh2obex=system32\DRIVERS\sh2obex.sys

### Driver SHARP 902SH_802SH OBEX Drivers (WDM) SHARP 902SH_802SH OBEX Drivers (WDM) Start Type: loaded manually on demand SHARP 902SH_802SH OBEX Driver MCCI SHARP 902SH_802SH OBEX V4.22

[Services detected by Partizan] :HKLM SharedAccess=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Windows Firewall/Internet Connection Sharing (ICS) z[ lbg[NNjΩKItBXlbg[NDžǵǃlbg[N AhX∑AAhXwAOAǮǗA^bNh~T[rXǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ShellHWDetection=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Shell Hardware Detection ∂n[hEFA Cxg mǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Simbad

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM SLIP=system32\DRIVERS\SLIP.sys

### Driver BDA Slip De-Framer Start Type: loaded manually on demand Microsoft Slip Deframing Filter Minidriver Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM SNDSrvc="C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"

### Service Symantec Network Drivers Service Symantec Network Drivers Service Start Type: loaded manually on demand Network Driver Service Symantec Corporation Symantec Security Drivers 6.0

[Services detected by Partizan] :HKLM snpstd=system32\DRIVERS\snpstd.sys

### Driver BUFFALO BWC-35H01 USB PC Camera Start Type: loaded manually on demand PC Camera driver PC Camera driver 1, 0, 9, 0

[Services detected by Partizan] :HKLM SONYPVU1=system32\DRIVERS\SONYPVU1.SYS

### Driver Sony USB Filter Driver (SONYPVU1) Start Type: loaded manually on demand Sony USB Lower Filter driver Sony Corporation Sony USB Lower Filter driver 1.3.0526.0

[Services detected by Partizan] :HKLM Sparrow

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM SPBBCDrv=\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

### Driver SPBBCDrv Start Type: loaded automatically at Kernel initialization SPBBC Driver Symantec Corporation SPBBC 2.2.0.7

[Services detected by Partizan] :HKLM SPBBCSvc="C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"

### Service Symantec SPBBCSvc Symantec SPBBC Start Type: loaded automatically by Server Manager SPBBC Service Symantec Corporation SPBBC 2.2.0.7

[Services detected by Partizan] :HKLM splitter=system32\drivers\splitter.sys

### Driver Microsoft Kernel Audio Splitter Start Type: loaded manually on demand Microsoft Kernel Audio Splitter Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2929

[Services detected by Partizan] :HKLM Spooler=%SystemRoot%\system32\spoolsv.exe

### Service Print Spooler x∑ΩflDžAt@CǛ≈Dži[ǵNj∑B Start Type: loaded automatically by Server Manager Spooler SubSystem App Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2696

[Services detected by Partizan] :HKLM SPTISRV="C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"

### Service Sony SPTI Service Start Type: loaded manually on demand SPTISRV Module Sony Corporation SPTISRV Module 4.1.00.13180

[Services detected by Partizan] :HKLM SQLAgent$SONY_MEDIAMGR=C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR

### Service SQLAgent$SONY_MEDIAMGR Start Type: loaded manually on demand Microsoft SQL Server Agent Microsoft Corporation Microsoft SQL Server 8.00.760

[Services detected by Partizan] :HKLM sr=system32\DRIVERS\sr.sys

### Driver System Restore Filter Driver Start Type: loaded automatically by the Boot Loader System Restore Filesystem Filter Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM srservice=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service System Restore Service VXe≥@\sǵNj∑BT[rX~∑DžA}C Rs[^ [vpeB] [VXe≥] ^u≈AVXe≥≥Džǵǃ≠≥ǢB Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Srv=system32\DRIVERS\srv.sys

### Driver Srv Srv Start Type: loaded manually on demand Server driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2974

[Services detected by Partizan] :HKLM SSDPSRV=%SystemRoot%\system32\svchost.exe -k LocalService

### Service SSDP Discovery Service z[ lbg[N UPnP foCXoLDžǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM stisvc=%SystemRoot%\system32\svchost.exe -k imgsvc

### Service Windows Image Acquisition (WIA) XLi∆JΩflC[WT[rXǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM streamip=system32\DRIVERS\StreamIP.sys

### Driver BDA IPSink Start Type: loaded manually on demand Microsoft IP Test Driver Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM swenum=system32\DRIVERS\swenum.sys

### Driver \tgEFA oX hCo Start Type: loaded manually on demand Plug and Play Software Device Enumerator Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM swmidi=system32\drivers\swmidi.sys

### Driver Microsoft Kernel GS Wavetable Synthesizer Start Type: loaded manually on demand Microsoft GS Wavetable Synthesizer Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Services detected by Partizan] :HKLM SwPrv=C:\WINDOWS\system32\dllhost.exe /Processid:{1FA39F9C-6DFC-40D5-B05C-10690B8258FF}

### Service MS Software Shadow Copy Provider {[ VhE Rs[ T[rXDž\tgEFA x[XVhE Rs[ǵNj∑BDZT[rXǙ~ǵǃǢA\tgEFA x[XVhE Rs[≈ǴNjπBDZT[rXǙ≥ǻADZT[rXDžmDž∂ǵǃǢ∑◊ǃT[rXJn≈Ǵǻ≠ǻNj∑B Start Type: loaded manually on demand COM Surrogate Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Symantec AntiVirus="C:\Program Files\Symantec AntiVirus\Rtvscan.exe"

### Service Symantec AntiVirus Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus. Start Type: loaded manually on demand Symantec AntiVirus Symantec Corporation Symantec AntiVirus 10.1.5.5000

[Services detected by Partizan] :HKLM symc810

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM symc8xx

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM SymEvent=\??\C:\Program Files\Symantec\SYMEVENT.SYS

### Driver Start Type: loaded manually on demand Symantec Event Library Symantec Corporation SYMEVENT 12.1.2.1

[Services detected by Partizan] :HKLM SYMREDRV=\SystemRoot\System32\Drivers\SYMREDRV.SYS

### Driver Start Type: loaded manually on demand Redirector Filter Driver Symantec Corporation Symantec Security Drivers 6.0

[Services detected by Partizan] :HKLM SYMTDI=\SystemRoot\System32\Drivers\SYMTDI.SYS

### Driver SYMTDI Start Type: loaded automatically at Kernel initialization Network Dispatch Driver Symantec Corporation Symantec Security Drivers 6.0

[Services detected by Partizan] :HKLM sym_hi

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM sym_u3

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM sysaudio=system32\drivers\sysaudio.sys

### Driver Microsoft Kernel System Audio Device Start Type: loaded manually on demand System Audio WDM Filter Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM SysmonLog=%SystemRoot%\system32\smlogsvc.exe

### Service Performance Logs and Alerts džǩ∂fl\≥ǃǢXPW[ p[^Dž√ǢǃA[JNjΩ[g Rs[^ǩptH[}X f[^˚WǵAODžǴAxǵΩǵNj∑BDZT[rXǙ~flǃdž∆AptH[}XWflNjπBDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded manually on demand Performance Logs and Alerts Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM TapiSrv=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Telephony etHj[ foCX∆ IP x[Xπ∫⁄∑etHj[ API (TAPI) ǵNj∑B[J Rs[^∆lADZT[rXsǵǃǢT[o[ LAN ∆Ǯǵǃ≈ǴNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Tcpip=system32\DRIVERS\tcpip.sys

### Driver TCP/IP vgR hCo TCP/IP vgR hCo Start Type: loaded automatically at Kernel initialization TCP/IP Protocol Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2892

[Services detected by Partizan] :HKLM TDPIPE

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM TDTCP

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM TermDD=system32\DRIVERS\termdd.sys

### Driver ^[~i foCX hCo Start Type: loaded automatically at Kernel initialization Terminal Server Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM TermService=%SystemRoot%\System32\svchost -k DComLaunch

### Service Terminal Services [U[Ǚb^≈A[g Rs[^fXNgbv∆AvP[V ∆Rs[^Dž⁄≈ǴNj∑BAdministrators RD fi[g fXNgbvAfǢ[U[ǶA[g AVX^XAǮǗ ^[~i T[o[xǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Themes=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Themes e[}ǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM TosIde

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM TrkWks=%SystemRoot%\system32\svchost.exe -k netsvcs

### Service Distributed Link Tracking Client lbg[N hCNjΩRs[^ NTFS {[NǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM TSDDD

[Services detected by Partizan] :HKLM Udfs

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM ultra

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM UMWdf=C:\WINDOWS\system32\wdfmgr.exe

### Service Windows User Mode Driver Framework Windows [U[ [h hCoLDžǵNj∑B Start Type: loaded automatically by Server Manager Windows User Mode Driver Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.2.3790.1230

[Services detected by Partizan] :HKLM Update=system32\DRIVERS\update.sys

### Driver Microcode Update Driver Start Type: loaded manually on demand Update Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.3124

[Services detected by Partizan] :HKLM upnphost=%SystemRoot%\system32\svchost.exe -k LocalService

### Service Universal Plug and Play Device Host jo[T vO Ah vC foCXzXgT|[gǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM UPS=%SystemRoot%\System32\ups.exe

### Service Uninterruptible Power Supply Manages an uninterruptible power supply (UPS) connected to the computer. Start Type: loaded manually on demand UPS Service Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM usb

[Services detected by Partizan] :HKLM usbaudio=system32\drivers\usbaudio.sys

### Driver USB I[fBI hCo (WDM) Start Type: loaded manually on demand USB Audio Class Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM usbccgp=system32\DRIVERS\usbccgp.sys

### Driver Microsoft USB Generic Parent Driver Start Type: loaded manually on demand USB Common Class Generic Parent Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM usbehci=system32\DRIVERS\usbehci.sys

### Driver Microsoft USB 2.0 Enhanced Host Controller Miniport Driver Start Type: loaded manually on demand EHCI eUSB Miniport Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM usbhub=system32\DRIVERS\usbhub.sys

### Driver Microsoft USB Standard Hub Driver Start Type: loaded manually on demand Default Hub Driver for USB Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM usbstor=system32\DRIVERS\USBSTOR.SYS

### Driver USB e LuhCo Start Type: loaded manually on demand USB Mass Storage Class Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM usbuhci=system32\DRIVERS\usbuhci.sys

### Driver Microsoft USB Universal Host Controller Miniport Driver Start Type: loaded manually on demand UHCI USB Miniport Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM usnjsvc="C:\Program Files\MSN Messenger\usnsvc.exe"

### Service Messenger Sharing Folders USN Journal Reader service Service installed by Messenger to enable sharing scenarios Start Type: loaded manually on demand Messenger Sharing USN Journal Reader Service Microsoft Corporation Messenger 8.1.0178

[Services detected by Partizan] :HKLM VgaSave=\SystemRoot\System32\drivers\vga.sys

### Driver Start Type: loaded automatically at Kernel initialization VGA/Super VGA Video Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM ViaIde

### Driver Start Type: disabled

[Services detected by Partizan] :HKLM VolSnap

### Driver Start Type: loaded automatically by the Boot Loader

[Services detected by Partizan] :HKLM VRService=C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe

### Service VRService DVD-VRfBXNL^∂sǢNj∑B Start Type: loaded automatically by Server Manager VRService Module Matsubleepa Electric Industrial Co., Ltd. Panasonic DVDVR 2, 0, 1, 2

[Services detected by Partizan] :HKLM VSS=%SystemRoot%\System32\vssvc.exe

### Service Volume Shadow Copy obNAbv∆Ǫǟǩ⁄IDžg{[ VhE Rs[ǮǗǵNj∑BDZT[rXǙ~≥ǃǢAobNAbvp≈ǴǻǢΩflobNAbvǙ∏s∑\ǙdžNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Start Type: loaded manually on demand Microsoft® Volume Snapshot Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM VxD

[Services detected by Partizan] :HKLM W32Time=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Windows Time lbg[N∑◊ǃNCAg∆T[o[˙t∆˙ǵNj∑B

DZT[rXǙ~≥∆A˙t∆˙p≈Ǵǻ≠ǻNj∑BDZT[rX

≥Dž∑∆ADZT[rXDž∂ǵǃǢT[rX∑◊ǃJnDž∏sǵNj∑B

Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM W3SVC

[Services detected by Partizan] :HKLM Wanarp=system32\DRIVERS\wanarp.sys

### Driver Remote Access IP ARP Driver Remote Access IP ARP Driver Start Type: loaded manually on demand MS Remote Access and Routing ARP Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM WDICA

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM wdmaud=system32\drivers\wdmaud.sys

### Driver Microsoft WINMM WDM Audio Compatibility Driver Start Type: loaded manually on demand MMSYSTEM Wave/Midi API mapper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2929

[Services detected by Partizan] :HKLM WebClient=%SystemRoot%\system32\svchost.exe -k LocalService

### Service WebClient Windows x[XvO≈C^[lbg x[Xt@CǮǗC≥ǵΩAC^[lbg x[Xt@CDžANZXǵΩ∑DZ∆Ǚ≈ǴNj∑BDZT[rXǙ~≥ΩADZ@\p≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDž∂∑T[rXJn≈Ǵǻ≠ǻNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM WinDefend="C:\Program Files\Windows Defender\MsMpEng.exe"

### Service Windows Defender Helps protect users from malicious software, spyware, and other potentially unwanted software Start Type: loaded automatically by Server Manager Service Executable Microsoft Corporation Windows Defender 1.1.1593.0

[Services detected by Partizan] :HKLM winmgmt=%systemroot%\system32\svchost.exe -k netsvcs

### Service Windows Management Instrumentation Iy[eBO VXeAfoCXAAvP[VAT[rXǻǫDž∑DžANZX∑Ωfl C^[tFCX∆IuWFNg fǵNj∑BDZT[rXǙ~ǵǃǢ∆AWindows x[X\tgEFAǟ∆ǫǙ≥ǵ≠@\ǵNjπBDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM Winsock

### Driver Start Type: loaded manually on demand

[Services detected by Partizan] :HKLM WinSock2

[Services detected by Partizan] :HKLM WinTrust

[Services detected by Partizan] :HKLM WmdmPmSN=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Portable Media Serial Number Service Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM WmiApRpl

[Services detected by Partizan] :HKLM WmiApSrv=C:\WINDOWS\system32\wbem\wmiapsrv.exe

### Service WMI Performance Adapter WMI HiPerf voC_ǩptH[}X CuǵNj∑B Start Type: loaded manually on demand WMI Performance Adapter Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM WS2IFSL

### Start Type: loaded automatically at Kernel initialization

[Services detected by Partizan] :HKLM wscsvc=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Security Center VXe ZLeBǮǗ\ǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM WSTCODEC=system32\DRIVERS\WSTCODEC.SYS

### Driver World Standard Teletext Codec Start Type: loaded manually on demand WDM WST Codec Driver Microsoft Corporation Microsoft® Windows® Operating System 5.3.2600.2180

[Services detected by Partizan] :HKLM wuauserv=%systemroot%\system32\svchost.exe -k netsvcs

### Service Automatic Updates Windows XV_E[h∆CXg[LDžǵNj∑BDZT[rX≥DžǵǃǢADZRs[^≈ XV@\∆ Windows Update Web TCggp≈ǴNjπB Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM WZCSVC=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Wireless Zero Configuration 802.11 A_v^\ǵNj∑B Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM xmlprov=%SystemRoot%\System32\svchost.exe -k netsvcs

### Service Network Provisioning Service lbg[NΩfl XML \t@ChC≤∆DžǵNj∑B Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Services detected by Partizan] :HKLM {1B79E552-8165-4D1D-BA2C-7E053058D396}

[Services detected by Partizan] :HKLM {852F5BBD-9E8F-4E75-9238-9654390C68F7}

[Services detected by Partizan] :HKLM {D7464651-1152-4842-94AF-B691CCEE2C25}

[Auto Start Apps]

[Registry Run] :HKCU ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

### CTF Loader Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Registry Run] :HKCU swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

### GoogleToolbarNotifier Google Inc. GoogleToolbarNotifier 2, 0, 301, 1654

[Registry Run] :HKCU BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

### File is deleted or hidden by rootkit or could not be located.

[Registry Run] :HKCU UnHackMe Monitor=C:\Program Files\UnHackMe\hackmon.exe

### Detects Rootkits in background Greatis Software UnHackMe 2.5

[Registry Run] :HKLM IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

### Microsoft IME Microsoft Corporation Microsoft IME 2002 8.1.4202.0

[Registry Run] :HKLM PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

### VπA@ 2002a Microsoft Corporation Vπ 5.2.2801

[Registry Run] :HKLM PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

### VπA@ 2002a Microsoft Corporation Vπ 5.2.2801

[Registry Run] :HKLM AGRSMMSG=AGRSMMSG.exe

### SoftModem Messaging Applet Agere Systems Agere SoftModem Messaging Applet 2.1.49 2.1.49 12/20/2004 15:10:02

[Registry Run] :HKLM KPDrv4Xp="C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"

### Update Keyboard Driver Dritek System Inc. Dritek Keyboard Device Update Utility 1, 0, 1, 221

[Registry Run] :HKLM IndicatorUtility=C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe

### IndicatorUtility FUJITSU LIMITED IndicatorUtility 2, 6, 0, 0

[Registry Run] :HKLM SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

### Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc. Java™ 2 Platform Standard Edition 5.0 Update 3 5.0.30.7

[Registry Run] :HKLM LoadFujitsuQuickTouch=C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe

### ^b`{^ / Core FUJITSU LIMITED ^b`{^ 6, 4, 0, 0

[Registry Run] :HKLM LoadBtnHnd=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

### Button handler FUJITSU LIMITED Button handler 2, 7, 0, 0

[Registry Run] :HKLM LoadFUJ02E3=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

### FUJ02E3 Utility FUJITSU LIMITED FUJ02E3 Utility 1, 2, 0, 0

[Registry Run] :HKLM INETCONDSP="C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"

### \ xm \ 1, 4, 1, 0

[Registry Run] :HKLM IMJPMIG9.0=C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32

### Microsoft IME 2003 Component Microsoft Corporation Microsoft IME 2003 9.0.6251.0

[Registry Run] :HKLM IRRCManager=C:\Program Files\Fujitsu\?????R?g?}?l?[?W???[\IRRCManager.exe

### File is deleted or hidden by rootkit or could not be located.

[Registry Run] :HKLM PUSCKAPLEXE=C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe

### PUSCKAPLEXE FUJITSU LIMITED PowerUtility 1, 0, 0, 0

[Registry Run] :HKLM LoadPUSCDaemon=C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe

### PowerUtility - XPW[@\ Daemon FUJITSU LIMITED PowerUtility V3.0

[Registry Run] :HKLM FMV`[=C:\fjuty\wallbtn\FMVLauncher.exe

### FMVLauncher FUJITSU LIMITED FMV`[ 2, 0, 0, 0

[Registry Run] :HKLM FJUPDNV_Chitose=C:\Program Files\Fujitsu\chitose\updatenv.exe

### Abvf[gir V1.1L52 FUJITSU LIMITED Abvf[gir 1, 1, 5, 2

[Registry Run] :HKLM MyMedia Server Helper="C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe"

### MyMedia Server Helper AvP[V DigiOn, Inc. MyMedia Server Helper 2.30.0

[Registry Run] :HKLM SoundMan=SOUNDMAN.EXE

### Realtek Sound Manager Realtek Semiconductor Corp. Realtek Sound Manager 5.1.0.42

[Registry Run] :HKLM snpstd=C:\WINDOWS\vsnpstd.exe

### CameraMonitor MFC Application CameraMonitor Application 1, 0, 0, 4

[Registry Run] :HKLM ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

### Symantec User Session Symantec Corporation Client and Host Security Platform 104.0.11.1

[Registry Run] :HKLM googletalk=C:\Program Files\Google\Google Talk\googletalk.exe /autostart

### Google Talk Google Google Talk 1,0,0,104

[Registry Run] :HKLM Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe

### Picasa Google Inc. Picasa 2.7.0

[Registry Run] :HKLM QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime

### QuickTime Task Apple Computer, Inc. QuickTime QuickTime 7.1.5

[Registry Run] :HKLM iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"

### iTunesHelper Module Apple Inc. iTunes 7.1.1.5

[Registry Run] :HKLM Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide

### Windows Defender User Interface Microsoft Corporation Windows Defender 1.1.1593.0

[Registry Run] :HKLM NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe

### NeroCheck Ahead Software Gmbh Ahead Software Gmbh NeroCheck 1, 0, 0, 2

[Registry Run] :HKLM PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE

### PowerISO Virtual Drive Manager PowerISO Computing, Inc. PowerISO Virtual Drive Manager 3, 7, 0, 0

[Registry Run] :HKLM CloneCDTray="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

### CloneCD Tray SlySoft, Inc. CloneCD 5, 3, 0, 0

[Registry Run] :HKLM FMV??g?`???[

[Registry RunOnceEx] :HKLM @RegRunReport

[Registry RunOnceEx] :HKLM @UnHackMe=C:\PROGRA~1\UnHackMe\UnHackMe.exe /p Partizan

### 1=C:\PROGRA~1\UnHackMe\UnHackMe.exe /p Partizan

[Win.ini] load=""

[Win.ini] run=""

[Common Startup Folder] Google Updater.lnk=C:\Program Files\Google\Google Updater\GoogleUpdater.exe

### Google Updater Google Google Updater 2.1.871.19925.beta

[Common Startup Folder] Last.fm Helper.lnk=C:\Program Files\Last.fm\LastFMHelper.exe

[Common Startup Folder] TVfunSTUDIO ^C}[.lnk=C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe

### TVfunSTUDIO Matsubleepa Electric Industrial Co.,Ltd. Panasonic TVfunSTUDIO Timer module 7, 5, 2, 0

[Scheduled Tasks] Norton Security Scan=C:\Program Files\Norton Security Scan\Nss.exe

### Norton Security Scan Symantec Corporation Standalone Scanner Components 1.2

[Scheduled Tasks] MP Scheduled Scan=C:\Program Files\Windows Defender\MpCmdRun.exe

### Windows Defender Command Line Utility Microsoft Corporation Windows Defender 1.1.1593.0

[Scheduled Tasks] AppleSoftwareUpdate=C:\Program Files\Apple Software Update\SoftwareUpdate.exe

### Software Application Apple Computer, Inc. Apple Software Update 1.0.2.2

[In memory]

[Running Processes] C:\WINDOWS\SYSTEM32\SMSS.EXE

### Windows NT Session Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Processes] C:\WINDOWS\SYSTEM32\WINLOGON.EXE

### Windows NT Logon Application Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Running Processes] C:\WINDOWS\SYSTEM32\SERVICES.EXE

### Services and Controller app Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Running Processes] C:\WINDOWS\SYSTEM32\LSASS.EXE

### LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE

### Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Processes] C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE

### Service Executable Microsoft Corporation Windows Defender 1.1.1593.0

[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE

### Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Processes] C:\WINDOWS\SYSTEM32\LOGONUI.EXE

### Windows Logon UI Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

### Symantec Settings Manager Service Symantec Corporation Client and Host Security Platform 104.0.11.1

[Running Processes] C:\WINDOWS\EXPLORER.EXE

### Windows Explorer Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Running Processes] C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

### Run a DLL as an App Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

### Symantec Event Manager Service Symantec Corporation Client and Host Security Platform 104.0.11.1

[Running Processes] C:\PROGRA~1\UNHACKME\REANIM~1.EXE

### RegRun Start Control Greatis Software RegRun Security Suite 5.5

[Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE

### SPBBC Service Symantec Corporation SPBBC 2.2.0.7

[Running Processes] C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

### Spooler SubSystem App Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2696

[Running Processes] C:\PROGRAM FILES\JUSTSYSTEM\OPENMG BEATJAM\PLUGIN\BGSVCLIB.EXE

### B's Recorder GOLD Service Library B.H.A Corporation B's Recorder GOLD8 8, 0, 0, 0

[Running Processes] C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE

### Virus Definition Daemon Symantec Corporation Symantec AntiVirus 10.1.5.5000

[Running Processes] C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE

### gusvc Google Google Updater 2.2.824.5515.beta

[Running Processes] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

### Machine Debug Manager Microsoft Corporation MicrosoftR Visual Studio .NET 7.00.9466

[Running Processes] C:\PROGRAM FILES\COMMON FILES\CREOAPP\MRNTS_SYNC5.EXE

### Morrin Thumbnail Synchronized Service Module. [ Morrin Image-file Integrate Projects 5, 0, 0, 0

[Running Processes] C:\PROGRAM FILES\FUJITSU\MYMEDIA\MYMEDIA SERVER TOOL\MYMEDIASERVER.EXE

### MyMediaServer DigiOn MyMedia Server 2.31.2

[Running Processes] C:\PROGRAM FILES\COMMON FILES\PANASONIC\PSSCORE.EXE

### PSSCore Module Matsubleepa Electric Industry Co., LTD. Panasonic Software Shared Server Core 1, 0, 50315, 1455

[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE

### Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Processes] C:\PROGRAM FILES\PANASONIC\TVFUNSTUDIO\VRSERVICE.EXE

### VRService Module Matsubleepa Electric Industrial Co., Ltd. Panasonic DVDVR 2, 0, 1, 2


.
.
.
to be continued
.
.
.

Attached Files



#5 andwhy

andwhy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 28 October 2007 - 10:46 PM

.
.
.
continued from last post
.
.
.

[Loaded DLLs] C:\Program Files\Panasonic\TVfunSTUDIO\plugin\pienc3.dll

### piEnc3 Matsubleepa Electric Industrial Co. Ltd. Panasonic DVDVR 2, 0, 0, 2

[Loaded DLLs] C:\WINDOWS\system32\msdmo.dll

[Loaded DLLs] C:\WINDOWS\system32\devenum.dll

### Device enumeration. Microsoft Corporation DirectShow 6.05.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\quartz.dll

### DirectShow Runtime. Microsoft Corporation DirectShow 6.05.2600.2749

[Loaded DLLs] C:\Program Files\Panasonic\TVfunSTUDIO\plugin\pidec3.dll

### pidec3 plugin module Matsubleepa Electric Industrial Co.,Ltd. Panasonic DVDVR 1, 0, 0, 3

[Loaded DLLs] C:\Program Files\Panasonic\TVfunSTUDIO\plugin\VrIfoEdit.dll

### VRIfoEdit module Matsubleepa Electric Industrial Co.,Ltd. DVD-MovieAlbum 1, 0, 1, 7

[Loaded DLLs] C:\Program Files\Panasonic\TVfunSTUDIO\plugin\meiAvudf.dll

### meiAvudf.dll Matsubleepa Electric Industrial Co.,Ltd. Panasonic DVDVR 1, 2, 1, 1

[Loaded DLLs] C:\Program Files\Panasonic\TVfunSTUDIO\plugin\meiavfs.dll

### fsio-avfs plugin module Matsubleepa Electric Industrial Co.,Ltd. DVD-MovieAlbum avfs plugin 1, 3, 2, 21

[Loaded DLLs] C:\WINDOWS\system32\MFC42LOC.DLL

### MFC Language Specific Resources Microsoft Corporation Microsoft ® Visual C++ 6.0.400

[Loaded DLLs] C:\WINDOWS\system32\MFC42.DLL

### MFCDLL Shared Library - Retail Version Microsoft Corporation Microsoft ® Visual C++ 6.02.400

[Loaded DLLs] C:\Program Files\Panasonic\TVfunSTUDIO\VRCore.dll

### VRCore module Matsubleepa Electric Industrial Co., Ltd. VR-SDK 1, 5, 0, 3

[Loaded DLLs] c:\windows\system32\mscms.dll

### Microsoft Color Matching System DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2709

[Loaded DLLs] c:\windows\system32\CFGMGR32.dll

### Configuration Manager Forwarder DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\wiaservc.dll

### Still Image Devices Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.3051

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\msf_didl.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\msf_jpeg.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\msf_lpcm.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\msf_album_art.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\msf_epg_cnetv.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\dixim_device.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\dixim_cp.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\dixim_avcp.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\dixim_tag.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\LIBEXPAT.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\dixim_util.dll

[Loaded DLLs] C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\msf_m3u.dll

[Loaded DLLs] C:\WINDOWS\system32\inetpp.dll

### Internet Print Provider DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\NETRAP.dll

### Net Remote Admin Protocol DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\win32spl.dll

### 32-bit Spooler API DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\winrnr.dll

### LDAP RnR Provider DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll

### MicrosoftR Document Imaging Microsoft Corporation Microsoft Office Document Imaging 11.3.2175.0

[Loaded DLLs] C:\WINDOWS\system32\usbmon.dll

### Standard Dynamic Printing Port Monitor DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\tcpmon.dll

### Standard TCP/IP Port Monitor DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\pjlmon.dll

### PJL Language monitor Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\FXSEVENT.dll

### Microsoft Fax EventLog Support DLL Microsoft Corporation Microsoft® Windows® Operating System 5.2.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\FXSMON.DLL

### Microsoft Fax Print Monitor Microsoft Corporation Microsoft® Windows® Operating System 5.2.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\mdimon.dll

### MicrosoftR Document Imaging Microsoft Corporation Microsoft Office Document Imaging 11.3.2175.0

[Loaded DLLs] C:\WINDOWS\system32\cpwmon2k.dll

[Loaded DLLs] C:\WINDOWS\system32\cnbjmon.dll

### Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2082

[Loaded DLLs] C:\WINDOWS\system32\localspl.dll

### Local Spooler DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\SPOOLSS.DLL

### Spooler SubSystem DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll

### SPBBC Events Symantec Corporation SPBBC 2.2.0.7

[Loaded DLLs] C:\WINDOWS\system32\mstask.dll

### Task Scheduler interface DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\ntshrui.dll

### Shell extensions for sharing Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\LINKINFO.dll

### Windows Volume Tracking Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2751

[Loaded DLLs] C:\WINDOWS\system32\msctf.dll

### MSCTF Server DLL Microsoft Corporation Microsoft® Windows NT® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\RICHED20.dll

### Rich Text Edit Control, v3.0 Microsoft Corporation Microsoft RichEdit Control, version 3.0 3.0

[Loaded DLLs] C:\WINDOWS\system32\RICHED32.DLL

### Wrapper Dll for Richedit 1.0 Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Loaded DLLs] C:\WINDOWS\system32\OLEPRO32.DLL

### Microsoft Corporation 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\SHFOLDER.DLL

### Shell Folder Service Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2180

[Loaded DLLs] C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL

### Symantec Settings Manager Event Factory Symantec Corporation Client and Host Security Platform 104.0.11.1

[Loaded DLLs] C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL

### SPBBC Events Symantec Corporation SPBBC 2.2.0.7

[Loaded DLLs] C:\Program Files\Common Files\Symantec Shared\ccSet.dll

### Symantec Settings Manager Engine Symantec Corporation Client and Host Security Platform 104.0.11.1

[Loaded DLLs] C:\WINDOWS\system32\urlmon.dll

### OLE32 Extensions for Win32 Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Loaded DLLs] C:\PROGRA~1\WINDOW~4\MpShHook.dll

### Shell Execution Monitor Microsoft Corporation Windows Defender 1.1.1593.0

[Loaded DLLs] C:\WINDOWS\system32\ADVPACK.dll

### ADVPACK Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Loaded DLLs] C:\WINDOWS\system32\iernonce.dll

### Extended RunOnce processing with UI Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Loaded DLLs] C:\WINDOWS\system32\themeui.dll

### Windows Theme API Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Loaded DLLs] C:\WINDOWS\system32\SHDOCVW.dll

### Shell Doc Object and Control Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Loaded DLLs] C:\WINDOWS\system32\BROWSEUI.dll

### Shell Browser UI Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Loaded DLLs] C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll

### Symantec Trust Validation Engine Symantec Corporation Client and Host Security Platform 104.0.11.1

[Loaded DLLs] C:\WINDOWS\system32\DBGHELP.DLL

### Windows Image Helper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\Program Files\Common Files\Symantec Shared\ccL40.dll

### Symantec Library Symantec Corporation Client and Host Security Platform 104.0.11.1

[Loaded DLLs] C:\WINDOWS\system32\MSVCR71.dll

### MicrosoftR C Runtime Library Microsoft Corporation MicrosoftR Visual Studio .NET 7.10.3052.4

[Loaded DLLs] C:\WINDOWS\system32\MSVCP71.dll

### MicrosoftR C++ Runtime Library Microsoft Corporation MicrosoftR Visual Studio .NET 7.10.3077.0

[Loaded DLLs] C:\WINDOWS\system32\shgina.dll

### Windows Shell User Logon Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2180

[Loaded DLLs] C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPCD.DIC

### Microsoft IME Code Dictionary Microsoft Corporation Microsoft ImeCode 8.1.4202.0

[Loaded DLLs] C:\WINDOWS\system32\imjp81k.dll

### Microsoft IME Microsoft Corporation Microsoft IME 2002 8.1.4202.0

[Loaded DLLs] C:\WINDOWS\system32\imjp81.ime

### Microsoft IME Standard Microsoft Corporation Microsoft IME 2002 8.1.4202.0

[Loaded DLLs] C:\WINDOWS\system32\MSIMG32.dll

### GDIEXT Client DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\DUSER.dll

### Windows DirectUser Engine Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\ntlsapi.dll

### MicrosoftR License Server Interface DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\rasppp.dll

### Remote Access PPP Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\hidphone.tsp

### Microsoft HID Phone TSP Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\h323.tsp

### Microsoft H.323 Telephony Service Provider Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\ipconf.tsp

### Microsoft Multicast Conference TAPI Service Provider Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\ndptsp.tsp

### NDIS Proxy TAPI Service Provider Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\kmddsp.tsp

### TAPI Kernel-Mode Service Provider Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\modemui.dll

### Windows Modem Properties Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\unimdmat.dll

### Unimodem Service Provider AT Mini Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\uniplat.dll

### Unimodem AT Mini Driver Platform Driver for Windows NT Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\unimdm.tsp

### Unimodem 5 Service Provider Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\rastapi.dll

### Remote Access TAPI Compliance Layer Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\netcfgx.dll

### Network Configuration Objects Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\rasmans.dll

### Remote Access Connection Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2936

[Loaded DLLs] C:\WINDOWS\System32\rasadhlp.dll

### Remote Access AutoDial Helper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2938

[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemcons.dll

### WMI Standard Event Consumers Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\actxprxy.dll

### ActiveX Interface Marshaling Library Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\ncprov.dll

### Non-COM WMI Event Provision APIs Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wuapi.dll

### Windows Update Client API Microsoft Corporation MicrosoftR WindowsR Operating System 7.0.6000.374

[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemess.dll

### WMI Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\wmiprvsd.dll

### WMI Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\repdrvfs.dll

### WMI Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\wmiutils.dll

### WMI Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemsvc.dll

### WMI Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\RESUTILS.DLL

### Microsoft Cluster Resource Utility DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\CLUSAPI.DLL

### Cluster API Library Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WSOCK32.dll

### Windows Socket 32-Bit DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\MTXCLU.DLL

### MS DTC amd MTS clustering support DLL Microsoft Corporation COM Services 03.01.00.4414

[Loaded DLLs] C:\WINDOWS\system32\colbact.DLL

### Microsoft Corporation COM Services 03.00.00.4414

[Loaded DLLs] C:\WINDOWS\system32\comsvcs.dll

### Microsoft Corporation COM Services 03.00.00.4414

[Loaded DLLs] C:\WINDOWS\system32\wbem\FastProx.dll

### WMI Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\esscli.dll

### WMI Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemcore.dll

### WMI Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemcomn.dll

### WMI Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemprox.dll

### WMI Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\msi.dll

### Windows Installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.4039

[Loaded DLLs] c:\windows\system32\wscsvc.dll

### Windows Security Center Service Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\ipnathlp.dll

### Microsoft NAT Helper Components Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\mspatcha.dll

### Microsoft® Patch Engine Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\Cabinet.dll

### MicrosoftR Cabinet File API Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\WINHTTP.dll

### Windows HTTP Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wuaueng.dll

### Windows Update Agent Microsoft Corporation MicrosoftR WindowsR Operating System 7.0.6000.374

[Loaded DLLs] C:\WINDOWS\system32\VSSAPI.DLL

### MicrosoftR Volume Shadow Copy Requestor/Writer Services API DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\wbem\wmisvc.dll

### WMI Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\wuauserv.dll

### Windows Update AutoUpdate Service Microsoft Corporation MicrosoftR WindowsR Operating System 5.4.3790.2180

[Loaded DLLs] c:\windows\system32\browser.dll

### Computer Browser Service DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\seclogon.dll

### Secondary Logon Service DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\sens.dll

### System Event Notification Service (SENS) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\POWRPROF.dll

### Power Profile Helper DLL Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2180

[Loaded DLLs] c:\windows\system32\srsvc.dll

### System Restore Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\tapisrv.dll

### Microsoft® Windows™ Telephony Server Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2716

[Loaded DLLs] c:\windows\system32\trkwks.dll

### Distributed Link Tracking Client Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\WZCSAPI.DLL

### Wireless Zero Configuration service API Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\credui.dll

### Credential Manager User Interface Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\netshell.dll

### Network Connections Shell Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\netman.dll

### Network Connections Manager Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2743

[Loaded DLLs] c:\windows\pchealth\helpctr\binaries\pchsvc.dll

### Microsoft PCHealth Service Holder Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\HID.DLL

### Hid User Library Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\hidserv.dll

### HID Audio Service Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\srvsvc.dll

### Server Service DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2577

[Loaded DLLs] c:\windows\system32\ersvc.dll

### Windows Error Reporting Service Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\certcli.dll

### Microsoft® Certificate Services Client Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\cryptsvc.dll

### Cryptographic Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\wkssvc.dll

### Workstation Service DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2976

[Loaded DLLs] c:\windows\system32\audiosrv.dll

### Windows Audio Service Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\MSIDLE.DLL

### User Idle Monitor Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2180

[Loaded DLLs] c:\windows\system32\schedsvc.dll

### Task Scheduler Engine Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\raschap.dll

### Remote Access PPP CHAP Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\TAPI32.dll

### Microsoft® Windows™ Telephony API Client DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\rasman.dll

### Remote Access Connection Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\RASAPI32.dll

### Remote Access API Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\MPRAPI.dll

### Windows NT MP Router Administration DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WININET.dll

### Internet Extensions for Win32 Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Loaded DLLs] C:\WINDOWS\system32\CRYPTUI.dll

### Microsoft Trust UI Provider Microsoft Corporation Microsoft® Windows® Operating System 5.131.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\rastls.dll

### Remote Access PPP EAP-TLS Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\ESENT.dll

### Server Database Storage Engine Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2468.0

[Loaded DLLs] c:\windows\system32\WMI.dll

### WMI DC and DP functionality Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\rtutils.dll

### Routing Utilities Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\wzcsvc.dll

### Wireless Zero Configuration Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\dhcpcsvc.dll

### DHCP Client Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2912

[Loaded DLLs] C:\Program Files\Windows Defender\MpClient.dll

### Client Interface Microsoft Corporation Windows Defender 1.1.1593.0

[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll

### MicrosoftR C++ Runtime Library Microsoft Corporation MicrosoftR Visual StudioR 2005 8.00.50727.163

[Loaded DLLs] C:\Program Files\Windows Defender\MpSvc.dll

### Service Module Microsoft Corporation Windows Defender 1.1.1593.0

[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll

### MicrosoftR C Runtime Library Microsoft Corporation MicrosoftR Visual StudioR 2005 8.00.50727.163

[Loaded DLLs] c:\windows\system32\ATL.DLL

### ATL Module for Windows XP (Unicode) Microsoft Corporation Microsoft ® Visual C++ 6.05.2284

[Loaded DLLs] c:\windows\system32\adsldpc.dll

### ADs LDAP Provider C DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\ACTIVEDS.dll

### ADs Router Layer DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\mstlsapi.dll

### MicrosoftR Terminal Server Licensing Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\ICAAPI.dll

### DLL Interface to TermDD Device Driver Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\termsrv.dll

### Terminal Server Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll

### Service Pack 2 Messages Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] c:\windows\system32\rpcss.dll

### Distributed COM Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2726

[Loaded DLLs] C:\WINDOWS\system32\dssenh.dll

### Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2133

[Loaded DLLs] C:\WINDOWS\system32\psbase.dll

### Protected Storage default provider Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\System32\wshtcpip.dll

### Windows Sockets Helper DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\hnetcfg.dll

### Home Networking Configuration Manager Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\mswsock.dll

### Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\pstorsvc.dll

### Protected storage server Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WINIPSEC.DLL

### Windows IPSec SPD Client DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\oakley.DLL

### Oakley Key Manager Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\ipsecsvc.dll

### Windows IPSec SPD Server DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\scecli.dll

### Windows Security Configuration Editor Client Engine Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\wdigest.dll

### Microsoft Digest Access Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\schannel.dll

### TLS / SSL Security Provider Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.3126

[Loaded DLLs] C:\WINDOWS\system32\w32time.dll

### Windows Time Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\netlogon.dll

### Net Logon Services DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\kerberos.dll

### Kerberos Security Package Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2698

[Loaded DLLs] C:\WINDOWS\system32\msprivs.dll

### Microsoft Privilege Translations Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\cryptdll.dll

### Cryptography Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\SAMSRV.dll

### SAM Server DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\DNSAPI.dll

### DNS Client API DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2938

[Loaded DLLs] C:\WINDOWS\system32\NTDSAPI.dll

### NT5DS Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\LSASRV.dll

### LSA Server DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2976

[Loaded DLLs] C:\WINDOWS\system32\eventlog.dll

### Event Logging Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\AppPatch\AcGenral.DLL

### Windows Compatibility DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\ShimEng.dll

### Shim Engine DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\NCObjAPI.DLL

### Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\umpnpmgr.dll

### User-mode Plug-and-Play Service Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2744

[Loaded DLLs] C:\WINDOWS\system32\SCESRV.dll

### Windows Security Configuration Editor Engine Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2505

[Loaded DLLs] C:\WINDOWS\system32\ES.DLL

### Microsoft Corporation COM Services 03.00.00.4414

[Loaded DLLs] C:\WINDOWS\system32\MSVCP60.dll

### Microsoft ® C++ Runtime Library Microsoft Corporation Microsoft ® Visual C++ 6.02.3104.0

[Loaded DLLs] C:\WINDOWS\system32\oleacc.dll

### Active Accessibility Core Component Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.0

[Loaded DLLs] C:\WINDOWS\system32\midimap.dll

### Microsoft MIDI Mapper Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\MSACM32.dll

### Microsoft ACM Audio Filter Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\msacm32.drv

### Microsoft Sound Mapper Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.0

[Loaded DLLs] C:\WINDOWS\system32\wdmaud.drv

### WDM Audio driver mapper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\NavLogon.dll

### Symantec AntiVirus Logon Notification Symantec Corporation Symantec AntiVirus 10.1.5.5000

[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll

### Service Pack 2 Messages Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\cscui.dll

### Client Side Caching UI Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\iphlpapi.dll

### IP Helper API Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2912

[Loaded DLLs] C:\WINDOWS\system32\msv1_0.dll

### Microsoft Authentication Package v1.0 Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\imjp9k.dll

### Microsoft IME 2003 Component Microsoft Corporation Microsoft IME 2003 9.0.6360.0

[Loaded DLLs] C:\WINDOWS\system32\imjp9.ime

### Microsoft IME Standard 2003 Microsoft Corporation Microsoft IME 2003 9.0.6358.0

[Loaded DLLs] C:\WINDOWS\system32\COMRes.dll

### Microsoft Corporation COM Services 03.00.00.4414

[Loaded DLLs] C:\WINDOWS\system32\CLBCATQ.DLL

### Microsoft Corporation COM Services 03.00.00.4414

[Loaded DLLs] C:\WINDOWS\system32\SAMLIB.dll

### SAM Library DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WLDAP32.dll

### Win32 LDAP API DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\NTMARTA.DLL

### Windows NT MARTA provider Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\OLEAUT32.dll

### Microsoft Corporation 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WgaLogon.dll

### Windows Genuine Advantage Notification Microsoft Corporation Windows Genuine Advantage 1.7.0018.5

[Loaded DLLs] C:\WINDOWS\system32\rsaenh.dll

### Microsoft Enhanced Cryptographic Provider Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2161

[Loaded DLLs] C:\WINDOWS\system32\MPR.dll

### Multiple Provider Router DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WINSPOOL.DRV

### Windows Spooler Driver Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WlNotify.dll

### Common DLL to receive Winlogon notifications Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\cscdll.dll

### Offline Network Agent Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WINMM.dll

### MCI API DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\sxs.dll

### Fusion 2.5 Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.3019

[Loaded DLLs] C:\WINDOWS\system32\WTSAPI32.dll

### Windows Terminal Server SDK APIs Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WINSCARD.DLL

### Microsoft Smart Card API Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\uxtheme.dll

### Microsoft UxTheme Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Loaded DLLs] C:\WINDOWS\system32\msctfime.ime

### Microsoft Text Frame Work Service IME Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\Apphelp.dll

### Application Compatibility Client Library Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\ole32.dll

### Microsoft OLE for Windows Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2726

[Loaded DLLs] C:\WINDOWS\system32\sfc_os.dll

### Windows File Protection Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\sfc.dll

### Windows File Protection Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\SHSVCS.dll

### Windows Shell Services Dll Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3051

[Loaded DLLs] C:\WINDOWS\system32\odbcint.dll

### Microsoft Data Access - ODBC Resources Microsoft Corporation Microsoft Open Database Connectivity 3.525.1117.0

[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

### User Experience Controls Library Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2982

[Loaded DLLs] C:\WINDOWS\system32\comdlg32.dll

### Common Dialogs DLL Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Loaded DLLs] C:\WINDOWS\system32\SHLWAPI.dll

### Shell Light-weight Utility Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Loaded DLLs] C:\WINDOWS\system32\SHELL32.dll

### Windows Shell Common Dll Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3051

[Loaded DLLs] C:\WINDOWS\system32\ODBC32.dll

### Microsoft Data Access - ODBC Driver Manager Microsoft Corporation Microsoft Data Access Components 3.525.1117.0

[Loaded DLLs] C:\WINDOWS\system32\COMCTL32.dll

### Common Controls Library Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2982

[Loaded DLLs] C:\WINDOWS\system32\MSGINA.dll

### Windows NT Logon GINA DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2603

[Loaded DLLs] C:\WINDOWS\system32\USP10.dll

### Uniscribe Unicode script processor Microsoft Corporation Microsoft® Uniscribe Unicode script processor 1.0420.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\LPK.DLL

### Language Pack Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\IMM32.DLL

### Windows XP IMM32 API Client DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WS2HELP.dll

### Windows Socket 2.0 Helper for Windows NT Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WS2_32.dll

### Windows Socket 2.0 32-Bit DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\IMAGEHLP.dll

### Windows NT Image Helper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WINTRUST.dll

### Microsoft Trust Verification APIs Microsoft Corporation Microsoft® Windows® Operating System 5.131.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\WINSTA.dll

### Winstation Library Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\VERSION.dll

### Version Checking and File Installation Libraries Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\SETUPAPI.dll

### Windows Setup API Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\Secur32.dll

### Security Support Provider Interface Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\REGAPI.dll

### Registry Configuration APIs Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\PSAPI.DLL

### Process Status Helper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\USERENV.dll

### Userenv Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\NETAPI32.dll

### Net Win32 API DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2976

[Loaded DLLs] C:\WINDOWS\system32\PROFMAP.dll

### Userenv Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\NDdeApi.dll

### Network DDE Share Management APIs Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\MSASN1.dll

### ASN.1 Runtime APIs Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\GDI32.dll

### GDI Client DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.3099

[Loaded DLLs] C:\WINDOWS\system32\USER32.dll

### Windows XP USER API Client DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.3099

[Loaded DLLs] C:\WINDOWS\system32\CRYPT32.dll

### Crypto API32 Microsoft Corporation Microsoft® Windows® Operating System 5.131.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\msvcrt.dll

### Windows NT CRT DLL Microsoft Corporation MicrosoftR WindowsR Operating System 7.0.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\AUTHZ.dll

### Authorization Framework Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2622

[Loaded DLLs] C:\WINDOWS\system32\RPCRT4.dll

### Remote Procedure Call Runtime Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\ADVAPI32.dll

### Advanced Windows 32 Base API Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Loaded DLLs] C:\WINDOWS\system32\kernel32.dll

### Windows NT BASE API Client DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.3119

[Loaded DLLs] C:\WINDOWS\system32\ntdll.dll

### NT Layer DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\themeui.dll

### Windows Theme API Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Explorer's DLLs] C:\WINDOWS\system32\SHDOCVW.dll

### Shell Doc Object and Control Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Explorer's DLLs] C:\WINDOWS\system32\BROWSEUI.dll

### Shell Browser UI Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Explorer's DLLs] C:\WINDOWS\system32\MSIMG32.dll

### GDIEXT Client DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\WININET.dll

### Internet Extensions for Win32 Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Explorer's DLLs] C:\WINDOWS\system32\CRYPTUI.dll

### Microsoft Trust UI Provider Microsoft Corporation Microsoft® Windows® Operating System 5.131.2600.2180

[Explorer's DLLs] C:\WINDOWS\AppPatch\AcGenral.DLL

### Windows Compatibility DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\ShimEng.dll

### Shim Engine DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\MSACM32.dll

### Microsoft ACM Audio Filter Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\cscui.dll

### Client Side Caching UI Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\imjp9k.dll

### Microsoft IME 2003 Component Microsoft Corporation Microsoft IME 2003 9.0.6360.0

[Explorer's DLLs] C:\WINDOWS\system32\imjp9.ime

### Microsoft IME Standard 2003 Microsoft Corporation Microsoft IME 2003 9.0.6358.0

[Explorer's DLLs] C:\WINDOWS\system32\COMRes.dll

### Microsoft Corporation COM Services 03.00.00.4414

[Explorer's DLLs] C:\WINDOWS\system32\CLBCATQ.DLL

### Microsoft Corporation COM Services 03.00.00.4414

[Explorer's DLLs] C:\WINDOWS\system32\WLDAP32.dll

### Win32 LDAP API DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\OLEAUT32.dll

### Microsoft Corporation 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\cscdll.dll

### Offline Network Agent Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\WINMM.dll

### MCI API DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\uxtheme.dll

### Microsoft UxTheme Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.2180

[Explorer's DLLs] C:\WINDOWS\system32\msctfime.ime

### Microsoft Text Frame Work Service IME Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\Apphelp.dll

### Application Compatibility Client Library Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\ole32.dll

### Microsoft OLE for Windows Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2726

[Explorer's DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

### User Experience Controls Library Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2982

[Explorer's DLLs] C:\WINDOWS\system32\SHLWAPI.dll

### Shell Light-weight Utility Library Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3121

[Explorer's DLLs] C:\WINDOWS\system32\SHELL32.dll

### Windows Shell Common Dll Microsoft Corporation Microsoft® Windows® Operating System 6.00.2900.3051

[Explorer's DLLs] C:\WINDOWS\system32\COMCTL32.dll

### Common Controls Library Microsoft Corporation MicrosoftR WindowsR Operating System 6.00.2900.2982

[Explorer's DLLs] C:\WINDOWS\system32\USP10.dll

### Uniscribe Unicode script processor Microsoft Corporation Microsoft® Uniscribe Unicode script processor 1.0420.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\LPK.DLL

### Language Pack Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\IMM32.DLL

### Windows XP IMM32 API Client DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\IMAGEHLP.dll

### Windows NT Image Helper Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\WINTRUST.dll

### Microsoft Trust Verification APIs Microsoft Corporation Microsoft® Windows® Operating System 5.131.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\VERSION.dll

### Version Checking and File Installation Libraries Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\Secur32.dll

### Security Support Provider Interface Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\USERENV.dll

### Userenv Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\NETAPI32.dll

### Net Win32 API DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2976

[Explorer's DLLs] C:\WINDOWS\system32\MSASN1.dll

### ASN.1 Runtime APIs Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\GDI32.dll

### GDI Client DLL Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.3099

[Explorer's DLLs] C:\WINDOWS\system32\USER32.dll

### Windows XP USER API Client DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.3099

[Explorer's DLLs] C:\WINDOWS\system32\CRYPT32.dll

### Crypto API32 Microsoft Corporation Microsoft® Windows® Operating System 5.131.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\msvcrt.dll

### Windows NT CRT DLL Microsoft Corporation MicrosoftR WindowsR Operating System 7.0.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\RPCRT4.dll

### Remote Procedure Call Runtime Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\ADVAPI32.dll

### Advanced Windows 32 Base API Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Explorer's DLLs] C:\WINDOWS\system32\kernel32.dll

### Windows NT BASE API Client DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.3119

[Explorer's DLLs] C:\WINDOWS\system32\ntdll.dll

### NT Layer DLL Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Running Services] ALG

### Internal Name: ALG. Status: service running. Actual File: C:\WINDOWS\System32\alg.exe * C^[lbg⁄LǮǗ Windows t@CAEH[ΩflAT[h p[eBvgRvOCT|[gǵNj∑B Application Layer Gateway Service Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] AudioSrv

### Internal Name: AudioSrv. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * Windows x[X vOI[fBI foCXǵNj∑BDZT[rXǙ~≥ǃǢAI[fBI foCX∆I[fBI ≥ǵ≠@\ǵNjπBDZT[rXǙ≥ǻAIDžDZT[rXDž∂ǵǃǢ∑◊ǃT[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] bgsvclib

### Internal Name: bgsvclib. Status: service running. Actual File: C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe * B's Recorder GOLD Service Library B.H.A Corporation B's Recorder GOLD8 8, 0, 0, 0

[Running Services] Browser

### Internal Name: Browser. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * lbg[NRs[^≈VǵAǪQ∆∆ǵǃw≥ΩRs[^DžǵNj∑BDZT[rXǙ~ǵǃǢAXVLJLJ≥NjπBDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] ccEvtMgr

### Internal Name: ccEvtMgr. Status: service running. Actual File: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" * Event propagation and logging service Symantec Event Manager Service Symantec Corporation Client and Host Security Platform 104.0.11.1

[Running Services] ccSetMgr

### Internal Name: ccSetMgr. Status: service running. Actual File: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" * Settings storage and management service Symantec Settings Manager Service Symantec Corporation Client and Host Security Platform 104.0.11.1

[Running Services] CryptSvc

### Internal Name: CryptSvc. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * ≥T[rXA 3 Ǭ≈∑BJ^O f[^x[X T[rX: Windows t@CmFǵNj∑B[g T[rX: M≥Ω[g@DZRs[^DžǮǗǵNj∑BL[ T[rX: pDZRs[^Džo^ǵNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] DcomLaunch

### Internal Name: DcomLaunch. Status: service running. Actual File: C:\WINDOWS\system32\svchost -k DcomLaunch * DCOM T[rXN∑@\ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] DefWatch

### Internal Name: DefWatch. Status: service running. Actual File: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" * Monitors and maintains virus definitions. Virus Definition Daemon Symantec Corporation Symantec AntiVirus 10.1.5.5000

[Running Services] Dhcp

### Internal Name: Dhcp. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * IP AhX∆ DNS o^ǮǗXVǵǃlbg[N\ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] Dnscache

### Internal Name: Dnscache. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k NetworkService * DZRs[^hC l[ VXe (DNS) ǮǗLbVǵNj∑BDZT[rXǙ~ǵΩADZRs[^ DNS ≈Ǵ∏AActive Directory hC Rg[[ǬDZ∆Ǚ≈Ǵǻ≠ǻNj∑BDZT[rXǙgpsDž≥ΩADZT[rXDžIDž∂∑T[rX∑◊ǃN≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] ERSvc

### Internal Name: ERSvc. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * Allows error reporting for services and applictions running in non-standard environments. Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] Eventlog

### Internal Name: Eventlog. Status: service running. Actual File: C:\WINDOWS\system32\services.exe * Windows x[XvO∆ Windows R|[lgDžǡǃ≠s≥Cxg O bZ[WCxg r[A≈\ǵNj∑BDZT[rX~≈ǴNjπB Services and Controller app Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Running Services] EventSystem

### Internal Name: EventSystem. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * T|[g VXe Cxg mT[rX (SENS) ACxg m∆ǵǃo^≥Ω COM R|[lgDžCxgIDž mǵNj∑BT[rXǙ~∑∆ASENS IπǵAOIǂOIt m≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥ǻADZT[rXDž∂∑T[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] FastUserSwitchingCompatibility

### Internal Name: FastUserSwitchingCompatibility. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * [U[≈AVX^XǙKvǻAvP[VǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] gusvc

### Internal Name: gusvc. Status: service running. Actual File: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" * gusvc Google Google Updater 2.2.824.5515.beta

[Running Services] helpsvc

### Internal Name: helpsvc. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * wv∆T|[g Z^[LDžǵADZRs[^≈s∑ǧDžǵNj∑BDZT[rX~∑∆Awv∆T|[g Z^[p∑DZ∆≈Ǵǻ≠ǻNj∑BDZT[rX≥Dž∑∆ADZT[rXDžIDž∂∑T[rXJnǵNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] HidServ

### Internal Name: HidServ. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * q[} C^[tFCX foCX (HID) LDžǵNj∑Bq[} C^[tFCX foCXAL[{[hA[gAǮǗ}` foCXDždžǩ∂fl`≥ǃǢzbg {^gpLDžǵǃAǵNj∑BDZT[rXǙ~≥ǃǢADZT[rXDžǡǃ≥ǃǢzbg {^@\ǵǻ≠ǻNj∑BDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] lanmanserver

### Internal Name: lanmanserver. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * DZRs[^≈lbg[N∆Ǯǵǃt@CAAǮǗOtpCvLT|[gǵNj∑BDZT[rXǙ~ǵΩADZ@\p≈Ǵǻ≠ǻNj∑BDZT[rXǙgpsDž≥ΩADZT[rXDžIDž∂∑T[rX∑◊ǃN≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] lanmanworkstation

### Internal Name: lanmanworkstation. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * [g T[o[NCAg lbg[N⁄ǵAǵNj∑BDZT[rXǙ~ǵǃǢADZ⁄p≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] LmHosts

### Internal Name: LmHosts. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k LocalService * NetBIOS over TCP/IP (NetBT) T[rX∆ NetBIOS OΩflT|[gLDžǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] MDM

### Internal Name: MDM. Status: service running. Actual File: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" * Visual Studio ∆XNvg fobK[JǮǗ[g fobOT|[gǵNj∑BDZT[rX~∑∆AfobK≥Dž@\ǵNjπB Machine Debug Manager Microsoft Corporation MicrosoftR Visual Studio .NET 7.00.9466

[Running Services] MrnTS_Sync5

### Internal Name: MrnTS_Sync5. Status: service running. Actual File: "C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe" * MNjflǻǫ≈p∑TlCA∑ΩflT[rX≈∑B Morrin Thumbnail Synchronized Service Module. [ Morrin Image-file Integrate Projects 5, 0, 0, 0

[Running Services] MyMedia Server

### Internal Name: MyMedia Server. Status: service running. Actual File: C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe * MyMediaServer DigiOn MyMedia Server 2.31.2

[Running Services] Netman

### Internal Name: Netman. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * lbg[N∆_CAbv⁄tH_DždžIuWFNgǵNj∑B[J GA lbg[N∆[g⁄˚ǙtH_≈\≥Nj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] Nla

### Internal Name: Nla. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * lbg[N\∆˚Wǵi[ǵNj∑BDZǙX≥ΩAvP[VDž mǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] PlugPlay

### Internal Name: PlugPlay. Status: service running. Actual File: C:\WINDOWS\system32\services.exe * [U[ǩ≈ANjΩǻǵ≈ARs[^Ǚn[hEFAXFǵAǵNj∑B Services and Controller app Microsoft Corporation Microsoft® Windows® Operating System 5.1.2600.2180

[Running Services] PolicyAgent

### Internal Name: PolicyAgent. Status: service running. Actual File: C:\WINDOWS\system32\lsass.exe * IP ZLeB |V[ǵAISAKMP/Oakley (IKE) ∆ IP ZLeB hCoJnǵNj∑B LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] ProtectedStorage

### Internal Name: ProtectedStorage. Status: service running. Actual File: C:\WINDOWS\system32\lsass.exe * L[ǻǫdvǻf[^i[∑Ωfl≥ΩLǵAǻǢT[rXAǻǢvZXAǻǢ[U[DžANZXhǨNj∑B LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] PSS Core

### Internal Name: PSS Core. Status: service running. Actual File: C:\Program Files\Common Files\Panasonic\PSSCore.exe * Panasonic Application Shared Service Core PSSCore Module Matsubleepa Electric Industry Co., LTD. Panasonic Software Shared Server Core 1, 0, 50315, 1455

[Running Services] RasMan

### Internal Name: RasMan. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * lbg[N⁄ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] RpcSs

### Internal Name: RpcSs. Status: service running. Actual File: C:\WINDOWS\system32\svchost -k rpcss * Gh |Cg }bp[ǂe RPC T[rXǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] SamSs

### Internal Name: SamSs. Status: service running. Actual File: C:\WINDOWS\system32\lsass.exe * [J [U[ AJEgZLeBi[ǵNj∑B LSA Shell (Export Version) Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] Schedule

### Internal Name: Schedule. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * [U[ARs[^^XN\ǮǗXPW[≈ǴNj∑BDZT[rXǙ~≥ǃǢAXPW[≥ΩDž^XNN≥NjπBDZT[rXǙ≥ǻAIDžDZDž∂ǵǃǢT[rXJn≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] seclogon

### Internal Name: seclogon. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * i≈vZXJnǵNj∑BDZT[rXǙ~≥ΩADZOI ANZXp≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDžIDž∂ǵǃǢT[rX∑◊ǃJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] SENS

### Internal Name: SENS. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * Windows OIAlbg[NAdπCxgǻǫVXe CxgǵNj∑BCOM+ Cxg VXeDžADZCxg mǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] SharedAccess

### Internal Name: SharedAccess. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * z[ lbg[NNjΩKItBXlbg[NDžǵǃlbg[N AhX∑AAhXwAOAǮǗA^bNh~T[rXǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] ShellHWDetection

### Internal Name: ShellHWDetection. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * ∂n[hEFA Cxg mǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] SPBBCSvc

### Internal Name: SPBBCSvc. Status: service running. Actual File: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" * Symantec SPBBC SPBBC Service Symantec Corporation SPBBC 2.2.0.7

[Running Services] Spooler

### Internal Name: Spooler. Status: service running. Actual File: C:\WINDOWS\system32\spoolsv.exe * x∑ΩflDžAt@CǛ≈Dži[ǵNj∑B Spooler SubSystem App Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2696

[Running Services] srservice

### Internal Name: srservice. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * VXe≥@\sǵNj∑BT[rX~∑DžA}C Rs[^ [vpeB] [VXe≥] ^u≈AVXe≥≥Džǵǃ≠≥ǢB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] stisvc

### Internal Name: stisvc. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k imgsvc * XLi∆JΩflC[WT[rXǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] TapiSrv

### Internal Name: TapiSrv. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * etHj[ foCX∆ IP x[Xπ∫⁄∑etHj[ API (TAPI) ǵNj∑B[J Rs[^∆lADZT[rXsǵǃǢT[o[ LAN ∆Ǯǵǃ≈ǴNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] TermService

### Internal Name: TermService. Status: service running. Actual File: C:\WINDOWS\System32\svchost -k DComLaunch * [U[Ǚb^≈A[g Rs[^fXNgbv∆AvP[V ∆Rs[^Dž⁄≈ǴNj∑BAdministrators RD fi[g fXNgbvAfǢ[U[ǶA[g AVX^XAǮǗ ^[~i T[o[xǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] Themes

### Internal Name: Themes. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * e[}ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] TrkWks

### Internal Name: TrkWks. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * lbg[N hCNjΩRs[^ NTFS {[NǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] UMWdf

### Internal Name: UMWdf. Status: service running. Actual File: C:\WINDOWS\system32\wdfmgr.exe * Windows [U[ [h hCoLDžǵNj∑B Windows User Mode Driver Manager Microsoft Corporation MicrosoftR WindowsR Operating System 5.2.3790.1230

[Running Services] VRService

### Internal Name: VRService. Status: service running. Actual File: C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe * DVD-VRfBXNL^∂sǢNj∑B VRService Module Matsubleepa Electric Industrial Co., Ltd. Panasonic DVDVR 2, 0, 1, 2

[Running Services] W32Time

### Internal Name: W32Time. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * lbg[N∑◊ǃNCAg∆T[o[˙t∆˙ǵNj∑B

DZT[rXǙ~≥∆A˙t∆˙p≈Ǵǻ≠ǻNj∑BDZT[rX

≥Dž∑∆ADZT[rXDž∂ǵǃǢT[rX∑◊ǃJnDž∏sǵNj∑B

Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] WebClient

### Internal Name: WebClient. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k LocalService * Windows x[XvO≈C^[lbg x[Xt@CǮǗC≥ǵΩAC^[lbg x[Xt@CDžANZXǵΩ∑DZ∆Ǚ≈ǴNj∑BDZT[rXǙ~≥ΩADZ@\p≈Ǵǻ≠ǻNj∑BDZT[rXǙ≥DžǻǡΩADZT[rXDž∂∑T[rXJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] WinDefend

### Internal Name: WinDefend. Status: service running. Actual File: "C:\Program Files\Windows Defender\MsMpEng.exe" * Helps protect users from malicious software, spyware, and other potentially unwanted software Service Executable Microsoft Corporation Windows Defender 1.1.1593.0

[Running Services] winmgmt

### Internal Name: winmgmt. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * Iy[eBO VXeAfoCXAAvP[VAT[rXǻǫDž∑DžANZX∑Ωfl C^[tFCX∆IuWFNg fǵNj∑BDZT[rXǙ~ǵǃǢ∆AWindows x[X\tgEFAǟ∆ǫǙ≥ǵ≠@\ǵNjπBDZT[rXǙ≥DžǻǡǃǢADZT[rXDžIDž∂∑T[rXΩLJJn≈Ǵǻ≠ǻNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] wscsvc

### Internal Name: wscsvc. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * VXe ZLeBǮǗ\ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] wuauserv

### Internal Name: wuauserv. Status: service running. Actual File: C:\WINDOWS\system32\svchost.exe -k netsvcs * Windows XV_E[h∆CXg[LDžǵNj∑BDZT[rX≥DžǵǃǢADZRs[^≈ XV@\∆ Windows Update Web TCggp≈ǴNjπB Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Running Services] WZCSVC

### Internal Name: WZCSVC. Status: service running. Actual File: C:\WINDOWS\System32\svchost.exe -k netsvcs * 802.11 A_v^\ǵNj∑B Generic Host Process for Win32 Services Microsoft Corporation MicrosoftR WindowsR Operating System 5.1.2600.2180

[Uninstall]

[Applications] :HKLM 7-Zip 4.44 beta="C:\Program Files\7-Zip\Uninstall.exe"

### 7-Zip

[Applications] :HKLM 902SH_802SH USB-Handset Manager=C:\WINDOWS\Uninstall.exe C:\Program Files\902SH_802SH USB-Handset Manager\FileList.ini

### 902SH_802SH USB-Handset Manager phmgunin MFC Application phmgunin Application 1, 0, 0, 1

[Applications] :HKLM Ad-Aware SE Personal=C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

### Ad-Aware SE Personal

[Applications] :HKLM AddressBook

### AddressBook

[Applications] :HKLM Agere Systems AC'97 Modem=agrsmdel

### Agere Systems Soft Modem LTRemove Agere Systems LTRemove 1.67

[Applications] :HKLM Bibble Pro=C:\WINDOWS\unvise32.exe C:\Program Files\Bibble Labs\Prouninstal.log

### Bibble Pro Uninstall application file MindVision Software Installer VISE 3.6.1

[Applications] :HKLM Branding

### Branding

[Applications] :HKLM CloneCD="C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

### CloneCD

[Applications] :HKLM CloneDVD2="C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"

### CloneDVD2

[Applications] :HKLM Combined Community Codec Pack 2006-12-15="C:\Program Files\Combined Community Codec Pack\unins000.exe"

### Combined Community Codec Pack_is1 Setup/Uninstall Inno Setup

[Applications] :HKLM Connection Manager

### Connection Manager

[Applications] :HKLM CutePDF Writer 2.7=C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall

### CutePDF Writer Installation

[Applications] :HKLM DirectAnimation

### DirectAnimation

[Applications] :HKLM DirectDrawEx

### DirectDrawEx

[Applications] :HKLM Disk Investigator 1.32=C:\Program Files\Disk Investigator\uninst.exe

### Disk Investigator

[Applications] :HKLM DivX Content Uploader=C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

### DivX Content Uploader DivX Web Player Installer, L:EN, DivX Web Player 1.3.0, DivX Content Uploader 1.1.0, B:DVFA DivX, Inc.

[Applications] :HKLM DXM_Runtime

### DXM_Runtime

[Applications] :HKLM Microsoft DirectX Transform optional components=RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12

### DXTXTRA

[Applications] :HKLM EULAlyzer v1.1="C:\Program Files\EULAlyzer\unins000.exe"

### EULAlyzer_is1 Setup/Uninstall Inno Setup

[Applications] :HKLM FastStone Capture 5.2=C:\Program Files\FastStone Capture\uninst.exe

### FastStone Capture

[Applications] :HKLM FMVDIAGDeinstKey=C:\WINDOWS\unin0411.exe -fC:\fjuty\FMVDIAG\DeIsL1.isu

### FMVDIAGDeinstKey

[Applications] :HKLM Fontcore

### Fontcore

[Applications] :HKLM Foxit Reader=C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

### Foxit Reader Uninstall for Foxit Reader Foxit Software Foxit Reader Uninstall 1, 3, 0, 615

[Applications] :HKLM FTP Voyager 13.0="C:\Program Files\RhinoSoft.com\FTP Voyager\unins000.exe"

### FTP Voyager_is1 Setup/Uninstall Inno Setup

[Applications] :HKLM GalleryPlayer Images=C:\WINDOWS\GalleryPlayer Images Uninstaller.exe

### GalleryPlayer Images

[Applications] :HKLM Google Updater="C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

### Google Updater Google Updater Google Google Updater 2.1.871.19925.beta

[Applications] :HKLM Google Video Player="C:\Program Files\Google\Google Video Player\Uninstall.exe"

### GoogleVideoPlayer Google Video Player Google Google Video Player

[Applications] :HKLM Haali Media Splitter="C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"

### HaaliMkx

[Applications] :HKLM HijackThis 2.0.2="C:\Documents and Settings\Owner\fXNgbv\More Virus Stuff\HijackThis.exe" /unin

### HijackThis

[Applications] :HKLM ICW

### ICW

[Applications] :HKLM IE40

### IE40

[Applications] :HKLM IE4Data

### IE4Data

[Applications] :HKLM IE5BAKEX

### IE5BAKEX

[Applications] :HKLM IEData

### IEData

[Applications] :HKLM InstallShield Uninstall Information

### InstallShield Uninstall Information

[Applications] :HKLM ANZXvIt=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{118A1245-E8D8-4531-8C0B-14A85210DA40}

### InstallShield_{118A1245-E8D8-4531-8C0B-14A85210DA40} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM tHg^b`=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1A20AFF1-8171-49B0-A2F9-3205939DA176}

### InstallShield_{1A20AFF1-8171-49B0-A2F9-3205939DA176} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM p\RınjǡKCh=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1C6BC25F-1DA8-4FAB-AD5C-C48ADCF3152A}

### InstallShield_{1C6BC25F-1DA8-4FAB-AD5C-C48ADCF3152A} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM j[=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1C725459-5053-42A5-B22A-F3E91484DF65}

### InstallShield_{1C725459-5053-42A5-B22A-F3E91484DF65} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM ǩΩlǶ=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1D21451D-9C36-42A1-BD21-4A68410C9F2C}

### InstallShield_{1D21451D-9C36-42A1-BD21-4A68410C9F2C} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM PC∑KCh=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{29276E3F-15EF-49FC-9793-B07811C8059D}

### InstallShield_{29276E3F-15EF-49FC-9793-B07811C8059D} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM SHARP 3G/GSM GPRS Wizard Ver1.0.0=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{38F4AF8B-9D38-4246-8425-0DC9D3734C79} /l1033

### InstallShield_{38F4AF8B-9D38-4246-8425-0DC9D3734C79} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM g\ for FMV=C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{59A92E4C-0931-4CDF-8505-41D1F42FB335}

### InstallShield_{59A92E4C-0931-4CDF-8505-41D1F42FB335} InstallDriver Module InstallDriver Module 8.00

[Applications] :HKLM f=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{60DAE067-F470-4FFC-9FEC-F67914FE2AEC}

### InstallShield_{60DAE067-F470-4FFC-9FEC-F67914FE2AEC} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM SHARP 3G/GSM GPRS USB Driver Ver1.0.0=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6E534F9C-CCCE-477E-8299-DF5A7C496D6B} /l1033

### InstallShield_{6E534F9C-CCCE-477E-8299-DF5A7C496D6B} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM Hot!Update=C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8BCB9FC8-EB0B-4E1A-A5BD-6E3EF48228A1}

### InstallShield_{8BCB9FC8-EB0B-4E1A-A5BD-6E3EF48228A1} InstallDriver Module InstallDriver Module 8.00

[Applications] :HKLM SanrioTinyPark=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9B00BEC8-1486-4844-BE10-ECAC10AA48FA}

### InstallShield_{9B00BEC8-1486-4844-BE10-ECAC10AA48FA} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM PowerUtility - [g@\=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9FA1C708-8466-4ABA-A76B-182910E32B8A}

### InstallShield_{9FA1C708-8466-4ABA-A76B-182910E32B8A} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM PowerUtility - XPW[@\=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B351DC34-2758-492A-ADEE-66C17A61860E}

### InstallShield_{B351DC34-2758-492A-ADEE-66C17A61860E} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM OpenMG Secure Module 4.1.00=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1446DB3-44B1-4688-8568-B55D9BD05B12} UNINSTALL

### InstallShield_{D1446DB3-44B1-4688-8568-B55D9BD05B12} InstallDriver Module InstallShield Software Corporation InstallDriver Module 9.00

[Applications] :HKLM Ǜǻ≈sudbX^[^=C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D97B89AA-D399-4152-81CE-FBB9C3688E36}

### InstallShield_{D97B89AA-D399-4152-81CE-FBB9C3688E36} InstallDriver Module InstallDriver Module 8.00

[Applications] :HKLM FMV`[=C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EA934267-3D11-4591-88EA-374CC6618A9E}

### InstallShield_{EA934267-3D11-4591-88EA-374CC6618A9E} InstallDriver Module InstallDriver Module 7.07

[Applications] :HKLM Intel Integrated Performance Primitives RTI 2.0=C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu

### Intel Integrated Performance Primitives RTI 2.0 InstallShieldR unInstaller InstallShield Software Corporation InstallShieldR unInstaller 5, 51

[Applications] :HKLM KARUGARUnet 4.0=C:\WINDOWS\install\Uninstaller.exe

### KARUGARUnet 4.0 Uninstall MFC flπ∞ƛ Uninstall flπ∞ƛ 1, 0, 0, 1

[Applications] :HKLM Windows XP zbgtBbNX - KB834707=C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe

### KB834707 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0031.0

[Applications] :HKLM Windows XP zbgtBbNX - KB867282=C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe

### KB867282 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB873333=C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

### KB873333 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB873339=C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

### KB873339 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP ZLeBXV (KB883939)="C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"

### KB883939 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM KB884016

### KB884016

[Applications] :HKLM Windows XP zbgtBbNX - KB884018=C:\WINDOWS\$NtUninstallKB884018$\spuninst\spuninst.exe

### KB884018 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0031.0

[Applications] :HKLM Windows XP zbgtBbNX - KB885250=C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

### KB885250 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB885835=C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

### KB885835 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB885836=C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

### KB885836 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB886185=C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

### KB886185 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB886677=C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe

### KB886677 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB887472=C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

### KB887472 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB887797=C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe

### KB887797 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB888113=C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

### KB888113 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB888239=C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe

### KB888239 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB888302=C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

### KB888302 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB889673=C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe

### KB889673 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP ZLeBXV (KB890046)="C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

### KB890046 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP zbgtBbNX - KB890047=C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe

### KB890047 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB890175=C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

### KB890175 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB890859="C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

### KB890859 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP zbgtBbNX - KB891781=C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

### KB891781 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP zbgtBbNX - KB893056=C:\WINDOWS\$NtUninstallKB893056$\spuninst\spuninst.exe

### KB893056 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 5.5.0033.0

[Applications] :HKLM Windows XP ZLeBXV (KB893066)="C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"

### KB893066 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP zbgtBbNX - KB893086="C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"

### KB893086 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB893756)="C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

### KB893756 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM KB893803

### KB893803

[Applications] :HKLM Windows Installer 3.1 (KB893803)="C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

### KB893803v2 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP XV (KB894391)="C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

### KB894391 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB896358)="C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

### KB896358 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB896422)="C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

### KB896422 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB896423)="C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

### KB896423 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB896424)="C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

### KB896424 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB896428)="C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

### KB896428 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Step by Step Interactive Training pZLeBXVvO (KB898458)="C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

### KB898458 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP XV (KB898461)="C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

### KB898461 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB899587)="C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

### KB899587 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB899591)="C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

### KB899591 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP XV (KB900485)="C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

### KB900485 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB900725)="C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

### KB900725 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB901017)="C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

### KB901017 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB901190)="C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

### KB901190 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB901214)="C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

### KB901214 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB902400)="C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

### KB902400 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB903235)="C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"

### KB903235 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB904706)="C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

### KB904706 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB905414)="C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

### KB905414 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB905749)="C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

### KB905749 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.1.0022.4

[Applications] :HKLM Windows XP ZLeBXV (KB908519)="C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

### KB908519 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB908531)="C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

### KB908531 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB910437)="C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

### KB910437 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB911280)="C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

### KB911280 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB911562)="C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

### KB911562 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows Media Player (KB911564) ZLeBC≥vO="C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

### KB911564 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB911567)="C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

### KB911567 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB911927)="C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

### KB911927 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB912919)="C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

### KB912919 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB913580)="C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

### KB913580 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB914388)="C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

### KB914388 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB914389)="C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

### KB914389 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB916595)="C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

### KB916595 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB917344)="C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

### KB917344 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB917422)="C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

### KB917422 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows Media Player 10 (KB917734) ZLeBC≥vO="C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

### KB917734_WMP10 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB917953)="C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

### KB917953 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB918118)="C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

### KB918118 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB918439)="C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

### KB918439 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB918899)="C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

### KB918899 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB919007)="C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

### KB919007 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB920213)="C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

### KB920213 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB920214)="C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

### KB920214 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB920670)="C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

### KB920670 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB920683)="C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

### KB920683 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB920685)="C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

### KB920685 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB920872)="C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

### KB920872 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB921398)="C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

### KB921398 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB921883)="C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

### KB921883 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB922582)="C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

### KB922582 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB922616)="C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

### KB922616 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB922760)="C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"

### KB922760 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB922819)="C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

### KB922819 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB923191)="C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

### KB923191 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB923414)="C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

### KB923414 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP (KB923689) ZLeBC≥vO="C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

### KB923689 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB923694)="C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

### KB923694 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Step by Step Interactive Training pZLeBXVvO (KB923723)="C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

### KB923723 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB923980)="C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

### KB923980 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB924191)="C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

### KB924191 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB924270)="C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

### KB924270 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB924496)="C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

### KB924496 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB924667)="C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

### KB924667 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows Media Player 6.4 (KB925398) ZLeBC≥vO="C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

### KB925398_WMP64 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB925454)="C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"

### KB925454 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB925486)="C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

### KB925486 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB925902)="C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

### KB925902 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB926255)="C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

### KB926255 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB926436)="C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

### KB926436 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB927779)="C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

### KB927779 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB927802)="C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

### KB927802 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB927891)="C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

### KB927891 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB928090)="C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"

### KB928090 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB928255)="C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

### KB928255 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Microsoft .NET Framework 2.0 p Security Update (KB928365)=C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

### KB928365.T1_1ToU569_1 WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Windows XP ZLeBXV (KB928843)="C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

### KB928843 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB929123)="C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

### KB929123 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB929338)="C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"

### KB929338 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB929969)="C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"

### KB929969 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB930178)="C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

### KB930178 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB930916)="C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

### KB930916 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB931261)="C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

### KB931261 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB931768)="C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"

### KB931768 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB931784)="C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

### KB931784 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB931836)="C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

### KB931836 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB932168)="C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

### KB932168 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB933566)="C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"

### KB933566 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB935839)="C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

### KB935839 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP ZLeBXV (KB935840)="C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

### KB935840 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Windows XP XV (KB936357)="C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

### KB936357 Windows Service Pack Uninstall Microsoft Corporation Microsoft® Windows ® Operating System 6.2.0029.0

[Applications] :HKLM Last.fm 1.3.1.1="C:\Program Files\Last.fm\unins000.exe"

### LastFM_is1 Setup/Uninstall Inno Setup 0.0.0.0

[Applications] :HKLM LiveUpdate 3.1 (Symantec Corporation)="C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

### LiveUpdate LiveUpdate Installer Symantec Corporation LiveUpdate 3.1.0.90

[Applications] :HKLM Microsoft .NET Framework 1.1 Hotfix (KB928366)="C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

### M928366 MSDDHotfix MSDDHotfix 1, 0, 0, 1

[Applications] :HKLM Microsoft .NET Framework 1.0 Hotfix (KB928367)="C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671041\M9283671041Uninstall.msp"

### M9283671041 MSDDHotfix MSDDHotfix 1, 0, 0, 1

[Applications] :HKLM Macromedia Shockwave Player=C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

### Macromedia Shockwave Player

[Applications] :HKLM Microsoft .NET Framework 1.1=msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

### Microsoft .NET Framework 1.1 (1033) WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Microsoft .NET Framework 2.0=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

### Microsoft .NET Framework 2.0

[Applications] :HKLM Microsoft .NET Framework (JPN) v1.0.3705=C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1041)

### Microsoft .NET Framework Full v1.0.3705 (1041) Microsoft .NET Framework Setup Bootstrapper Microsoft Corporation Microsoft .NET Framework 1.0.3705.0

[Applications] :HKLM Microsoft Interactive Training=C:\WINDOWS\IsUn0411.exe -fC:\WINDOWS\orun32.isu

### Microsoft Interactive Training InstallShield ® unInstaller InstallShield Software Corporation InstallShield ® unInstaller 5, 51

[Applications] :HKLM Microsoft Visual J# .NET Redistributable Package(JPN) v1.0.4205=msiexec.exe /I {1E60EC72-CC4C-4CE1-A6AC-E8E2ABD243C2} /l*v "C:\Program Files\Common Files\Microsoft Visual J# .NET Setup\logs\RedistRepairRemove1041.log"

### Microsoft Visual J# .NET Redistributable Package(JPN) v1.0.4205 WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Fujitsu RF comfort keyboard=C:\WINDOWS\UnInst32.exe mmkbd.UNI

### mmkbd Uninstall Application Dritek System Inc. Dritek System Inc. Uninstall Application 1, 3, 3, 1209

[Applications] :HKLM MobileOptionPack

### MobileOptionPack

[Applications] :HKLM Mozilla Firefox (2.0.0.5)=C:\Program Files\Mozilla Firefox\uninstall\helper.exe

### Mozilla Firefox (2.0.0.5) Firefox Helper Mozilla Corporation Firefox

[Applications] :HKLM Mozilla Firefox (2.0.0.6)=C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe

### Mozilla Firefox (2.0.0.6) Firefox Helper Mozilla Corporation Firefox

[Applications] :HKLM MPlayer2

### MPlayer2

[Applications] :HKLM MSI30-Beta1

### MSI30-Beta1

[Applications] :HKLM MSI30-Beta2

### MSI30-Beta2

[Applications] :HKLM MSI30-KB884016

### MSI30-KB884016

[Applications] :HKLM MSI30-RC1

### MSI30-RC1

[Applications] :HKLM MSI30-RC2

### MSI30-RC2

[Applications] :HKLM MSI30a-KB884016

### MSI30a-KB884016

[Applications] :HKLM MSI31-Beta

### MSI31-Beta

[Applications] :HKLM MSI31-RC1

### MSI31-RC1

[Applications] :HKLM Nero 6 Ultra Edition=C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

### Nero - Burning Rom!UninstallKey Nero Web Engine Nero AG Nero Web Engine 1, 2, 3, 62

[Applications] :HKLM Nero Digital=C:\WINDOWS\UNNeroVision.exe /UNINSTALL

### NeroVision!UninstallKey Nero Web Engine Nero AG Nero Web Engine 1, 2, 3, 62

[Applications] :HKLM NetMeeting

### NetMeeting

[Applications] :HKLM OASYS Viewer V8=C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\OasView8\Uninst\OasView.isu" -c"C:\Program Files\OasView8\Uninst\UninOasv.dll"

### OASYS Viewer InstallShield ® unInstaller InstallShield Software Corporation InstallShield ® unInstaller 5, 51

[Applications] :HKLM OCNΩ∞ fl∏=C:\Program Files\ocn\install.exe -u -p "C:\Program Files\ocn"

### OCNΩ∞ fl∏ INSTALL Netvision Co.,Ltd. Netvision Co.,Ltd. INSTALL 1, 0, 0, 1

[Applications] :HKLM Direct Show Ogg Vorbis Filter (remove only)="C:\WINDOWS\system32\OggDSuninst.exe"

### OggDS

[Applications] :HKLM OpenMG Limited Patch 4.1-05-13-31-01=C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u

### OpenMG HotFix4.1-05-13-31-01 setup Sony corporation Sony corporation setup 1, 0, 0, 12

[Applications] :HKLM OutlookExpress

### OutlookExpress

[Applications] :HKLM PCHealth=rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

### PCHealth

[Applications] :HKLM Perfect Alarm Clock=C:\Program Files\Perfect Alarm Clock\Uninstall.exe

### Perfect Alarm Clock

[Applications] :HKLM Picasa 2="C:\Program Files\Picasa2\Uninstall.exe"

### Picasa2

[Applications] :HKLM PowerISO="C:\Program Files\PowerISO\uninstall.exe"

### PowerISO

[Applications] :HKLM RealJukebox 1.0=C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

### RealJukebox 1.0 Uninstaller Shell executable RealNetworks, Inc. Uninstaller Shell executable (32-bit) 7.0.0.3780

[Applications] :HKLM RealPlayer=C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

### RealPlayer 6.0 Uninstaller Shell executable RealNetworks, Inc. Uninstaller Shell executable (32-bit) 7.0.0.3780

[Applications] :HKLM SAMSUNG CDMA Modem Driver Set=C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

### SAMSUNG CDMA Modem Uninstall USB drivers Moore Computer Consultants, Inc. SAMSUNG CDMA Modem Software 4.22

[Applications] :HKLM SAMSUNG Mobile USB Modem Software=C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

### SAMSUNG Mobile USB Modem Uninstall USB drivers Moore Computer Consultants, Inc. Samsung Mobile USB Modem Software 4.34

[Applications] :HKLM SAMSUNG Mobile USB Modem 1.0 Software=C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

### SAMSUNG Mobile USB Modem 1.0 Uninstall USB drivers Moore Computer Consultants, Inc. SAMSUNG Mobile USB Modem 1.0 Software 4.34

[Applications] :HKLM SchedulingAgent

### SchedulingAgent

[Applications] :HKLM Screenshot Pilot version 1.46.01="C:\Program Files\Screenshot Pilot\unins000.exe"

### Screenshot Pilot (full)_is1 Uninstaller Inno Setup

[Applications] :HKLM Sevinst

### Sevinst

[Applications] :HKLM Shockwave

### Shockwave

[Applications] :HKLM Adobe Flash Player 9 ActiveX=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

### ShockwaveFlash Adobe Flash Player Helper 9.0 r45 Adobe Systems, Inc. Flash Player Helper 9,0,45,0

[Applications] :HKLM Skype 3.2="C:\Program Files\Skype\Phone\unins000.exe"

### Skype_is1 Setup/Uninstall Inno Setup 1.0.0.0

[Applications] :HKLM Speed Up Alarm="C:\Program Files\Speed Up Alarm\unins000.exe"

### Speed Up Alarm_is1 Inno Setup Uninstaller Jordan Russell

[Applications] :HKLM UnHackMe 4.5 release="C:\Program Files\UnHackMe\unins000.exe"

### UnHackMe_is1 Setup/Uninstall Inno Setup 0.0.0.0

[Applications] :HKLM Torrent="C:\Program Files\uTorrent\uninstall.exe"

### uTorrent Torrent 1.6 Installer Torrent 1.6

[Applications] :HKLM Viewpoint Media Player (Remove Only)=C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe -u

### ViewpointMediaPlayer

[Applications] :HKLM Vodafone 804SS USB driver Software=C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe

### Vodafone 804SS USB driver Uninstall USB drivers Moore Computer Consultants, Inc. Vodafone WCDMA Composite Device V4.38

[Applications] :HKLM Windows Genuine Advantage Notifications (KB905474)

### WgaNotify

[Applications] :HKLM Windows Media Format Runtime="C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

### Windows Media Format Runtime Microsoft Windows Media \[eBeB Microsoft Corporation Microsoft® Windows Media Player 10.00.00.3650

[Applications] :HKLM Windows Media Player 10="C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

### Windows Media Player Microsoft Windows Media \[eBeB Microsoft Corporation Microsoft® Windows Media Player 10.00.00.3650

[Applications] :HKLM WinRAR archiver=C:\Program Files\WinRAR\uninstall.exe

### WinRAR archiver

[Applications] :HKLM Yahoo! BB≈≤∞؃=C:\Program Files\Yahoo! BB\install.exe -u -p "C:\Program Files\Yahoo! BB"

### Yahoo! BB≈≤∞؃ INSTALL Netvision Co.,Ltd. Netvision Co.,Ltd. INSTALL 1, 0, 0, 1

[Applications] :HKLM {0BDB0C7B-A8B9-4879-BC1D-EE61909E9F12}

### {0BDB0C7B-A8B9-4879-BC1D-EE61909E9F12}

[Applications] :HKLM Mfl Ver.12=MsiExec.exe /I{0C40A0E0-C1C6-4AE3-8C7B-E5473B0E130C}

### {0C40A0E0-C1C6-4AE3-8C7B-E5473B0E130C} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM ANZXvIt

### {118A1245-E8D8-4531-8C0B-14A85210DA40}

[Applications] :HKLM AOL=MsiExec.exe /X{131CA731-4C48-4D7E-B2C4-07F75DFD1FA9}

### {131CA731-4C48-4D7E-B2C4-07F75DFD1FA9} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM gc[=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16779880-3FEA-4E9C-98F7-14B22C090ABF}\setup.exe"

### {16779880-3FEA-4E9C-98F7-14B22C090ABF}

[Applications] :HKLM tHg^b`

### {1A20AFF1-8171-49B0-A2F9-3205939DA176}

[Applications] :HKLM Microsoft Visual J# .NET Redistributable Package 1.1=MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}

### {1A655D51-1423-48A3-B748-8F5A0BE294C8} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM p\RınjǡKCh

### {1C6BC25F-1DA8-4FAB-AD5C-C48ADCF3152A}

[Applications] :HKLM {1C725459-5053-42A5-B22A-F3E91484DF65}

### {1C725459-5053-42A5-B22A-F3E91484DF65}

[Applications] :HKLM ǩΩlǶ

### {1D21451D-9C36-42A1-BD21-4A68410C9F2C}

[Applications] :HKLM Visual J# .NET Redistributable Package

### {1E60EC72-CC4C-4CE1-A6AC-E8E2ABD243C2}

[Applications] :HKLM FM ǩΩobNAbv=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21645C75-EF94-11D3-B252-005004D4873D}\Setup.exe" -l0x11

### {21645C75-EF94-11D3-B252-005004D4873D}

[Applications] :HKLM Sony DVD Architect 4.0=MsiExec.exe /X{219CB444-F2B6-4A17-8A76-BB7847F3DB26}

### {219CB444-F2B6-4A17-8A76-BB7847F3DB26} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Google Talk (remove only)="C:\Program Files\Google\Google Talk\uninstall.exe"

### {226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk

[Applications] :HKLM Google Toolbar for Internet Explorer=regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

### {2318C2B1-4965-11d4-9B18-009027A5CD4F}

[Applications] :HKLM MNjfl Ver.15 x[VbN=MsiExec.exe /X{23530B8F-EDB7-4B46-A7CD-C00A82CF3C0A}

### {23530B8F-EDB7-4B46-A7CD-C00A82CF3C0A} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Sony Vegas 7.0=MsiExec.exe /X{251C3815-7A55-4607-A82D-C3B98F0FBAB8}

### {251C3815-7A55-4607-A82D-C3B98F0FBAB8} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993}\setup.exe" -l0x7 -removeonly

### {2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993}

[Applications] :HKLM {283BDB6B-DA47-436B-BD6E-29CF78E5EB9C}=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{283BDB6B-DA47-436B-BD6E-29CF78E5EB9C}\setup.exe" -l0x11 UNINSTALL

### {283BDB6B-DA47-436B-BD6E-29CF78E5EB9C}

[Applications] :HKLM PC∑KCh

### {29276E3F-15EF-49FC-9793-B07811C8059D}

[Applications] :HKLM GAMEPACK2005F=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E81CFE5-7045-43C9-B36F-9E28144D30EA}\setup.exe" -l0x11

### {2E81CFE5-7045-43C9-B36F-9E28144D30EA}

[Applications] :HKLM IFL=MsiExec.exe /X{2EF73726-9C12-42A0-952D-9753FBF86E58}

### {2EF73726-9C12-42A0-952D-9753FBF86E58} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM J2SE Runtime Environment 5.0 Update 3=MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}

### {3248F0A8-6813-11D6-A77B-00B0D0150030} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Symantec AntiVirus=MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}

### {33CFCF98-F8D6-4549-B469-6F4295676D83} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM WebFldrs XP

### {350C97B1-3D7C-4EE8-BAA9-00BCB3D54227}

[Applications] :HKLM MSXML 4.0 SP2 (KB927978)=MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

### {37477865-A3F1-4772-AD43-AAFC6BCFF99F} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM MyMedia Server Tool=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{378C547F-7AE3-467D-9E11-C888B026F62D}\Setup.exe" -l0x11 UNINSTALL

### {378C547F-7AE3-467D-9E11-C888B026F62D}

[Applications] :HKLM BeatJam Music Server="C:\Program Files\InstallShield Installation Information\{37FAB01F-22FA-41C9-99E4-9157083A43C1}\setup.exe" UNINSTALL

### {37FAB01F-22FA-41C9-99E4-9157083A43C1} InstallShield ® Setup Launcher InstallShield Software Corporation InstallShield ® 6, 31

[Applications] :HKLM SHARP 3G/GSM GPRS Wizard Ver1.0.0

### {38F4AF8B-9D38-4246-8425-0DC9D3734C79}

[Applications] :HKLM DION (KDDI)=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3AA58582-829D-11D5-BE16-00D0B78E1D32}\Setup.exe" -uninst

### {3AA58582-829D-11D5-BE16-00D0B78E1D32}

[Applications] :HKLM @nifty≈C^[lbg=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C055C4C-137A-4172-9C85-5A638A7729D3}\SETUP.EXE" -l0x11 UNINSTALL

### {3C055C4C-137A-4172-9C85-5A638A7729D3}

[Applications] :HKLM Skype Plugin Manager=MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}

### {3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Google Earth=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

### {3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}

[Applications] :HKLM Rg[=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E8D16C4-9484-498C-9C08-AA4070F9B596}\setup.exe"

### {3E8D16C4-9484-498C-9C08-AA4070F9B596}

[Applications] :HKLM {3FE455E3-85CD-4727-A82E-084014614D95}

### {3FE455E3-85CD-4727-A82E-084014614D95}

[Applications] :HKLM Samsung PC Studio

### {4273B296-B898-4379-A250-092F8EE1F253}

[Applications] :HKLM xm T[rXAVX^gi}jAT|[gj=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43650609-8059-492F-A3CF-7185410B45E5}\mnsetup.exe" -l0x11 UNINSTALLALL

### {43650609-8059-492F-A3CF-7185410B45E5}

[Applications] :HKLM Abvf[gir=MsiExec.exe /X{47BC37A3-35C8-484A-8CBD-851914EB095E}

### {47BC37A3-35C8-484A-8CBD-851914EB095E} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM EZT=MsiExec.exe /I{4CCD7A06-1C0E-4C6D-BBB9-1472A9685AF8}

### {4CCD7A06-1C0E-4C6D-BBB9-1472A9685AF8} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM @nifty[eBeB=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55021349-8A7B-11D6-B1C1-00000E5F1C10}\setup.exe"

### {55021349-8A7B-11D6-B1C1-00000E5F1C10}

[Applications] :HKLM Windows Live Messenger=MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

### {571700F0-DB9D-4B3A-B03D-35A14BB5939F} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Microsoft Office Home Style+=MsiExec.exe /I{597C68AF-3EF7-4310-8725-2E034914613B}

### {597C68AF-3EF7-4310-8725-2E034914613B} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM g\ for FMV

### {59A92E4C-0931-4CDF-8505-41D1F42FB335}

[Applications] :HKLM QuickTime=MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}

### {5E863175-E85D-44A6-8968-82507D34AE7F} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM f

### {60DAE067-F470-4FFC-9FEC-F67914FE2AEC}

[Applications] :HKLM u ME∆wvutTTNTv=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F39F02-C17D-47A7-8352-EED787689702}\setup.exe" -l0x11 -removeonly

### {62F39F02-C17D-47A7-8352-EED787689702}

[Applications] :HKLM DVD-MovieAlbumSE 4.1=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6391CAF3-0AED-4D3F-B904-C6209EC0C88D}\setup.exe" -l0x11 UNINSTALL

### {6391CAF3-0AED-4D3F-B904-C6209EC0C88D}

[Applications] :HKLM Microsoft .NET Framework (JPN)=MsiExec.exe /X{660BA74D-476A-4644-8EA3-27018B64B9C0}

### {660BA74D-476A-4644-8EA3-27018B64B9C0} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM {666CF041-77BE-414E-9A9D-0A227E9B48F8}

### {666CF041-77BE-414E-9A9D-0A227E9B48F8}

[Applications] :HKLM \=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C99A260-BD69-11D3-8C69-0090275686A1}\Setup.exe" -l0x11

### {6C99A260-BD69-11D3-8C69-0090275686A1}

[Applications] :HKLM SHARP 3G/GSM GPRS USB Driver Ver1.0.0

### {6E534F9C-CCCE-477E-8299-DF5A7C496D6B}

[Applications] :HKLM Microsoft .NET Framework 2.0

### {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

[Applications] :HKLM Sony Media Manager 2.2=MsiExec.exe /X{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}

### {71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM IndicatorUtility=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78388EDE-43AC-41C2-AAF9-99A9B21253B3}\setup.exe"

### {78388EDE-43AC-41C2-AAF9-99A9B21253B3}

[Applications] :HKLM ODN Signup Software=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7893B2B6-D126-47E3-B225-9B17E34EFB8A}\Setup.exe"

### {7893B2B6-D126-47E3-B225-9B17E34EFB8A}

[Applications] :HKLM G-GUIDE ® VXe - Panasonic=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FC3A4F1-E489-4B39-B9E9-5F277B984BB7}\setup.exe" -l0x11

### {7FC3A4F1-E489-4B39-B9E9-5F277B984BB7}

[Applications] :HKLM ≈1in=MsiExec.exe /X{80A0BBB5-4B27-4271-A6F5-8127910B0760}

### {80A0BBB5-4B27-4271-A6F5-8127910B0760} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM R}l[W[=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80AD83AC-F8C3-4B7F-9ABC-E5E3BA07F653}\setup.exe"

### {80AD83AC-F8C3-4B7F-9ABC-E5E3BA07F653}

[Applications] :HKLM TVfunSTUDIO Ver.7.3L05=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{835F719D-9855-4A90-9589-F6B5624C05D3}\Setup.exe" -l0x11 UNINSTALL

### {835F719D-9855-4A90-9589-F6B5624C05D3}

[Applications] :HKLM SNvgRjJ~m^∂p\tgEFA=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869A829F-7952-4825-AA1E-7F4E669162A8}\setup.exe" -l0x11 -unkonica

### {869A829F-7952-4825-AA1E-7F4E669162A8}

[Applications] :HKLM CrazyTalk for Skype v1.0=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\Setup.exe" -l0x11 /uninstall

### {8865B208-4759-4308-8DB5-3C18D2F568E2}

[Applications] :HKLM Intel® Graphics Media Accelerator Driver=RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582

### {8A708DD8-A5E6-11D4-A706-000629E95E20}

[Applications] :HKLM tB^ 1.0=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A7C01FF-BB1A-48E3-85BB-4F306C65962B}\Setup.exe" -l0x11

### {8A7C01FF-BB1A-48E3-85BB-4F306C65962B}

[Applications] :HKLM BeatJam Network Player="C:\Program Files\InstallShield Installation Information\{8ADB46EC-D02B-4A42-BBF6-1DE4E60DC6A0}\setup.exe" UNINSTALL

### {8ADB46EC-D02B-4A42-BBF6-1DE4E60DC6A0} InstallShield ® Setup Launcher InstallShield Software Corporation InstallShield ® 6, 31

[Applications] :HKLM Hot!Update

### {8BCB9FC8-EB0B-4E1A-A5BD-6E3EF48228A1}

[Applications] :HKLM R V~[VSt 58EDITION=MsiExec.exe /X{8E07E2A4-2A49-47C0-BE91-08CB1C4C5031}

### {8E07E2A4-2A49-47C0-BE91-08CB1C4C5031} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM {8E5E94DE-739C-4FB2-A6FA-36E91BFD7AF6}=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E5E94DE-739C-4FB2-A6FA-36E91BFD7AF6}\setup.exe" -l0x11 anything

### {8E5E94DE-739C-4FB2-A6FA-36E91BFD7AF6}

[Applications] :HKLM ≈}jAAbvf[gpbN=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EEF83D0-4B0C-420F-BE83-4E278E4FF693}\udpsetup.exe" -l0x11 UNINSTALL

### {8EEF83D0-4B0C-420F-BE83-4E278E4FF693}

[Applications] :HKLM Microsoft Office Personal Edition 2003=MsiExec.exe /I{90330411-6000-11D3-8CFE-0150048383C9}

### {90330411-6000-11D3-8CFE-0150048383C9} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM ATLAS |p[\i 2005 LE=MsiExec.exe /X{90A497AA-F645-40EA-874A-81496329FA74}

### {90A497AA-F645-40EA-874A-81496329FA74} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM InterVideo WinDVD="C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

### {91810AFC-A4F8-4EBA-A5AA-B198BBC81144} InstallShield ® Setup Launcher InstallShield Software Corporation InstallShield ® 6, 02

[Applications] :HKLM REALTEK Fast Ethernet NIC Driver=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x11 REMOVE

### {94FB906A-CF42-4128-A509-D353026A607E}

[Applications] :HKLM Google SketchUp 6=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly

### {98736A65-3C79-49EC-B7E9-A3C77774B0E6}

[Applications] :HKLM WEBc[=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{997C04B4-FC19-11D3-BCA1-00104B629DA9}\setup.exe"

### {997C04B4-FC19-11D3-BCA1-00104B629DA9}

[Applications] :HKLM SanrioTinyPark

### {9B00BEC8-1486-4844-BE10-ECAC10AA48FA}

[Applications] :HKLM DVD-RAMhCo[=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x11 DVD-RAM Driver

### {9D765FA6-F2BC-40AF-8145-50808F9BDF4E}

[Applications] :HKLM IBM z[y[WEr_[ V9 Cg=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E3F0DD0-CF6B-4823-B466-A42D9463809D}\setup.exe" -l0x11 -removeonly

### {9E3F0DD0-CF6B-4823-B466-A42D9463809D}

[Applications] :HKLM PowerUtility - [g@\

### {9FA1C708-8466-4ABA-A76B-182910E32B8A}

[Applications] :HKLM Windows Defender=MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

### {A06275F4-324B-4E85-95E6-87B2CD729401} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Visual J# .NET Redistributable 1.1- Japanese Language Pack=MsiExec.exe /X{A14E69DD-09B7-4D20-8374-62ED0AAC84E9}

### {A14E69DD-09B7-4D20-8374-62ED0AAC84E9} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM InterVideo FilterSDK=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A15ED800-19FF-11D5-AF7F-0050BA1191E9}\setup.exe" REMOVEALL

### {A15ED800-19FF-11D5-AF7F-0050BA1191E9}

[Applications] :HKLM DVDfunSTUDIO=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A49098C1-980A-4C99-A579-4D10409AD899}\setup.exe" -l0x11

### {A49098C1-980A-4C99-A579-4D10409AD899}

[Applications] :HKLM Apple Software Update=MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

### {A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Google Photos Screensaver=MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}

### {A52415E5-CA1E-44DE-9EDC-D412F31D271C} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM BIGLOBE≈C^[lbg=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6926448-9CCB-4A5B-B036-75779D492AC8}\Setup.exe"

### {A6926448-9CCB-4A5B-B036-75779D492AC8}

[Applications] :HKLM iTunes=MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}

### {AB90749C-7422-4580-8A7A-66CC5E9E5F98} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Adobe Acrobat 7.0.1 and Reader 7.0.1 Update=MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}

### {AC76BA86-0000-7EC8-7489-000000000702} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Adobe Acrobat 7.0.2 and Reader 7.0.2 Update=MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}

### {AC76BA86-0000-7EC8-7489-000000000703} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Microsoft .NET Framework 1.1 Japanese Language Pack=MsiExec.exe /X{AD0DDEC6-4798-4DE5-87DC-4367D694ED06}

### {AD0DDEC6-4798-4DE5-87DC-4367D694ED06} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM FlashAid=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0300041-AF4F-11D4-B662-00D0B72BE137}\setup.exe"

### {B0300041-AF4F-11D4-B662-00D0B72BE137}

[Applications] :HKLM PowerUtility - XPW[@\

### {B351DC34-2758-492A-ADEE-66C17A61860E}

[Applications] :HKLM Google SketchUp 6=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly

### {B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}

[Applications] :HKLM DivX Web Player=C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

### {B7050CBDB2504B34BC2A9CA0A692CC29} DivX Web Player Installer, L:EN, DivX Web Player 1.3.0, DivX Content Uploader 1.1.0, B:DVFA DivX, Inc.

[Applications] :HKLM {B7A9E601-0E82-11D5-AE91-444553540000}

### {B7A9E601-0E82-11D5-AE91-444553540000}

[Applications] :HKLM MyMedia=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB3BFB78-1C0C-4918-B54E-91366265D2FD}\Setup.exe" -l0x11 UNINSTALL

### {BB3BFB78-1C0C-4918-B54E-91366265D2FD}

[Applications] :HKLM c{ bNX=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC97B4E7-1E51-4E82-96F3-C724F4A5D928}\Setup.exe"

### {BC97B4E7-1E51-4E82-96F3-C724F4A5D928}

[Applications] :HKLM Macromedia Flash Player=MsiExec.exe /X{c2c211ae-6591-4388-b11b-a5f42d19ff04}

### {c2c211ae-6591-4388-b11b-a5f42d19ff04} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM FUJITSU π∫=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2D1250E-B0B5-4DE2-BC80-F20DB15704FD}\Setup.exe" -l0x11 remove

### {C2D1250E-B0B5-4DE2-BC80-F20DB15704FD}

[Applications] :HKLM Samsung PC Studio=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly

### {C4A4722E-79F9-417C-BD72-8D359A090C97}

[Applications] :HKLM ^b`{^=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C72FFCFB-DB72-49B0-AAE1-AA54B47B9BB0}\setup.exe"

### {C72FFCFB-DB72-49B0-AAE1-AA54B47B9BB0}

[Applications] :HKLM P470{Lr=MsiExec.exe /X{C825D2F9-F117-4B0A-B133-6573A164F085}

### {C825D2F9-F117-4B0A-B133-6573A164F085} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Microsoft .NET Framework 1.1=MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

### {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM Me=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD2E839D-E720-4AB3-8477-6979DCAE95F8}\Setup.exe" -l0x11

### {CD2E839D-E720-4AB3-8477-6979DCAE95F8}

[Applications] :HKLM xm g@\[eBeB=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF4F0890-8782-4EFA-BE60-56C7EB783CB4}\setup.exe"

### {CF4F0890-8782-4EFA-BE60-56C7EB783CB4}

[Applications] :HKLM OpenMG Secure Module 4.1.00

### {D1446DB3-44B1-4688-8568-B55D9BD05B12}

[Applications] :HKLM PhotoNow! 1.0=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall

### {D36DD326-7280-11D8-97C8-000129760CBE}

[Applications] :HKLM So-netPX^[^[V2.3=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3B16DA0-1E93-11D5-A26F-009027CB933C}\Setup.exe" -l0x11 UnInst

### {D3B16DA0-1E93-11D5-A26F-009027CB933C}

[Applications] :HKLM GTA San Andreas=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly

### {D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}

[Applications] :HKLM MediaShow 3.0=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall

### {D5A9B7C0-8751-11D8-9D75-000129760D75}

[Applications] :HKLM Ǜǻ≈sudbX^[^

### {D97B89AA-D399-4152-81CE-FBB9C3688E36}

[Applications] :HKLM Google Toolbar for Internet Explorer=MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

### {DBEA1034-5882-4A88-8033-81C4EF0CFA29} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM MediaStage SE=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD059A39-30F9-4DBC-BFC9-717323B4CE50}\Setup.exe" -l0x11

### {DD059A39-30F9-4DBC-BFC9-717323B4CE50}

[Applications] :HKLM {DD4F051C-1A2B-4A91-B187-B093C597418C}=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD4F051C-1A2B-4A91-B187-B093C597418C}\setup.exe" -l0x11 anything

### {DD4F051C-1A2B-4A91-B187-B093C597418C}

[Applications] :HKLM {DF18108B-E5D8-4EE9-96D4-DB9B9A311780}=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF18108B-E5D8-4EE9-96D4-DB9B9A311780}\setup.exe" -l0x11

### {DF18108B-E5D8-4EE9-96D4-DB9B9A311780}

[Applications] :HKLM Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)=MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}

### {E09B48B5-E141-427A-AB0C-D3605127224A} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM BeatJam=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1E98A6B-880A-4212-9BE0-65637D4D59F8}\Setup.exe" -l0x11 UNINSTALL

### {E1E98A6B-880A-4212-9BE0-65637D4D59F8}

[Applications] :HKLM eso=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2C4F4A0-534E-11D4-B662-00D0B72BE137}\setup.exe"

### {E2C4F4A0-534E-11D4-B662-00D0B72BE137}

[Applications] :HKLM [=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E440FCB2-6CA6-46A4-BA67-CEF6C009165F}\setup.exe"

### {E440FCB2-6CA6-46A4-BA67-CEF6C009165F}

[Applications] :HKLM Norton Security Scan=MsiExec.exe /I{E5431FB5-B3EB-46C8-8275-F6447131C98A}

### {E5431FB5-B3EB-46C8-8275-F6447131C98A} WindowsR installer Microsoft Corporation Windows Installer - Unicode 3.1.4000.1823

[Applications] :HKLM FMVIC[U[o^=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5DA1223-E078-4D5A-9D50-386D15500764}\setup.exe"

### {E5DA1223-E078-4D5A-9D50-386D15500764}

[Applications] :HKLM FMV`[

### {EA934267-3D11-4591-88EA-374CC6618A9E}

[Applications] :HKLM Samsung PC Studio 3 USB Driver Installer=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly

### {EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}

[Applications] :HKLM MotionDV STUDIO 5.5J for FUJITSU=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE5715F3-6770-4E58-BFC5-BD6CD7D95486}\setup.exe" -l0x11 UNINSTALL

### {EE5715F3-6770-4E58-BFC5-BD6CD7D95486}

[Applications] :HKLM {F1475FA2-BC50-4B6D-A825-80FC2DFE57BE}=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1475FA2-BC50-4B6D-A825-80FC2DFE57BE}\Setup.exe" -l0x11

### {F1475FA2-BC50-4B6D-A825-80FC2DFE57BE}

[Applications] :HKLM ǧǵVs=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F41DAAD0-58A1-4A9D-B0E8-304D3748D555}\setup.exe"

### {F41DAAD0-58A1-4A9D-B0E8-304D3748D555}

[Applications] :HKLM Realtek AC'97 Audio=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x11 -removeonly

### {FB08F381-6533-4108-B7DD-039E11FBC27E}

[Applications] :HKLM ǃǴǜǴ∆v}S=C:\PROGRA~1\mom4\UNINST.EXE C:\PROGRA~1\mom4\mom4INST.LOG

### ǃǴǜǴ∆v}S

[Applications] :HKLM vAgXSV=C:\Program Files\ALPSMAP\Common\paSVuninst.exe

### vAgXSV PaSVUninst ()AvX vAgXSVACXg[ 1, 0, 0, 1

[Applications] :HKLM ∑ ∑∏Z="C:\Program Files\∑∑∏Z\unins000.exe"

### ∑ ∑∏Z_is1 Uninstaller Inno Setup

[Applications] :HKLM ∑ \≈=C:\Program Files\Jrail\uninst.exe C:\Program Files\Jrail

### ∑ \≈ ACXg[ JORUDAN Co.,Ltd. ACXg[ 1, 2, 2, 0

[Applications] :HKLM `˚V Light=C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\KShogi3L\Uninst.isu"

### `˚V Light InstallShield ® unInstaller InstallShield Software Corporation InstallShield ® unInstaller 5, 51

[Applications] :HKLM MNjfl Ver.15

### MNjfl Ver.15

[Applications] :HKLM obhLgirQ[^=C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\pcdNavi\Uninst.isu"

### obhLgirQ[^ InstallShield ® unInstaller InstallShield Software Corporation InstallShield ® unInstaller 5, 51

--END OF FILE--

One note - the attached pictures show a detection and error that occured after a restart while making the last logfile included today - perhaps due to a conflict that might have to do with running the combofix software on the previous restart of Windows. I dunno. Hope it helps!

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 29 October 2007 - 04:00 PM

Make sure you plug in all drives you suspect are infected and the tool should clean them.

Copy the text below to notepad and save it to the desktop with the name CFScript.txt

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001

Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script.


Once completed,post the new CombFix log and a fresh HijackThis log.

Edited by Cretemonster, 29 October 2007 - 04:01 PM.


#7 andwhy

andwhy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 01 November 2007 - 09:37 PM

I did all you said. It looks cleaned - but now Explorer has crashed a few times after playing music files, and when drives aer plugged in/CDs inserted the dialog box asking about what you would like to do with the new media does not appear. Any hints?

And here are the latest log files:

ComboFix 07-10-23.2 - Owner 2007-10-30 18:55:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.131 [GMT 9:00]
Running from: C:\Documents and Settings\Owner\デスクトップ\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\デスクトップ\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-22 19:39 <DIR> d-------- C:\RootkitNO
2007-10-22 19:08 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2007-10-22 19:08 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-10-22 19:08 C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-10-22 19:07 8,944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys
2007-10-19 12:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2007-09-06 21:59 <DIR> d--h----- C:\Documents and Settings\Owner\Application Data\CNSViewer
2007-09-06 21:47 <DIR> d--h----- C:\TVfunSTUDIO_Data

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 06:19 --------- d-----w C:\Program Files\Norton Security Scan
2007-10-22 10:01 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-22 09:50 --------- d-----w C:\Program Files\Screenshot Pilot
2006-03-20 06:37 5,689,344 ----a-w C:\Program Files\mplayerc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 21:00]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 15:10 C:\WINDOWS\AGRSMMSG.exe]
"KPDrv4Xp"="C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE" [2005-02-21 19:15]
"IndicatorUtility"="C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe" [2005-06-08 09:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe" [2005-06-13 11:14]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-06-13 11:39]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 09:20]
"INETCONDSP"="C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe" [2005-01-14 20:48]
"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2004-02-18 07:53]
"IRRCManager"="C:\Program Files\Fujitsu\?????R??}?l?[?W???[\IRRCManager.exe" []
"PUSCKAPLEXE"="C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe" [2005-06-27 16:30]
"LoadPUSCDaemon"="C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe" [2005-06-27 14:43]
"FMVランチャー"="C:\fjuty\wallbtn\FMVLauncher.exe" [2005-02-17 13:22]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\chitose\updatenv.exe" [2006-03-30 14:55]
"MyMedia Server Helper"="C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe" [2005-06-17 15:33]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 C:\WINDOWS\SOUNDMAN.EXE]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-01-01 02:39]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 06:22]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 08:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 21:23]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-29 04:21]
"FMV???`???["="C:\fjuty\wallbtn\FMVLauncher.exe" [2005-02-17 13:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 06:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon.exe" [2007-09-17 16:37]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=ctfmon.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

R0 FJGPNV;FJGPNV;C:\WINDOWS\system32\drivers\FJGPNV.SYS
R2 bgsvclib;B's Recorder GOLD Library Service;C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
R2 FlashDrv;FlashDrv;\??\C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys
R2 LampDrv;LampDrv;\??\C:\Program Files\Fujitsu\iNetConDsp\LampDrv.sys
R2 MMKBD;Fujitsu USB HID Device Filter Driver;C:\WINDOWS\system32\DRIVERS\mmkbd.sys
R2 MrnTS_Sync5;Morrin Thumbnail Synchronized Service 5;"C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe"
R2 PSS Core;PSS Core;C:\Program Files\Common Files\Panasonic\PSSCore.exe
R2 PUSCSYS;PUSCSYS;\??\C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSYS.sys
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys
R3 mb86395PCI;mb86395PCI;C:\WINDOWS\system32\DRIVERS\pxmb395pci.sys
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
S3 ADVNTDRV;ADVNTDRV;C:\WINDOWS\system32\drivers\ADVNTDRV.SYS
S3 KS396U;Fujitsu Built-In TV WDM Video Capture;C:\WINDOWS\system32\DRIVERS\KS396U.sys
S3 putlrsrv;PowerUtility Remote Power Management Service;C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
S3 PxDtvPci;PIX-DTTV/P1W;C:\WINDOWS\system32\DRIVERS\pxdtvpci.sys
S3 sh2bus;SHARP 902SH_802SH USB Control driver (WDM);C:\WINDOWS\system32\DRIVERS\sh2bus.sys
S3 sh2mdfl;SHARP 902SH_802SH Modem Filter;C:\WINDOWS\system32\DRIVERS\sh2mdfl.sys
S3 sh2mdm;SHARP 902SH_802SH Modem Driver;C:\WINDOWS\system32\DRIVERS\sh2mdm.sys
S3 sh2mgmt;SHARP 902SH_802SH AT Command Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sh2mgmt.sys
S3 sh2obex;SHARP 902SH_802SH OBEX Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sh2obex.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command - ntdelect.com
explore\Command - ntdelect.com
open\Command - ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - ntdelect.com
explore\Command - ntdelect.com
open\Command - ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command - ntdelect.com
explore\Command - ntdelect.com
open\Command - ntdelect.com

.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 08:09:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-30 09:50:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-26 06:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 18:57:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FMVランチャー"="C:\\fjuty\\wallbtn\\FMVLauncher.exe"
.
Completion time: 2007-10-30 18:59:04
C:\ComboFix2.txt ... 2007-10-29 08:37
.
--- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:36 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\fjuty\wallbtn\FMVLauncher.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\デスクトップ\Virus\More Virus Stuff\jiznakdat.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [INETCONDSP] "C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\?????R??g?}?l?[?W???[\IRRCManager.exe
O4 - HKLM\..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
O4 - HKLM\..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
O4 - HKLM\..\Run: [FMVランチャー] C:\fjuty\wallbtn\FMVLauncher.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [MyMedia Server Helper] "C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [FMV???`???[] C:\fjuty\wallbtn\FMVLauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun ?I Java ?R??\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: ???T?[?` - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - 株式会社モーリン - C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsubleepa Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VRService - Matsubleepa Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe

--
End of file - 10191 bytes


Thanks Cretemonster! -Andy

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 November 2007 - 04:39 AM

This is crazy stuff,I havent had time to run this app but its by the same author as ComboFix so it should be too difficult.

See if the flashdisinfector tool wont work on this.
http://www.techsupportforum.com/sectools/s...Disinfector.exe


Remember to plug in all your drives.

#9 andwhy

andwhy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 20 November 2007 - 01:34 AM

Thanks for the extra software. Everything looks and acts clean now as far as my PC, camera and USB drive are concerned. Any tips on where to ask for help with my MAC??? Thanks again Cretemonster!

-A <3




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users