Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zlob.dns Changer, Keeps Comming Back


  • Please log in to reply
25 replies to this topic

#1 Bajo

Bajo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 11 January 2008 - 08:47 PM

I'm having trouble with this pice of junk for a few days now. I even manually deleted the registry files but it does not help.
HJT says Im' cleam but S&D finds it and it brings up a dial up connection. Also Hitman pro 2 finds it and removes it but it comes back,

System:
Xp pro SP2
NOD32 defs:2784
Outpost 4,0,964
Mozilla 1.7
Thunderbird 1.5
Ad Aware says I'm clean, finds only neglible risks

Any help on how to remove it is very welcome.

Spybot log:
--- Search result list ---
Zlob.DNSChanger: TCP/IP Settings #1 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2F579A6-B6AE-4DA2-BBD3-CD2F27132A7F}\DhcpNameServer=208.67.220.220,208.67.222.222


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-01-09 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-01-09 Includes\DialerC.sbi (*)
2008-01-09 Includes\HeavyDuty.sbi (*)
2007-12-26 Includes\Hijackers.sbi (*)
2008-01-09 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2008-01-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-01-09 Includes\Malware.sbi (*)
2008-01-09 Includes\MalwareC.sbi (*)
2004-08-11 Includes\plugin-ignore.ini
2007-10-24 Includes\PUPS.sbi (*)
2008-01-09 Includes\PUPSC.sbi (*)
2008-01-09 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-01-09 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2008-01-09 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (*)
2008-01-09 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:

Located: HK_LM:Run, ATIPTA
command: "D:\ATI Control Panel\atiptaxx.exe"
file: D:\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 0bc11b0f5dbd99089157fcf6267a812c

Located: HK_LM:Run, BluetoothAuthenticationAgent
command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58984
MD5: dd35c08bad29b1c0ba6e6dbb1034769c

Located: HK_LM:Run, Easy-PrintToolBox
command: C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
file:

Located: HK_LM:Run, iTunesHelper
command: "D:\iTunes\iTunesHelper.exe"
file: D:\iTunes\iTunesHelper.exe
size: 257088
MD5: b0e9efadf04e9e25c0001b48757f3e71

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 55824
MD5: f9e700bb7257ef2cdcb22ee499329e29

Located: HK_LM:Run, MBM 5
command: "D:\Motherboard Monitor 5\MBM5.EXE"
file: D:\Motherboard Monitor 5\MBM5.EXE
size: 594432
MD5: 090261b46c2a689be9b1dd5d6f80e288

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, nod32kui
command: "D:\Eset\nod32kui.exe" /WAITSERVICE
file: D:\Eset\nod32kui.exe
size: 949376
MD5: 5323ffad4055db50f1656d79c83c1ddf

Located: HK_LM:Run, NVMixerTray
command: "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
file: C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 37fff683aee7f09f5f7087138192bf02

Located: HK_LM:Run, Outpost Firewall
command: D:\Outpost Firewall\outpost.exe /waitservice
file:

Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: d5bc63d2822b8e244e53d2ff8078cc6b

Located: HK_LM:Run, SmartGuardian
command: D:\Smart Guardian\ITESmart.exe
file: D:\Smart Guardian\ITESmart.exe
size: 180224
MD5: 2dd07415f76156ade161760becf912ee

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: d4f0f7437327dbaa264338baafb5e5af

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 1eda1c63e0d2ae1aebdf98083454079c

Located: HK_CU:Run, AtiTrayTools
command: "D:\ATI Tray Tools\atitray.exe"
file: D:\ATI Tray Tools\atitray.exe
size: 516608
MD5: 8735c1e8a8c09ff14f3ee4c8d7d08c3b

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, SeaMonkey Quick Launch
command: "D:\SeaMonkey\SeaMonkey.exe" -turbo
file: D:\SeaMonkey\SeaMonkey.exe
size: 151552
MD5: 7b1017f8ca1a6e6093c79385d68fe2f3

Located: Startup (common), Last.fm Helper.lnk
command: D:\Last.fm\LastFMHelper.exe
file: D:\Last.fm\LastFMHelper.exe
size: 110592
MD5: 8555f2e7ef38b7c413727a6241999ee8

Located: Startup (common), Logitech SetPoint.lnk
command: D:\Logitech\SetPoint\SetPoint.exe
file: D:\Logitech\SetPoint\SetPoint.exe
size: 784912
MD5: 4212d11c8599a16f05e8cc68f3177673

Located: Startup (user), Adobe Gamma.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, LBTWlgn
command: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
file: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
size: 72208
MD5: 73c4183ca90466efcc7326ce98d74528

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll



--- Browser helper object list ---


--- ActiveX list ---
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24.9.2007 22:31:44
Date (last access): 12.1.2008 1:46:44
Date (last write): 25.9.2007 0:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class)
DPF name:
CLSID name: CRLDownloadWrapper Class
Installer:
Codebase: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Path: C:\WINDOWS\Downloaded Program Files\
Long name: crlocx.ocx
Short name:
Date (created): 6.11.2007 2:53:54
Date (last access): 11.1.2008 9:48:56
Date (last write): 6.11.2007 2:53:56
Filesize: 43760
Attributes: archive
MD5: 83412AE824500F533C22599DCAE43F1A
CRC32: AB100875
Version: 1.0.0.1



--- Process list ---
PID: 0 ( 0) [System]
PID: 1208 ( 4) \SystemRoot\System32\smss.exe
PID: 1340 (1208) \??\C:\WINDOWS\system32\csrss.exe
PID: 1376 (1208) \??\C:\WINDOWS\system32\winlogon.exe
PID: 1420 (1376) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1432 (1376) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1608 (1420) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1688 (1420) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1888 (1420) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1948 (1420) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 408 (1420) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 976 ( 936) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1080 (1420) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 181864
MD5: 2652D3E89E6FDAB77891B687E02113BA
PID: 1104 (1420) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 198248
MD5: 087238E6A0A67EBDF70B160814FEAE74
PID: 520 (1420) D:\Ad-Aware 2007\aawservice.exe
size: 587096
MD5: 25F8546FD40E40EC5A2A23AECAE4FDCA
PID: 1344 ( 976) C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 37FFF683AEE7F09F5F7087138192BF02
PID: 1560 (1420) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1652 ( 976) D:\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 0BC11B0F5DBD99089157FCF6267A812C
PID: 1836 ( 976) D:\Eset\nod32kui.exe
size: 949376
MD5: 5323FFAD4055DB50F1656D79C83C1DDF
PID: 1844 ( 976) C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF
PID: 1852 ( 976) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58984
MD5: DD35C08BAD29B1C0BA6E6DBB1034769C
PID: 1916 ( 976) D:\Motherboard Monitor 5\MBM5.EXE
size: 594432
MD5: 090261B46C2A689BE9B1DD5D6F80E288
PID: 1992 ( 976) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 440 ( 976) D:\Smart Guardian\ITESmart.exe
size: 180224
MD5: 2DD07415F76156ADE161760BECF912EE
PID: 2032 ( 976) D:\iTunes\iTunesHelper.exe
size: 257088
MD5: B0E9EFADF04E9E25C0001B48757F3E71
PID: 536 ( 976) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 1EDA1C63E0D2AE1AEBDF98083454079C
PID: 612 ( 976) D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: D5BC63D2822B8E244E53D2FF8078CC6B
PID: 620 ( 976) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 636 ( 976) D:\ATI Tray Tools\atitray.exe
size: 516608
MD5: 8735C1E8A8C09FF14F3EE4C8D7D08C3B
PID: 720 ( 976) D:\Last.fm\LastFMHelper.exe
size: 110592
MD5: 8555F2E7EF38B7C413727A6241999EE8
PID: 840 ( 976) D:\Logitech\SetPoint\SetPoint.exe
size: 784912
MD5: 4212D11C8599A16F05E8CC68F3177673
PID: 952 (1608) D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
size: 77824
MD5: 59380D1808A83AA4150F550F45BEE3A9
PID: 1048 (1420) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
size: 172032
MD5: D5A40B566B6BF947B2E643DE621B1BDE
PID: 2196 ( 840) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
size: 55824
MD5: 0C3BF35A6AADC2708875DA3B866A22E0
PID: 2332 (1420) C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
size: 110592
MD5: 55F24E6EC983FCC7510293B05A27CEEC
PID: 2368 (1420) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2500 (1420) D:\Eset\nod32krn.exe
size: 552064
MD5: 7DA9D9593081CB76FCCDAB3F14438370
PID: 2648 (1420) D:\NORTON~1\NORTON~1\NPROTECT.EXE
size: 95328
MD5: 81E45A1E03F1FCCBDCE761D0D8845B6A
PID: 2712 (1420) D:\Outpost Firewall\outpost.exe
size: 94720
MD5: 3ADAED9541D900F226CB0074613A1E03
PID: 2748 (1420) C:\WINDOWS\system32\PnkBstrA.exe
size: 66872
MD5: 831883B107684301F48ACE752C963984
PID: 2904 (1420) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
size: 856064
MD5: F8076ABDA4B2A04983CBFBBC910F5477
PID: 2928 (1420) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
size: 155648
MD5: 99120CD3351D989107DAABE735998792
PID: 3104 (1420) D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
size: 181416
MD5: F15D5050C234D07E85D224C346476B89
PID: 3152 (1420) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3180 (1420) C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
size: 2159104
MD5: B94B99C8F36E2128CABC88B148787034
PID: 3636 (1420) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 819352
MD5: F11341CD0D1DC5EFF5FEFFCC7424984E
PID: 3800 (1420) C:\Program Files\iPod\bin\iPodService.exe
size: 500800
MD5: 661194608009B558DE1925C7EBE1A4BA
PID: 2064 (1420) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3404 (1420) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3940 ( 976) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 3320 (3940) D:\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3112 ( 976) D:\Thunderbird\thunderbird.exe
size: 8479856
MD5: 63D9D78D9977E5BFAA524EFF37B30AA5
PID: 3292 ( 976) C:\Program Files\Skype\Phone\Skype.exe
size: 22880040
MD5: 72F095A18223E1072F242EA25D1C6E8E
PID: 388 (3292) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 2040776
MD5: 942A6D257DBDA957C4B19169B3BBBC7D
PID: 2700 ( 976) D:\Total Uninstall 3\Tu.exe
size: 2243584
MD5: 12D6B6EE40EB1BAF1C379B82067BD83A
PID: 1516 ( 976) D:\Mozilla\mozilla.exe
size: 98192
MD5: 60949311D9B94A9FF4BDD5AE380DAD75
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12.1.2008 2:21:19

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: NOD32 protected [MSAFD Tcpip [TCP/IP]]
GUID: {A630DA18-BD5F-4DDF-9D81-8FC84C981FC2}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 1: NOD32 protected [MSAFD Tcpip [UDP/IP]]
GUID: {EACACE5E-2F33-4A31-B7ED-6B4E1F493E09}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 2: NOD32 protected [MSAFD Tcpip [RAW/IP]]
GUID: {5FB532E2-89F7-43C0-8A2E-1341C3C32358}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 3: NOD32 protected [RSVP UDP Service Provider]
GUID: {7651F150-E13C-427E-B025-B681BB80B510}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 4: NOD32 protected [RSVP TCP Service Provider]
GUID: {E662C53E-7F73-4C3E-AC6A-F2A85C524B42}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 11: NOD32
GUID: {28A4D8DA-E908-4C6F-A926-A66CC7AD3224}
Filename: C:\WINDOWS\system32\imon.dll



--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Flash Player Plugin 9.0.47.0 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

Adobe Photoshop CS2 9.0 (Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 9
version (major): 9
install location: D:\Adobe Photoshop CS2\
uninstall cmd: msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

Adobe Shockwave Player 10.2.0.22 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave

(Agnitum Outpost Firewall Pro)

Agnitum Outpost Firewall Pro 4.0 (Agnitum Outpost Firewall Pro_is1)
install date: 20070422
install location: D:\Outpost Firewall\
uninstall cmd: D:\Outpost Firewall\uninst.exe
publisher: Agnitum, Ltd.
help link: http://www.agnitum.com/support/index.php

ATI Display Driver NGO-ATI-OD-173 (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Auto Gordian Knot 2.40 2.40 (AutoGK)
uninstall cmd: D:\AutoGK\uninst.exe
publisher: len0x

AviSynth 2.5 (AviSynth)
uninstall cmd: "C:\Program Files\AviSynth 2.5\Uninstall.exe"

Azureus 2.5.0.4 (Azureus)
install location: C:\Program Files\Azureus
uninstall cmd: C:\Program Files\Azureus\Uninstall.exe

(Branding)

Canon PIXMA iP3000 (CANONBJ_Deinstall_CNMCP61.DLL)
uninstall cmd: C:\WINDOWS\system32\CNMCP61.exe "-PRINTERNAMECanon PIXMA iP3000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmi0409.dll"

CCleaner (remove only) (CCleaner)
uninstall cmd: "D:\CCleaner\uninst.exe"

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

Canon Utilities Easy-PhotoPrint (Easy-PhotoPrint)
uninstall cmd: D:\Canon\Easy-PhotoPrint\uninst.exe D:\Canon\Easy-PhotoPrint\uninst.ini

Canon Utilities Easy-PrintToolBox (Easy-PrintToolBox)
uninstall cmd: C:\WINDOWS\BJPSUNST.EXE

Easy-WebPrint (Easy-WebPrint)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fD:\Canon\Easy-WebPrint\Uninst.isu

(Fontcore)

Grand Prix 4 2006 v4.1 (Grand Prix 4 2006 v4.1)
uninstall cmd: "C:\WINDOWS\Grand Prix 4 2006\uninstall.exe" "/U:D:\Igre\Grand Prix 4 2006\Uninstall\uninstall.xml"
publisher: Nichols Software Solutions
contact: Nichols Software Solutions Support Department
help link: http://home.iprimus.com.au/lnichols

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: D:\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

ICQ (ICQ)
uninstall cmd: D:\ICQ\ICQUninstall.EXE

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Call of Duty® 4 - Modern Warfare™ 1.3 Patch (InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F})
uninstall cmd: C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409

Call of Duty® 4 - Modern Warfare™ 1.4 Patch (InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C})
uninstall cmd: C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409

PowerQuest PartitionMagic 8.0 8.00.000 (InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804})
version: 134217728
version (major): 8
estimated size: 46018
install date: 20070423
install location: D:\PartitionMagic 8.0\
install source: D:\Partition Magic insatll\Setup\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
publisher: PowerQuest
comments: PowerQuest Inc.
contact: Customer Support Department
help link: http://www.powerquest.com/support
help telephone: 1-801-226-6834
readme: Readme.txt

(InstallShield_{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E})

Call of Duty® 2 1.3 (InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374})
version: 16777216
version (major): 1
estimated size: 3582472
install date: 20070619
install location: D:\Igre\Call of Duty 2\
install source: H:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
publisher: Activision
comments: Call of Duty® 2
contact: Technical Support
help link: http://activision.custhelp.com

Call of Duty® 4 - Modern Warfare™ 1.4 (InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217})
version: 16777216
version (major): 1
estimated size: 6497364
install date: 20071108
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: D:\igre\cod4rar\rzr-cod4\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
publisher: Activision
contact: Technical Support
help link: http://activision.custhelp.com

Call of Duty® 4 - Modern Warfare™ 1.2 Patch (InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD})
uninstall cmd: C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB889858)

(KB891122)

(KB892313)

(KB893240)

(KB893241)

3.1 (KB893803)
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

(KB895181)

(KB895316)

(KB895572)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB907658)

(KB911565)

(KB911854)

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20080110
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20080110
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239

K-Lite Codec Pack 3.01 Full 3.01 (KLiteCodecPack_is1)
install date: 20070505
install location: D:\K-Lite Codec Pack\
uninstall cmd: C:\Documents and Settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe

Last.fm 1.3.2.13 (LastFM_is1)
install date: 20071103
install location: D:\Last.fm\
uninstall cmd: "D:\Last.fm\unins000.exe"
publisher: Last.fm
help link: http://www.last.fm

LimeWire 4.12.11 4.12.11 (LimeWire)
uninstall cmd: "D:\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.5 (Symantec Corporation) 2.5.55.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Magic ISO Maker v5.4 (build 0239) (Magic ISO Maker v5.4 (build 0239))
uninstall cmd: D:\MagicISO\UNWISE.EXE D:\MagicISO\INSTALL.LOG

CD-LabelPrint (MediaNavigation.CDLabelPrint)
install location: D:\Canon\CD-LabelPrint\
uninstall cmd: "D:\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(MobileOptionPack)

Motherboard Monitor 5 5 (Motherboard Monitor 5_is1)
uninstall cmd: "D:\Motherboard Monitor 5\unins000.exe"
publisher: Alexander van Kaam

Mozilla (1.7.13) (Mozilla (1.7.13))
uninstall cmd: C:\WINDOWS\MozillaUninstall.exe /ua "1.7.13 (en)"

Mozilla Firefox (2.0.0.11) 2.0.0.11 (en-US) (Mozilla Firefox (2.0.0.11))
install location: D:\Firefox
uninstall cmd: D:\Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

Mozilla Thunderbird (2.0.0.9) 2.0.0.9 (en-US) (Mozilla Thunderbird (2.0.0.9))
install location: D:\Thunderbird
uninstall cmd: D:\Thunderbird\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Thunderbird

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Ahead Nero Burning ROM (Nero - Burning Rom!UninstallKey)
uninstall cmd: D:\Nero6\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Digital (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

NOD32 antivirus system (NOD32)
uninstall cmd: D:\Eset\Setup\setup.exe /UNINSTALL

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(PhotoRecord)

Ray Adams ATI Tray Tools (rayatitray)
uninstall cmd: "D:\ATI Tray Tools\uninstall.exe"

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(SBEWIN32.EXE)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}

(SchedulingAgent)

SeaMonkey (1.1.7) (SeaMonkey (1.1.7))
uninstall cmd: C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.7 (en)"

(Sevinst)

(Shockwave)

9.0.115.0 (ShockwaveFlash)

Smart Guardian (Smart Guardian)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"D:\Smart Guardian\Uninst.isu"

SopCast 1.1.2 1.1.2 (SopCast)
uninstall cmd: D:\SopCast\uninst.exe

SopCore 1.1.2 1.1.2 (SopCore)
uninstall cmd: C:\Program Files\SopCast\uninst.exe

Spyware Doctor 4.0 4.0 (Spyware Doctor)
install location: C:\Program Files\Spyware Doctor\
uninstall cmd: C:\Program Files\Spyware Doctor\unins000.exe
publisher: PC Tools
help link: http://www.pctools.com/en/spyware-doctor/support/

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Norton SystemWorks 2005 (Symantec Corporation) 8.00.99 (SymSetup.{71E7B3F5-CFAF-4C1E-B494-528E28707937})
install location: D:\Norton SystemWorks
install source: H:\driveri\NSW2005 (H_)
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe /X
publisher: Symantec Corporation

TVAnts 1.0 (TVAnts 1.0)
uninstall cmd: D:\TVAnts\UNWISE.EXE D:\TVAnts\INSTALL.LOG

TVUPlayer 2.3.3.2 2.3.3.2 (TVUPlayer)
uninstall cmd: C:\Program Files\TVUPlayer\uninst.exe
publisher: TVU networks

VideoLAN VLC media player 0.8.6c 0.8.6c (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

vLite 1.1.2 (vLite_is1)
install date: 20071205
install location: D:\vLite\
uninstall cmd: "D:\vLite\unins000.exe"
publisher: Dino Nuhagic (nuhi)
help link: http://www.vLite.net

VobSub v2.23 (Remove Only) (VobSub)
uninstall cmd: "C:\Program Files\Gabest\VobSub\uninstall.exe"

VTTV 1.0.1 1.0.1 (VTTV)
uninstall cmd: D:\VTTV\uninst.exe

WatchPorn (WatchPorn)
install location: C:\Program Files\WatchPorn
uninstall cmd: "C:\Program Files\WatchPorn\Uninstall.exe"

Winamp (remove only) (Winamp)
uninstall cmd: "D:\Winamp\UninstWA.exe"

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: D:\WinRAR\uninstall.exe

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

XviD MPEG4 Video Codec (remove only) (XviD MPEG4 Video Codec)
uninstall cmd: "C:\WINDOWS\system32\xvid-uninstall.exe"

Call of Duty® 4 - Modern Warfare™ 1.3 Patch 1.3 ({050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F})
version: 16973824
version (major): 1
version (minor): 3
estimated size: 7680
install date: 20071208
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\{92F8601D-62CB-496F-8679-909FD680645F}\
publisher: Activision

ATI Control Panel 6.14.10.5173 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

CDDRV_Installer 4.24.15 ({0C826C5B-B131-423A-A229-C71B3CACCD6A})
version: 68681743
version (major): 4
version (minor): 24
estimated size: 2173
install date: 20071214
install location: C:\Program Files\Common Files\Logishrd\CDDRV2\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\{BB914D41-7750-4CF6-B566-419B42A070A2}\
uninstall cmd: MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
publisher: Logitech

4.0 ({0D330013-4A99-46D6-83C6-2C959C68DBFF})
version: 67108864
version (major): 4
estimated size: 1683
install date: 20070423
install source: D:\roxio8\CD1\DVDINFOPRO_40\
uninstall cmd: MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
publisher: Sonic Solutions

Adobe Photoshop CS2 9.0 ({236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 150994944
version (major): 9
estimated size: 639892
install date: 20070423
install location: D:\Adobe Photoshop CS2\
install source: D:\Downloads\Software\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe® Photoshop® CS2\
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

Need for Speedâ„¢ Carbon ({259C0ABB-A3B2-4D70-008F-BF7EE491B70B})
uninstall cmd: C:\Documents and Settings\Isus\Local Settings\Temp\eauninstall.exe

2.3.0 ({26792CA7-D87A-4DBE-896B-C2F66B344511})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 22602
install date: 20070423
install source: D:\roxio8\CD1\CINEPLAYER_23\
uninstall cmd: MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
publisher: Roxio
help link: http://www.cineplayer.com/default.asp?af=%...%s&lang=ENU

KhalInstallWrapper 4.24.99 ({3101CB58-3482-4D21-AF1A-7057FC935355})
version: 68681827
version (major): 4
version (minor): 24
estimated size: 1289
install date: 20071214
install location: C:\Program Files\Logitech\KhalInstallWrapper\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\pft52.tmp\1-SetPoint\KHAL\
uninstall cmd: MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
publisher: Logitech

J2SE Runtime Environment 5.0 Update 9 1.5.0.90 ({3248F0A8-6813-11D6-A77B-00B0D0150090})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 130117
install date: 20070422
install source: C:\Documents and Settings\Isus\Local Settings\Application Data\Sun\Java\jre1.5.0_09\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: D:\jre1.5.0_09\README.txt

Java™ SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 137306
install date: 20070423
install source: http://javadl.sun.com/webapps/download/Get...6/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt

Java™ 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113906
install date: 20070723
install source: http://javadl.sun.com/webapps/download/Get...6/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

Java™ 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113966
install date: 20071024
install source: http://javadl.sun.com/webapps/download/Get...5/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_03\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20070422
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Call of Duty® 4 - Modern Warfare™ 1.4 Patch 1.4 ({3BD633E0-4BF8-4499-9149-88F0767D449C})
version: 17039360
version (major): 1
version (minor): 4
estimated size: 13928
install date: 20071223
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\{F913DC7F-88B2-478A-9497-9024E6AAA159}\
publisher: Activision

Spy Sweeper 4.5 ({5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1)
install location: C:\Program Files\Webroot\Spy Sweeper\
uninstall cmd: "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
publisher: Webroot Software, Inc.

Skypeâ„¢ 3.5 3.5.239 ({5C82DAE5-6EB0-4374-9254-BE3319BA4E82})
version: 50659567
version (major): 3
version (minor): 5
estimated size: 32634
install date: 20071003
install location: C:\Program Files\Skype\
install source: C:\Documents and Settings\All Users\Application Data\Skype\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\
uninstall cmd: MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/3.5.0.239/en/help

QuickTime 7.1.5.120 ({5E863175-E85D-44A6-8968-82507D34AE7F})
version: 117506053
version (major): 7
version (minor): 1
estimated size: 72135
install date: 20070509
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\IXP020.TMP\
uninstall cmd: MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Norton CleanSweep 1.0.0 ({634B01DF-A45B-4623-80E1-E15FF82A4979})
version: 16777216
version (major): 1
estimated size: 14484
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\NCS\
uninstall cmd: MsiExec.exe /I{634B01DF-A45B-4623-80E1-E15FF82A4979}
publisher: <no manufacturer>

6.0.0 ({637099FB-45FD-4BC7-9651-6FB540DBB749})
version: 100663296
version (major): 6
estimated size: 11476
install date: 20070423
install source: D:\roxio8\CD1\BUMP_60\
uninstall cmd: MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
publisher: Sonic Solutions

Norton Utilities 18.0.0 ({6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5})
version: 301989888
version (major): 18
estimated size: 22722
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\NU\
uninstall cmd: MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
publisher: <no manufacturer>

PartitionMagic 8.00.000 ({6BE2A4A4-99FB-48ED-AE1E-4E850389F804})
version: 134217728
version (major): 8
estimated size: 46018
install date: 20070423
install location: D:\PartitionMagic 8.0\
install source: D:\Partition Magic insatll\Setup\
publisher: PowerQuest
comments: PowerQuest Inc.
contact: Customer Support Department
help link: http://www.powerquest.com/support
help telephone: 1-801-226-6834
readme: Readme.txt

3.0.0 ({6D4F02C4-F6AF-4659-A933-7FC06235A8D5})
version: 50331648
version (major): 3
estimated size: 1413
install date: 20070423
install source: D:\roxio8\CD1\RCP_DATA_30\
uninstall cmd: MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
publisher: Roxio

HP Photo and Imaging 2.1 - Scanjet 2400 Series 2.1.0000 ({6F7ECD56-E224-4263-9B7E-158E5CECC43B})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 110090
install date: 20071218
install source: G:\hpsw\
uninstall cmd: MsiExec.exe /I{6F7ECD56-E224-4263-9B7E-158E5CECC43B}
publisher: {&Tahoma8}Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
help telephone: 208-323-2551
readme: 0

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 333644
install date: 20070508
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

Norton SystemWorks 2005 8.02.6 ({71E7B3F5-CFAF-4C1E-B494-528E28707937})
version: 134348806
version (major): 8
version (minor): 2
install date: 20070502
install source: H:\driveri\NSW2005 (H_)\NSW\
publisher: Symantec Corporation

Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20070423
install location: C:\Program Files\Adobe\Adobe Stock Photos\
install source: D:\Downloads\Software\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe® Photoshop® CS2\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

Call of Duty® 2 Patch 1.3 1.3 ({7B4A5C13-069F-4AFE-AE57-C497B4E33C7E})
version: 16973824
version (major): 1
version (minor): 3
estimated size: 36264
install date: 20070619
install location: D:\Igre\Call of Duty 2\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\_is3E9\

3.0.0 ({7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA})
version: 50331648
version (major): 3
estimated size: 15589
install date: 20070423
install source: D:\roxio8\CD1\RCP_CORE_30\
uninstall cmd: MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
publisher: Roxio

Roxio Easy Media Creator 8 Suite 8.0.085 ({868901EE-7807-4F89-A134-7C705D34F91F})
version: 134217813
version (major): 8
estimated size: 443212
install date: 20070423
install location: D:\Easy Media Creator 8\
install source: D:\roxio8\CD1\
uninstall cmd: MsiExec.exe /I{868901EE-7807-4F89-A134-7C705D34F91F}
publisher: Roxio, Inc.
comments: Master installer for The Digital Media Suite
contact: http://support.roxio.com
help link: http://support.roxio.com
readme: D:\Easy Media Creator 8\RoxioEasyMediaCreator8ReadMe.html

3.0.0 ({8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D})
version: 50331648
version (major): 3
estimated size: 765
install date: 20070423
install source: D:\roxio8\CD1\RCP_COPY_30\
uninstall cmd: MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
publisher: Roxio

Ulead Disc-Direct SDK 1.0 ({8D2C1E44-7685-4D05-8342-B0DC6422FA47})
version: 16777216
install location: C:\Program Files\Ulead Systems\Ulead Disc-Direct SDK
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\Setup.exe" -l0x9

Adobe Common File Installer 1.00.0000 ({8EDBA74D-0686-4C99-BFDD-F894678E5B39})
version: 16777216
version (major): 1
estimated size: 136561
install date: 20070423
install location: C:\Program Files\Common Files\Adobe\
install source: D:\Downloads\Software\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe® Photoshop® CS2\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505

NSW_DRM_COLLECTION 1.0.0 ({900B1884-2D6F-4a70-A3C7-C3F4DA873FDB})
version: 16777216
version (major): 1
estimated size: 631
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\NSW\
uninstall cmd: MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
publisher: Symantec Corporation

Microsoft Office Professional Edition 2003 11.0.6361.0 ({9011041A-6000-11D3-8CFE-0150048383C9})
version: 184555737
version (major): 11
estimated size: 136338
install date: 20070424
install location: D:\Powerpoint\
install source: H:\
uninstall cmd: MsiExec.exe /I{9011041A-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: D:\Powerpoint\OFFICE11\1050\OFREADME.HTM

OpenOffice.org 2.0 2.0.8990 ({987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0})
version: 33563422
version (major): 2
estimated size: 216687
install date: 20070423
install source: D:\OpenOffice.org 2.0 Installation Files\
uninstall cmd: MsiExec.exe /I{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0}
publisher: OpenOffice.org
comments: OpenOffice.org 2.0 (en-US) (OOA680m1(Build:8990))
contact: Department for technical support
help link: http://www.openoffice.org
help telephone: x-xxx-xxx-xxx

Norton SystemWorks 1.0.0 ({9E23C48E-5483-4971-BA50-089F2FABCD66})
version: 16777216
version (major): 1
estimated size: 2284
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\Support\HelpMsi\
uninstall cmd: MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
publisher: Symantec Corp.

Madden NFL 08 ({A3BC1DBD-64D6-4EBC-0091-24C811662D40})
uninstall cmd: D:\igre\Madden NFL 08\EAUninstall.exe
publisher: Electronic Arts

Microsoft Visual C++ 2005 Redistributable 8.0.50727.42 ({A49F249F-0C91-497F-86DF-B2585E8E76B7})
version: 134268455
version (major): 8
estimated size: 5192
install date: 20070422
install source: C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\Redist\
uninstall cmd: MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
publisher: Microsoft Corporation

iTunes 7.1.1.5 ({AB90749C-7422-4580-8A7A-66CC5E9E5F98})
version: 117506049
version (major): 7
version (minor): 1
estimated size: 51658
install date: 20070509
install location: D:\iTunes\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\IXP020.TMP\
uninstall cmd: MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Adobe Reader 7.0.5 7.0.5 ({AC76BA86-7AD7-1033-7B44-A70500000002})
version: 117440517
version (major): 7
estimated size: 62388
install date: 20070423
install location: D:\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: D:\Acrobat 7.0\Reader\Readme.htm

Adobe Reader 7.0.5 Language Support 7.0.5 ({AC76BA86-7AD7-5464-3428-7050000000A7})
version: 117440517
version (major): 7
estimated size: 34373
install date: 20070923
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\SpellingDictionary\{E54EF49D-FCD5-4B3E-97B9-128D247834E1}\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Spelling Dictionaries for Adobe Reader 7.0
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

HP Memories Disc 1.0.4.805 ({B376402D-58EA-45EA-BD50-DD924EB67A70})
version: 16777220
version (major): 1
estimated size: 23232
install date: 20071218
install source: G:\hpsw\HPMD\
uninstall cmd: MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
publisher: Hewlett-Packard Company
comments: hp memories disc creator software
help link: http://www.hp.com
help telephone: (208) 323-2551

Adobe Bridge 1.0 001.000.004 ({B74D4E10-6884-0000-0000-000000000103})
version: 16777219
version (major): 1
estimated size: 340780
install date: 20071205
install location: C:\Program Files\Adobe\Adobe Bridge\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\
uninstall cmd: MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html

BlueSoleil ({B9F499B8-D1F0-42FC-84BE-CC552123CCCB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9

WinFast Entertainment Center(WDM Driver) ({BE4AA694-815A-4045-BD49-C94F2BED7458})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE4AA694-815A-4045-BD49-C94F2BED7458}\setup.exe"

WinFast PVR ({C882DE6B-1482-42D6-A7C2-A9F946EDBAF6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}\setup.exe"

Marvell Miniport Driver 7.21.1.3 ({C950420B-4182-49EA-850A-A6A2ABF06C6B})
version: 118816769
version (major): 7
version (minor): 21
estimated size: 489
install date: 20070422
install location: C:\Program Files\Marvell\Miniport Driver\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\_is179\
uninstall cmd: MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
publisher: Marvell
help link: http://www.marvell.com/yukon/support

Acronis True Image 9.0.2323 ({CA83357B-931E-44DC-AD43-9996FEEB8116})
version: 150997267
version (major): 9
estimated size: 38886
install date: 20070422
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\
uninstall cmd: MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
publisher: Acronis
contact: Acronis

Call of Duty® 2 1.00.0000 ({D0A05794-48C2-4424-A15A-9F20FCFDD374})
version: 16777216
version (major): 1
estimated size: 3582472
install date: 20070619
install location: D:\Igre\Call of Duty 2\
install source: H:\
publisher: Activision
comments: Call of Duty® 2
contact: Technical Support
help link: http://activision.custhelp.com

MSRedist 1.0.0.0 ({D1725BDB-BA2B-4503-A8CB-F5C835D743FA})
version: 16777216
version (major): 1
estimated size: 7239
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\Support\MsRedist\
uninstall cmd: MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
publisher: Symantec Corporation

NvMixer ({D7A6C517-11F2-419F-B5BB-27772B939698})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall

Canon PhotoRecord 02.02.00013 ({D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE})
version: 33685517
version (major): 2
version (minor): 2
estimated size: 82430
install date: 20070422
install source: D:\driveri\pixma\PREC2\
uninstall cmd: MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
publisher: Cisra

NOD32 FiX v1.9 ({DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1)
install location: D:\Eset\
uninstall cmd: "D:\Eset\unins000.exe"

ccCommon 103.0.2.10 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 1728053250
version (major): 103
estimated size: 5695
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec

Ad-Aware 2007 7.0.2.5 ({DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF})
version: 117440514
version (major): 7
estimated size: 23301
install date: 20071217
install location: D:\Ad-Aware 2007\
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
publisher: Lavasoft
help link: http://www.lavasoftsupport.com

Call of Duty® 4 - Modern Warfare™ 1.00.0000 ({E48469CC-635E-4FD5-A122-1497C286D217})
version: 16777216
version (major): 1
estimated size: 6497364
install date: 20071108
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: D:\igre\cod4rar\rzr-cod4\
publisher: Activision
contact: Technical Support
help link: http://activision.custhelp.com

Call of Duty® 4 - Modern Warfare™ 1.2 Patch 1.2 ({E5141379-B2D9-4BBC-BB2A-5805541571DD})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 6196
install date: 20071126
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\{EABA2099-AA87-4E43-8C9F-19D1DE272479}\
publisher: Activision

Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20070423
install location: C:\Program Files\Adobe\Adobe Help Center\
install source: D:\Downloads\Software\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe® Photoshop® CS2\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

3.0.0 ({EB748B9B-F872-4E95-98E8-5CA7E5425DAF})
version: 50331648
version (major): 3
estimated size: 404
install date: 20070423
install source: D:\roxio8\CD1\RCP_TOOLS_30\
uninstall cmd: MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
publisher: Roxio

3.0.0 ({F0EACC27-A729-406C-9BF6-C8F10CEC36F8})
version: 50331648
version (major): 3
estimated size: 1511
install date: 20070423
install source: D:\roxio8\CD1\RCP_AUDIO_30\
uninstall cmd: MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
publisher: Roxio

Logitech SetPoint 4.24 ({F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E})
version: 68681728
install date: 20071214
install location: D:\Logitech\SetPoint
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\pft52.tmp\1-SetPoint\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Logitech

Vista Codec Package 4.5.4 ({F9FD80CE-0448-4D4F-8BCD-77FC514C3F99})
version: 67436548
version (major): 4
version (minor): 5
estimated size: 32760
install date: 20071127
install location: D:\VistaCodecPack\
install source: C:\WINDOWS\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\
uninstall cmd: MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
publisher: Shark007
contact: Shark007
help link: http://shark007.testbox.dk
help telephone: xxx-xxx-xxxx
readme: http://shark007.xpdnc.org/description.txt



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): aawservice
Display name: Ad-Aware 2007 Service
Description: Protects your computer from spyware
Object name: LocalSystem
Image path: "D:\Ad-Aware 2007\aawservice.exe"
Image size: 587096
Image MD5: 25F8546FD40E40EC5A2A23AECAE4FDCA
Start: 2
Type: 272
Error Control: 0
Depends On services: RpcSS

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): AcrSch2Svc
Display name: Acronis Scheduler2 Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
Image size: 172032
Image MD5: D5A40B566B6BF947B2E643DE621B1BDE
Start: 2
Type: 272
Error Control: 1
Depends On services: RpcSs

Service (registry key): ADBLOCK.DLL
Display name: Outpost Firewall PlugIn (ADBLOCK.DLL)
Image path: \??\D:\Outpost Firewall\kernel\ADBLOCK.DLL
Image size: 33568
Image MD5: A16016DF239DB6EB67CE4D5EB5AAECB6
Start: 3
Type: 1
Error Control: 1

Service (registry key): Adobe LM Service
Display name: Adobe LM Service
Description: AdobeLM Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
Image size: 72704
Image MD5: C1EB9968EC89FBA5F3A264E2E57923AB
Start: 3
Type: 16
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): AFS2K
Display name: AFS2k
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AMON
Display name: AMON
Image path: \SystemRoot\system32\drivers\amon.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): apuo6xar
Start: 3
Type: 1
Error Control: 0

Service (registry key): ARP.DLL
Display name: Outpost Firewall PlugIn (ARP.DLL)
Image path: \??\D:\Outpost Firewall\kernel\ARP.DLL
Image size: 17408
Image MD5: 8C7C92A53045ECA7BCFB31169C9B99C6
Start: 3
Type: 1
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_2.0.50727
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASPI32
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 29896
Image MD5: D33C507942299753868204CC7642FA27
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Ati HotKey Poller
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 446464
Image MD5: 39BE36B74B2D17B336146E82373E0396
Start: 2
Type: 272
Error Control: 1

Service (registry key): ati2mtag
Image path: system32\DRIVERS\ati2mtag.sys
Image size: 1972224
Image MD5: 6B618C7764E03A78599D74E31B8AB17B
Start: 3
Type: 1
Error Control: 0

Service (registry key): ATIAVAIW
Display name: %DISPLAY_NAME%
Description: %SERVICE_DESCRIPTION%
Image path: system32\DRIVERS\atinavt2.sys
Image size: 168832
Image MD5: E5A0AF0AF6021EDBB48835A0702EAA48
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atierecord
Start: 0
Type: 0
Error Control: 0

Service (registry key): atitray
Display name: atitray
Image path: \??\D:\ATI Tray Tools\atitray.sys
Image size: 14336
Image MD5: BB7DDCDD5FE3ABD690C59B9476A018D0
Start: 1
Type: 1
Error Control: 1

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BlueletAudio
Display name: Bluetooth Audio Service
Image path: system32\DRIVERS\blueletaudio.sys
Image size: 20480
Image MD5: 04E84C8049EE93614A2FF6D676D1E247
Start: 3
Type: 1
Error Control: 1

Service (registry key): BlueSoleil Hid Service
Display name: BlueSoleil Hid Service
Object name: LocalSystem
Image path: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Image size: 110592
Image MD5: 55F24E6EC983FCC7510293B05A27CEEC
Start: 2
Type: 16
Error Control: 1

Service (registry key): Bridge
Display name: MAC Bridge
Image path: system32\DRIVERS\bridge.sys
Image size: 71552
Image MD5: E4E6A0922E3D983728C9AD4E8D466954
Start: 3
Type: 1
Error Control: 1

Service (registry key): BridgeMP
Display name: MAC Bridge Miniport
Image path: system32\DRIVERS\bridge.sys
Image size: 71552
Image MD5: E4E6A0922E3D983728C9AD4E8D466954
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): BT
Display name: Bluetooth PAN Network Adapter
Image path: system32\DRIVERS\btnetdrv.sys
Image size: 10804
Image MD5: D1813668A0117AE05BC0B81C874F91D4
Start: 3
Type: 1
Error Control: 1

Service (registry key): Btcsrusb
Display name: Bluetooth USB For Bluetooth Service
Image path: System32\Drivers\btcusb.sys
Image size: 23000
Image MD5: 7304ACC25455746912DE37D7DED387ED
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthEnum
Display name: Bluetooth Request Block Driver
Image path: system32\DRIVERS\BthEnum.sys
Image size: 17024
Image MD5: D24B8D1784C68A25060FFFBE8ED34B76
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHidEnum
Display name: Bluetooth HID Enumerator
Image path: system32\DRIVERS\vbtenum.sys
Image size: 11860
Image MD5: 161969D2DD1D39CD2F1EDBC60C61FA99
Start: 3
Type: 1
Error Control: 0

Service (registry key): BTHidMgr
Display name: Bluetooth HID Manager Service
Image path: System32\Drivers\BTHidMgr.sys
Image size: 28271
Image MD5: A9164C2A39BD917B9F42AE087560AC3D
Start: 0
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Display name: Bluetooth Modem Communications Driver
Image path: system32\DRIVERS\bthmodem.sys
Image size: 38016
Image MD5: 9DF0ADF74CE1D6371ED60CF92EB1D9A6
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthPan
Display name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Image path: system32\DRIVERS\bthpan.sys
Image size: 100992
Image MD5: 10355270BE12641B9764235DA39DCF0F
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Display name: Bluetooth Port Driver
Image path: System32\Drivers\BTHport.sys
Image size: 274304
Image MD5: 30B76EC553B202890E90A93A4E1A27B5
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthServ
Display name: Bluetooth Support Service
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): BTHUSB
Display name: Bluetooth Radio USB Driver
Image path: System32\Drivers\BTHUSB.sys
Image size: 18944
Image MD5: F06D4CB9918B462A84D9AC00027EFC30
Start: 3
Type: 1
Error Control: 1

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Display name: Closed Caption Decoder
Image path: system32\DRIVERS\CCDECODE.sys
Image size: 17024
Image MD5: 6163ED60B684BAB19D3352AB22FC48B2
Start: 3
Type: 1
Error Control: 1

Service (registry key): ccEvtMgr
Display name: Symantec Event Manager
Description: Symantec Event Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Image size: 198248
Image MD5: 087238E6A0A67EBDF70B160814FEAE74
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS,ccSetMgr

Service (registry key): ccPwdSvc
Display name: Symantec Password Validation
Description: Symantec Password Validation Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
Image size: 79464
Image MD5: 09FFA9C63DD0E33684D6F5CDC71CD1C0
Start: 3
Type: 16
Error Control: 0

Service (registry key): ccSetMgr
Display name: Symantec Settings Manager
Description: Symantec Settings Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Image size: 181864
Image MD5: 2652D3E89E6FDAB77891B687E02113BA
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): cdudf_xp
Start: 1
Type: 2
Error Control: 1

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): clr_optimization_v2.0.50727_32
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66240
Image MD5: 3C4D595E7F9B747325AEF28B4ADCAAE5
Start: 3
Type: 16
Error Control: 0

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): CONTENT.DLL
Display name: Outpost Firewall PlugIn (CONTENT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\CONTENT.DLL
Image size: 4896
Image MD5: 03CAEE995C78C59EEF78A086C5FA5032
Start: 3
Type: 1
Error Control: 1

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): CX23880
Display name: WinFast CX2388x WDM Video Capture.
Image path: system32\drivers\cx88vid.sys
Image size: 162944
Image MD5: 47813EDD5BEBD250DE420D24F7AB37A3
Start: 2
Type: 1
Error Control: 1

Service (registry key): CXAVXBAR
Display name: WinFast CX2388x WDM Crossbar.
Image path: system32\drivers\cxavxbar.sys
Image size: 9728
Image MD5: 8303E99B649DBF80D24E51D9A9C8B707
Start: 2
Type: 1
Error Control: 1

Service (registry key): CXTUNE
Display name: WinFast CX2388x WDM TVTuner.
Image path: system32\drivers\CX88TUNE.sys
Image size: 50816
Image MD5: EA2ECEEC41A5E0A1629D791BE92B218E
Start: 2
Type: 1
Error Control: 1

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): DNSCACHE.DLL
Display name: Outpost Firewall PlugIn (DNSCACHE.DLL)
Image path: \??\D:\Outpost Firewall\kernel\DNSCACHE.DLL
Image size: 14464
Image MD5: 18A8BDD4C43D17439DE3999085293C85
Start: 3
Type: 1
Error Control: 1

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1

Service (registry key): drvmcdb
Display name: drvmcdb
Image path: system32\drivers\drvmcdb.sys
Image size: 88016
Image MD5: 7DF2E645FBDA7CDE94FCABBA7F0DE4C2
Start: 0
Type: 1
Error Control: 1

Service (registry key): dvd_2K
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 124800
Image MD5: 157754F0DF355A9E0A6F54721914F9C6
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): FTPFILT.DLL
Display name: Outpost Firewall PlugIn (FTPFILT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\FTPFILT.DLL
Image size: 9248
Image MD5: E999964A4264E69B3590F72472665C80
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Display name: GEARAspiWDM
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 15664
Image MD5: 4AC51459805264AFFD5F6FDFB9D9235F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1

Service (registry key): HTMLFILT.DLL
Display name: Outpost Firewall PlugIn (HTMLFILT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\HTMLFILT.DLL
Image size: 11552
Image MD5: 835AD99879EC21B009C537247E619194
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 263040
Image MD5: C19B522A9AE0BBC3293397F3055E80A1
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFILT.DLL
Display name: Outpost Firewall PlugIn (HTTPFILT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\HTTPFILT.DLL
Image size: 13216
Image MD5: 00885CEC9CED64F720E43E2D8E13987D
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1

Service (registry key): IDriverT
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Image size: 73728
Image MD5: 6F95324909B502E2651442C1548AB12F
Start: 3
Type: 16
Error Control: 0

Service (registry key): ikhfile
Display name: File Security Kernel Anti-Spyware Driver
Description: File Security Kernel Anti-Spyware
Image path: system32\drivers\ikhfile.sys
Image size: 30592
Image MD5: F24866EE5C0819E9B1B58F2C00AF078E
Start: 1
Type: 2
Error Control: 0

Service (registry key): ikhlayer
Display name: Kernel Anti-Spyware Driver
Description: Kernel Anti-Spyware
Image path: system32\drivers\ikhlayer.sys
Image size: 51072
Image MD5: 9A2CFF8E3EF0A35F23F544FAB915C060
Start: 1
Type: 1
Error Control: 0

Service (registry key): IMAPFILT.DLL
Display name: Outpost Firewall PlugIn (IMAPFILT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\IMAPFILT.DLL
Image size: 7168
Image MD5: 043C6BE0744BF90D5E451CE6AD816C0E
Start: 3
Type: 1
Error Control: 1

Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ip6Fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\DRIVERS\Ip6Fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: B5A8E215AC29D24D60B4D1250EF05ACE
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iPod Service
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 500800
Image MD5: 661194608009B558DE1925C7EBE1A4BA
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1

Service (registry key): irda
Display name: IrDA Protocol
Description: IrDA Protocol
Image path: system32\DRIVERS\irda.sys
Image size: 87424
Image MD5: 86C204836FEEC22510D434982D4221B8
Start: 2
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1

Service (registry key): Irmon
Display name: Infrared Monitor
Description: Supports infrared devices installed on the computer and detects other devices that are in range.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: irda,RpcSs,TermService

Service (registry key): irsir
Display name: Microsoft Serial Infrared Driver
Image path: system32\DRIVERS\irsir.sys
Image size: 18688
Image MD5: 0501F0B9AB08425F8C0EACBDCC04AA32
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): iteio
Display name: iteio
Image path: \??\C:\WINDOWS\system32\drivers\iteio.sys
Image size: 3680
Image MD5: 3A495271CE703EBFF717C66B6FCDD16A
Start: 3
Type: 1
Error Control: 1

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 171776
Image MD5: D93CAD07C5683DB066B0B2D2D3790EAD
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): L8042Kbd
Display name: Logitech SetPoint Keyboard Driver
Image path: system32\DRIVERS\L8042Kbd.sys
Image size: 20240
Image MD5: AC728768DE636093B4D5AE6361CFADAE
Start: 3
Type: 1
Error Control: 0

Service (registry key): L8042mou
Display name: SetPoint PS/2 Mouse Filter Driver
Image path: system32\DRIVERS\L8042mou.Sys
Image size: 63120
Image MD5: 02D869562E114DB8867271992408BB2D
Start: 3
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): LBTServ
Display name: Logitech Bluetooth Service
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
Image size: 121360
Image MD5: 80CAF1FDEBE4E2CDEA021BC55CC4C1DE
Start: 3
Type: 16
Error Control: 1
Depends On services: PlugPlay

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LHidKe
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): LMouKE
Display name: SetPoint Mouse Filter Driver
Image path: system32\DRIVERS\LMouKE.Sys
Image size: 78992
Image MD5: B286865AC2747EE3B5EA78B5231F8C57
Start: 3
Type: 1
Error Control: 1

Service (registry key): MAILFILT.DLL
Display name: Outpost Firewall PlugIn (MAILFILT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\MAILFILT.DLL
Image size: 14880
Image MD5: 0281F732687A75D9FE21B2BECC14EE47
Start: 3
Type: 1
Error Control: 1

Service (registry key): mbmiodrvr
Display name: mbmiodrvr
Image path: \??\C:\WINDOWS\system32\mbmiodrvr.sys
Image size: 3480
Image MD5: 8A84A869DA0BB0ECEA66969D84A782E5
Start: 1
Type: 1
Error Control: 1

Service (registry key): Messenger
Start: 4
Type: 0
Error Control: 0

Service (registry key): mmc_2K
Start: 3
Type: 1
Error Control: 0

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1

Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): MPE
Display name: BDA MPE Filter
Image path: system32\DRIVERS\MPE.sys
Image size: 15360
Image MD5: 55A9A7E6BB297BF0F5B144029DCB79CC
Start: 3
Type: 1
Error Control: 1

Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 451456
Image MD5: 1FD607FC67F7F7C633C3DA65BFC53D18
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1

Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 5504
Image MD5: BF13612142995096AB084F2DB7F40F77
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): NABTSFEC
Display name: NABTS/FEC VBI Codec
Image path: system32\DRIVERS\NABTSFEC.sys
Image size: 85376
Image MD5: 5C8DC6429C43DC6177C1FA5B76290D1A
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisIP
Display name: Microsoft TV/Video Connection
Image path: system32\DRIVERS\NdisIP.sys
Image size: 10880
Image MD5: 520CE427A8B298F54112857BCF6BDE15
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): NNTPFILT.DLL
Display name: Outpost Firewall PlugIn (NNTPFILT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\NNTPFILT.DLL
Image size: 6752
Image MD5: 0161F7714D20A6A3E94A3709A96258BA
Start: 3
Type: 1
Error Control: 1

Service (registry key): nod32drv
Display name: nod32drv
Image path: \SystemRoot\system32\drivers\nod32drv.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): NOD32krn
Display name: NOD32 Kernel Service
Object name: LocalSystem
Image path: "D:\Eset\nod32krn.exe"
Image size: 552064
Image MD5: 7DA9D9593081CB76FCCDAB3F14438370
Start: 2
Type: 272
Error Control: 1

Service (registry key): NPDriver
Display name: Norton Unerase Protection Driver
Image path: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
Image size: 81748
Image MD5: 0AFF8AD6BEE50FF4505599AFF92C8AD7
Start: 3
Type: 1
Error Control: 1
Depends On services: SymEvent

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): NProtectService
Display name: Norton Unerase Protection
Description: Protects files deleted from command line prompt and applications
Object name: LocalSystem
Image path: D:\NORTON~1\NORTON~1\NPROTECT.EXE
Image size: 95328
Image MD5: 81E45A1E03F1FCCBDCE761D0D8845B6A
Start: 2
Type: 272
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): nvatabus
Start: 0
Type: 1
Error Control: 1

Service (registry key): nvax
Display name: Service for NVIDIA® nForce™ Audio Enumerator
Image path: system32\drivers\nvax.sys
Image size: 53376
Image MD5: F3D3015E52F2732042197D4EDCAAC2CB
Start: 3
Type: 1
Error Control: 1

Service (registry key): NVENETFD
Display name: NVIDIA nForce Networking Controller Driver
Image path: system32\DRIVERS\NVENETFD.sys
Image size: 34176
Image MD5: 97724AFFDD7A5A47C3BC07CCD1B88745
Start: 3
Type: 1
Error Control: 1

Service (registry key): nvnetbus
Display name: NVIDIA Network Bus Enumerator
Image path: system32\DRIVERS\nvnetbus.sys
Image size: 13056
Image MD5: 82C2B3A89B9EDFA6287C5ABA1A4E6A99
Start: 3
Type: 1
Error Control: 1

Service (registry key): nvnforce
Display name: Service for NVIDIA® nForce™ Audio
Image path: system32\drivers\nvapu.sys
Image size: 415360
Image MD5: 6D6FD2B7035D415621ACAF1E555C8B90
Start: 3
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): ose
Display name: Office Source Engine
Description: Sprema instalacijske datoteke za ažuriranja i popravke te je potreban za preuzimanje ažuriranja programa za postav i Watsonovih izvještaja o pogreškama.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 89136
Image MD5: 7A56CF3E3F12E8AF599963B16F50FB6A
Start: 3
Type: 16
Error Control: 1

Service (registry key): OutpostFirewall
Display name: Outpost Firewall Service
Object name: LocalSystem
Image path: D:\Outpost Firewall\outpost.exe /service
Start: 2
Type: 272
Error Control: 1

Service (registry key): Parport
Start: 3
Type: 1
Error Control: 0

Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): PnkBstrA
Display name: PnkBstrA
Description: PunkBuster Service Component [v1029] http://www.evenbalance.com
Object name: LocalSystem
Image path: C:\WINDOWS\system32\PnkBstrA.exe
Image size: 66872
Image MD5: 831883B107684301F48ACE752C963984
Start: 2
Type: 16
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): POP3FILT.DLL
Display name: Outpost Firewall PlugIn (POP3FILT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\POP3FILT.DLL
Image size: 10048
Image MD5: 40A1D0E1CBAE8AB58F863FA99E4E8254
Start: 3
Type: 1
Error Control: 1

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1

Service (registry key): PQNTDrv
Start: 1
Type: 1
Error Control: 0

Service (registry key): Processor
Display name: Processor Driver
Image path: system32\DRIVERS\processr.sys
Image size: 35328
Image MD5: 0D97D88720A4087EC93AF7DBB303B30A
Start: 1
Type: 1
Error Control: 1

Service (registry key): PROTECT.DLL
Display name: Outpost Firewall PlugIn (PROTECT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\PROTECT.DLL
Image size: 15200
Image MD5: 2C36F9515038A2DDD59FBCFFBD5D109F
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): pwd_2k
Start: 1
Type: 1
Error Control: 0

Service (registry key): PxHelp20
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 46080
Image MD5: 0457E25BB122B854E267CF552DCDC370
Start: 0
Type: 1
Error Control: 1

Service (registry key): QDFSDRV
Start: 0
Type: 0
Error Control: 0

Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasirda
Display name: WAN Miniport (IrDA)
Description: WAN Miniport (IrDA)
Image path: system32\DRIVERS\rasirda.sys
Image size: 19584
Image MD5: 0207D26DDF796A193CCD9F83047BB5FC
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 176512
Image MD5: 29D66245ADBA878FFF574CD66ABD2884
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RFCOMM
Display name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Image path: system32\DRIVERS\rfcomm.sys
Image size: 59648
Image MD5: 99C4B74981A1413F142A3903130088CB
Start: 3
Type: 1
Error Control: 1

Service (registry key): ROOTMODEM
Display name: Microsoft Legacy Modem Driver
Image path: System32\Drivers\RootMdm.sys
Image size: 5888
Image MD5: D8B0B4ADE32574B2D9C5CC34DC0DBBE7
Start: 3
Type: 1
Error Control: 0

Service (registry key): RoxLiveShare
Display name: LiveShare P2P Server
Description: Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe"
Image size: 229376
Image MD5: C8E8BD83CDCAE4E8615B143A1A99E557
Start: 2
Type: 272
Error Control: 0
Depends On services: RPCSS

Service (registry key): RoxMediaDB
Display name: RoxMediaDB
Description: Roxio RoxMediaDB Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe"
Image size: 856064
Image MD5: F8076ABDA4B2A04983CBFBBC910F5477
Start: 3
Type: 272
Error Control: 0

Service (registry key): RoxUPnPRenderer
Display name: RoxUpnpRenderer
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe"
Image size: 45056
Image MD5: EA55292F82D5B3F932D13EAE4C84A0B1
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Depends On group: ""

Service (registry key): RoxUpnpServer
Display name: RoxUpnpServer
Description: Roxio Upnp Server Version: 1.0.0.320
Object name: LocalSystem
Image path: "D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"
Image size: 401408
Image MD5: 8233134765970AECD4A338FE09D19516
Start: 2
Type: 16
Error Control: 0
Depends On services: RoxMediaDB

Service (registry key): RoxWatch
Display name: Roxio Hard Drive Watcher
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe"
Image size: 155648
Image MD5: 99120CD3351D989107DAABE735998792
Start: 2
Type: 272
Error Control: 0

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): RxFilter
Display name: RxFilter
Description: RxFilter mini-filter driver
Image path: system32\DRIVERS\RxFilter.sys
Image size: 50176
Image MD5: 01E9138C7FD8CA87D07465DCE38DECB5
Start: 1
Type: 2
Error Control: 1
Depends On services: FltMgr
Depends On group: ""

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SandBox
Display name: Outpost Firewall Sandbox Driver
Image path: \??\D:\Outpost Firewall\kernel\Sandbox.SYS
Image size: 256296
Image MD5: 1FD6C6128CD13C5C47D4E56C5E7ECAA1
Start: 1
Type: 1
Error Control: 1

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): SDdriver
Display name: SDdriver
Image path: \??\C:\WINDOWS\system32\Drivers\sddriver.sys
Image size: 90272
Image MD5: 074DA08E844DED21731C38E8395EBD3B
Start: 3
Type: 1
Error Control: 1

Service (registry key): SDhelper
Display name: PC Tools Spyware Doctor
Description: Provides spyware and malware protection for the system. If this service is disabled spyware protection will be reduced.
Object name: LocalSystem
Image path: C:\Program Files\Spyware Doctor\sdhelp.exe
Image size: 895088
Image MD5: D8CA03BE0F6DC8C8D71009795028006A
Start: 3
Type: 16
Error Control: 1

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 11973
Image MD5: 72DFFA33F8ED1C847075EEE2C1E790EE
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0

Service (registry key): SECRET.DLL
Display name: Outpost Firewall PlugIn (SECRET.DLL)
Image path: \??\D:\Outpost Firewall\kernel\SECRET.DLL
Image size: 12928
Image MD5: 60FB3A9337630C74D55B4762EB504B3B
Start: 3
Type: 1
Error Control: 1

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15488
Image MD5: A2D868AEEFF612E70E213C451A70CAFB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 64896
Image MD5: CD9404D115A00D249F70A371B46D5A26
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt

Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): SLIP
Display name: BDA Slip De-Framer
Image path: system32\DRIVERS\SLIP.sys
Image size: 11136
Image MD5: 5CAEED86821FA2C6139E32E9E05CCDC9
Start: 3
Type: 1
Error Control: 1

Service (registry key): snapman
Display name: Acronis Snapshots Manager
Image path: system32\DRIVERS\snapman.sys
Image size: 96320
Image MD5: 90257773F4B4065BD0C6CC2164FD52E5
Start: 0
Type: 1
Error Control: 1

Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1

Service (registry key): Speed Disk service
Display name: Speed Disk service
Description: Used to schedule disk defragmentation
Object name: LocalSystem
Image path: D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
Image size: 181416
Image MD5: F15D5050C234D07E85D224C346476B89
Start: 2
Type: 272
Error Control: 0
Depends On services: RPCSS

Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 8E186B8F23295D1E42C573B82B80D548
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: 7435B108B935E42EA92CA94F59C8E717
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): sptd
Image path: System32\Drivers\sptd.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): Sr
Display name: System Restore Filter Driver
Image path: \SystemRoot\system32\DRIVERS\sr.sys
Start: 4
Type: 2
Error Control: 1

Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 336256
Image MD5: 20B7E396720353E4117D64D9DCB926CA
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): SSI
Display name: SSI
Image path: system32\Drivers\SSI.SYS
Image size: 78336
Image MD5: 9910B19FED16E3E073D48EFC4422F29C
Start: 0
Type: 1
Error Control: 1

Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): streamip
Display name: BDA IPSink
Image path: system32\DRIVERS\StreamIP.sys
Image size: 15360
Image MD5: 284C57DF5DC7ABCA656BC2B96A667AFB
Start: 3
Type: 1
Error Control: 1

Service (registry key): svcWRSSSDK
Display name: Webroot Spy Sweeper Engine
Description: Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function.
Object name: LocalSystem
Image path: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Image size: 2159104
Image MD5: B94B99C8F36E2128CABC88B148787034
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): swenum
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{B7A5D800-192C-4AA6-B38F-4DBE860444C2}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): Symantec Core LC
Display name: Symantec Core LC
Description: Symantec Core LC
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Image size: 819352
Image MD5: F11341CD0D1DC5EFF5FEFFCC7424984E
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): SymEvent
Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Image size: 124016
Image MD5: C9B8F325B2A22CDA1BDA7B25181B1389
Start: 3
Type: 1
Error Control: 1

Service (registry key): symlcbrd
Display name: symlcbrd
Image path: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Image size: 4608
Image MD5: 6596892DD5ABBE48F5876A551867A166
Start: 2
Type: 1
Error Control: 0

Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 359040
Image MD5: 9F4B36614A0FC234525BA224957DE55C
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): tifsfilter
Display name: Acronis TrueImage FS Filter
Image path: system32\DRIVERS\tifsfilt.sys
Image size: 30688
Image MD5: 7369F74DD9172C6527A8ACEB010E28F1
Start: 2
Type: 2
Error Control: 1

Service (registry key): timounter
Display name: Acronis TrueImage Backup Archive Explorer
Image path: system32\DRIVERS\timntr.sys
Image size: 249152
Image MD5: 53FEC95B844C46489F6683DC0A606E01
Start: 0
Type: 1
Error Control: 1

Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): TVicHW32
Display name: TVicHW32
Image path: \??\C:\WINDOWS\system32\DRIVERS\TVicHW32.SYS
Image size: 24656
Image MD5: 48C2694E2BFFE4610B7FECAA167389AE
Start: 3
Type: 1
Error Control: 1

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1

Service (registry key): Update
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 209408
Image MD5: AFF2E5045961BBC0A602BB6F95EB1345
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 26624
Image MD5: 15E993BA2F6946B2BFBBFCD30398621E
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: system32\DRIVERS\usbohci.sys
Image size: 17024
Image MD5: BDFE799A8531BAD8A5A985821FE78760
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 25856
Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 15104
Image MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1

Service (registry key): VComm
Display name: Virtual Serial port driver
Image path: system32\DRIVERS\VComm.sys
Image size: 61312
Image MD5: 9EBEE4A060C5364A31AEAA04EAC2AF1E
Start: 3
Type: 1
Error Control: 0

Service (registry key): VcommMgr
Display name: Bluetooth VComm Manager Service
Image path: System32\Drivers\VcommMgr.sys
Image size: 82148
Image MD5: 630BBDBF5490F8F57ABE650DA63661A0
Start: 3
Type: 1
Error Control: 1

Service (registry key): VFILT
Display name: Outpost Firewall Kernel Driver
Image path: \??\D:\Outpost Firewall\kernel\FILTNT.SYS
Image size: 163328
Image MD5: 72B70AF8ACFA388CE38FB2A4C68B3D81
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): ViaIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: 2797F33EBF50466020C430EE4F037933
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): WFIOCTL
Display name: WFIOCTL
Image path: \??\D:\TVkartica\WFIOCTL.SYS
Image size: 9510
Image MD5: 98E8BE5AFEF76B3900E35B1C5DBFB0FD
Start: 3
Type: 1
Error Control: 1

Service (registry key): WimFltr
Display name: WimFltr
Description: Windows Image Mini-Filter Driver
Image path: system32\DRIVERS\wimfltr.sys
Image size: 128104
Image MD5: F9AD3A5E3FD7E0BDB18B8202B0FDD4E4
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WMPNetworkSvc
Display name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Image size: 913408
Image MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
Start: 3
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter

Service (registry key): WS2IFSL
Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Image path: \SystemRoot\System32\drivers\ws2ifsl.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): WSTCODEC
Display name: World Standard Teletext Codec
Image path: system32\DRIVERS\WSTCODEC.SYS
Image size: 19328
Image MD5: D5842484F05E12121C511AA93F6439EC
Start: 3
Type: 1
Error Control: 1

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): WudfPf
Display name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Provide communciation services for UMDF components.
Image path: system32\DRIVERS\WudfPf.sys
Image size: 77568
Image MD5: F15FEAFFFBB3644CCC80C5DA584E6311
Start: 3
Type: 1
Error Control: 1

Service (registry key): WudfRd
Display name: Windows Driver Foundation - User-mode Driver Framework Reflector
Description: Reflect device requests to user-mode driver drivers
Image path: system32\DRIVERS\wudfrd.sys
Image size: 82944
Image MD5: 28B524262BCE6DE1F7EF9F510BA3985B
Start: 3
Type: 1
Error Control: 1

Service (registry key): WudfSvc
Display name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): yukonwxp
Display name: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller
Image path: system32\DRIVERS\yk51x86.sys
Image size: 189568
Image MD5: A8D429E2268792638CFFC57552C5E736
Start: 3
Type: 1
Error Control: 1

Service (registry key): {0FAA6478-916B-426B-8EA3-6D33D28C9BAE}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {20BCC57A-2885-4A06-8773-0BD16FA9DA4D}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {36409A48-D67F-48F6-A37A-0F9AB6078557}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {94A52010-7089-45E3-BAE1-D3F370CEFD01}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {AAACAB21-9938-4B14-92B0-7F6AE59EA089}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {BF35AD66-74A8-4D7A-AE26-99FCE514ACCC}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {F2F579A6-B6AE-4DA2-BBD3-CD2F27132A7F}
Start: 0
Type: 0
Error Control: 0

Service (registry key): at6tphix
Start: 3
Type: 1
Error Control: 0



HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:08, on 12.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Ad-Aware 2007\aawservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\spoolsv.exe
D:\ATI Control Panel\atiptaxx.exe
D:\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Smart Guardian\ITESmart.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
D:\ATI Tray Tools\atitray.exe
D:\Last.fm\LastFMHelper.exe
D:\Logitech\SetPoint\SetPoint.exe
D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
D:\Eset\nod32krn.exe
D:\NORTON~1\NORTON~1\NPROTECT.EXE
D:\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Spybot - Search & Destroy\SpybotSD.exe
D:\Thunderbird\thunderbird.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Total Uninstall 3\Tu.exe
D:\Mozilla\mozilla.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updateservice.sonic.com/GetUpdates....;l=1033&K=Z
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATIPTA] "D:\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Outpost Firewall] D:\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [nod32kui] "D:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MBM 5] "D:\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SmartGuardian] D:\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "D:\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "D:\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Last.fm Helper.lnk = D:\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\POWERP~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thx!

Edited by Bajo, 11 January 2008 - 08:51 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 January 2008 - 06:35 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Bajo
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix by sUBs and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Bajo

Bajo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 January 2008 - 08:46 AM

Combofix log:
ComboFix 08-01-09.2 - Isus 2008-01-12 14:36:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1467 [GMT 1:00]
Running from: C:\Documents and Settings\Isus\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kdokh.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 14:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 02:13 . 2008-01-12 02:13 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-01-12 01:46 . 2008-01-12 01:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-11 21:16 . 2008-01-11 21:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-01-10 13:33 . 2008-01-10 13:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-10 13:33 . 2008-01-10 13:33 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-10 13:29 . 2008-01-10 13:32 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-10 13:29 . 2008-01-10 13:29 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\PC Tools
2008-01-10 13:29 . 2008-01-10 21:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-10 13:29 . 2006-08-24 12:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-01-10 13:29 . 2006-07-10 17:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-01-10 13:28 . 2008-01-10 13:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-10 13:27 . 2008-01-10 13:27 <DIR> d-------- C:\Program Files\Webroot
2008-01-10 13:27 . 2008-01-10 13:27 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-10 13:27 . 2008-01-10 13:27 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Webroot
2008-01-10 13:27 . 2004-02-11 18:27 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2008-01-10 13:27 . 2005-12-14 19:06 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2008-01-10 13:26 . 2008-01-10 13:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-10 13:26 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-05 17:41 . 2008-01-08 16:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-05 17:41 . 2008-01-05 17:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 16:49 . 2007-12-20 16:49 <DIR> d---s---- C:\Documents and Settings\Isus\UserData
2007-12-20 16:48 . 2007-12-20 16:48 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Hewlett-Packard
2007-12-18 20:14 . 2007-12-18 20:14 274 --a------ C:\WINDOWS\hpqcopy.INI
2007-12-18 19:59 . 2007-12-18 19:59 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Share-to-Web Upload Folder
2007-12-18 19:59 . 2007-12-18 19:59 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-12-18 19:58 . 2007-12-20 16:49 <DIR> d-------- C:\UniScan
2007-12-18 19:58 . 2007-12-18 19:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-18 19:58 . 2007-12-18 19:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-18 19:57 . 2003-04-15 19:33 401,408 -ra------ C:\WINDOWS\system32\hpgt2436.dll
2007-12-18 19:57 . 2003-04-15 19:31 274,432 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2007-12-18 19:57 . 2003-04-15 19:31 258,048 -ra------ C:\WINDOWS\system32\hpsjvset.dll
2007-12-18 19:57 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-18 19:57 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-17 02:45 . 2007-12-17 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-17 02:43 . 2007-12-17 02:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-17 02:33 . 2007-12-17 02:33 <DIR> d-------- C:\Program Files\WatchPorn
2007-12-14 13:03 . 2007-12-14 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-14 13:02 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2007-12-14 13:01 . 2007-12-14 13:02 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2007-12-14 13:01 . 2007-12-14 13:01 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 02:18 99,024 ----a-w C:\WINDOWS\MozillaUninstall.exe
2008-01-12 02:18 98,512 ----a-w C:\WINDOWS\GREUninstall.exe
2008-01-12 01:57 --------- d-----w C:\Documents and Settings\Isus\Application Data\Skype
2008-01-10 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-10 14:28 --------- d-----w C:\Documents and Settings\Isus\Application Data\OpenOffice.org2
2008-01-06 17:26 --------- d-----w C:\Documents and Settings\Isus\Application Data\Azureus
2008-01-01 21:08 --------- d-----w C:\Program Files\Azureus
2007-12-28 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-28 00:56 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-22 23:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 12:02 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-09 19:44 --------- d-----w C:\Program Files\TVUPlayer
2007-12-05 12:30 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-02 23:54 --------- d-----w C:\Documents and Settings\Isus\Application Data\SopCast
2007-11-27 03:45 --------- d-----w C:\Program Files\VistaCodecPack
2007-11-15 09:07 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll
2007-11-15 09:07 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2007-11-15 09:07 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll
2007-11-15 09:07 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2007-11-13 20:30 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-08 20:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-08 20:26 22,328 ----a-w C:\Documents and Settings\Isus\Application Data\PnkBstrK.sys
2007-11-01 01:09 49,152 ----a-w C:\WINDOWS\system32\TVicHW32.dll
2007-10-15 17:06 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2007-04-23 11:23 448 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"AtiTrayTools"="D:\ATI Tray Tools\atitray.exe" [2006-12-06 14:00 516608]
"SeaMonkey Quick Launch"="D:\SeaMonkey\SeaMonkey.exe" [2007-11-28 12:14 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12 131072]
"ATIPTA"="D:\ATI Control Panel\atiptaxx.exe" [2005-11-22 20:05 344064]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"nod32kui"="D:\Eset\nod32kui.exe" [2007-04-22 22:19 949376]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:32 58984]
"MBM 5"="D:\Motherboard Monitor 5\MBM5.EXE" [2004-02-19 17:47 594432]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"SmartGuardian"="D:\Smart Guardian\ITESmart.exe" [2003-09-30 17:01 180224]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-26 10:51 185896]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Share-to-Web Namespace Daemon"="D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"Norton SystemWorks"="D:\Norton SystemWorks\cfgwiz.exe" [2004-09-10 03:12 132248]
"Spyware Doctor"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:59 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Last.fm Helper.lnk - D:\Last.fm\LastFMHelper.exe [2007-08-10 12:19:19]
Logitech SetPoint.lnk - D:\Logitech\SetPoint\SetPoint.exe [2007-04-16 16:42:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2005-11-28 13:02 118784 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 D:\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 2003-10-14 17:36 38984 D:\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
--a------ 2006-10-30 16:07 335872 D:\Outpost Firewall\feedback.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 09:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-09-19 16:53 1687552 D:\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2005-09-19 16:29 163840 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
D:\Skype\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-26 10:51 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2005-11-28 14:02 988701 D:\Acronis\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 D:\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2004-02-09 13:08 159744 d:\tvkartica\WFWIZ.exe

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 atitray;atitray;D:\ATI Tray Tools\atitray.sys [2006-11-30 09:05]
R1 SandBox;Outpost Firewall Sandbox Driver;D:\Outpost Firewall\kernel\Sandbox.SYS [2006-10-26 17:27]
R1 VFILT;Outpost Firewall Kernel Driver;D:\Outpost Firewall\kernel\FILTNT.SYS [2006-10-20 14:48]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);D:\Outpost Firewall\kernel\ADBLOCK.DLL [2006-10-20 14:49]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);D:\Outpost Firewall\kernel\ARP.DLL [2006-10-20 14:49]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);D:\Outpost Firewall\kernel\CONTENT.DLL [2006-10-20 14:49]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);D:\Outpost Firewall\kernel\DNSCACHE.DLL [2006-10-20 14:49]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);D:\Outpost Firewall\kernel\FTPFILT.DLL [2006-10-20 14:49]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);D:\Outpost Firewall\kernel\HTMLFILT.DLL [2006-10-20 14:49]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);D:\Outpost Firewall\kernel\HTTPFILT.DLL [2006-10-20 14:49]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);D:\Outpost Firewall\kernel\IMAPFILT.DLL [2006-10-20 14:49]
R3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 18:49]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);D:\Outpost Firewall\kernel\MAILFILT.DLL [2006-10-20 14:49]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);D:\Outpost Firewall\kernel\NNTPFILT.DLL [2006-10-20 14:49]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2004-08-30 22:38]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);D:\Outpost Firewall\kernel\POP3FILT.DLL [2006-10-20 14:49]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);D:\Outpost Firewall\kernel\PROTECT.DLL [2006-10-20 14:49]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);D:\Outpost Firewall\kernel\SECRET.DLL [2006-10-20 14:49]
S2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys [2006-10-18 10:37]
S2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys [2006-10-18 10:38]
S2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2006-10-18 10:37]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2004-08-30 22:23]
S3 WFIOCTL;WFIOCTL;D:\TVkartica\WFIOCTL.SYS [2003-09-10 08:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ Alerter WebClient LmHosts upnphost SSDPSRV

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 18:41:13 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 14:41:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> D:\ATI Tray Tools\raphook.dll
.
Completion time: 2008-01-12 14:42:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 13:42:22


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:00, on 12.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\ATI Control Panel\atiptaxx.exe
D:\Eset\nod32kui.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Smart Guardian\ITESmart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
D:\ATI Tray Tools\atitray.exe
D:\SeaMonkey\SeaMonkey.exe
D:\Last.fm\LastFMHelper.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Logitech\SetPoint\SetPoint.exe
D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\Eset\nod32krn.exe
D:\NORTON~1\NORTON~1\NPROTECT.EXE
D:\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updateservice.sonic.com/GetUpdates....;l=1033&K=Z
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATIPTA] "D:\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nod32kui] "D:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MBM 5] "D:\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SmartGuardian] D:\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "D:\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "D:\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Last.fm Helper.lnk = D:\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8403 bytes

THX! :thumbsup:

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 January 2008 - 09:26 AM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 Bajo

Bajo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 January 2008 - 01:27 PM

OK here's the log.
Superanti spyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/12/2008 at 06:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:36:26

Memory items scanned : 184
Memory threats detected : 0
Registry items scanned : 7370
Registry threats detected : 0
File items scanned : 42044
File threats detected : 0

HJTsafe mode:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:24, on 12.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updateservice.sonic.com/GetUpdates....;l=1033&K=Z
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATIPTA] "D:\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nod32kui] "D:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MBM 5] "D:\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SmartGuardian] D:\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "D:\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "D:\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Last.fm Helper.lnk = D:\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6904 bytes

I ran also Spybot just to be sure, and it appears that zlob. dns changer is gone. Spybot found only double clikc, but that's something wich is found constantly, and I'm not too concerned bout it.

Thank you for your help. I hope that I won't need your help again :thumbsup:, but if this happens I'll bother you again ;).

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 January 2008 - 02:14 PM

Your log is clean :thumbsup: ,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore again.

Posted Image

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm
Posted Image
Posted Image

#7 Bajo

Bajo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 January 2008 - 08:39 AM

here we go again. :blink: :thumbsup:
After the first removal I had to make a recover of windows of a previous date due to problems with java ( it refused to uninstall or install), I made a scan and found zlob.dns changer again, so I followed the instuctions and thought that I got rid of it, oh how wrong I was.

Now it still here and my PC is slowly, but surely making me nuts, 'cause for every action I want to take ( accesing a drive, starting a program, even at startup it wants permission to start every single program) it displays an enourmosly anoying Run As restriction dialog box. Image shown below.
Posted Image

Anyway, here's a new HJT log as well a Spybot S&D log.
I'm sorry that I'm waisting your time again, but obviously I'm dumb enough to get rid of it on my own, btw, windows are Xp pro SP2 tweaked with nlite, ( windows security centre removed, 'cause it's useless IMO).

S&D log

--- Search result list ---
Zlob.DNSChanger: TCP/IP Settings #1 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0FAA6478-916B-426B-8EA3-6D33D28C9BAE}\DhcpNameServer=208.67.220.220,208.67.222.222


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-01-09 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-01-09 Includes\DialerC.sbi (*)
2008-01-09 Includes\HeavyDuty.sbi (*)
2007-12-26 Includes\Hijackers.sbi (*)
2008-01-09 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2008-01-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-01-09 Includes\Malware.sbi (*)
2008-01-09 Includes\MalwareC.sbi (*)
2004-08-11 Includes\plugin-ignore.ini
2007-10-24 Includes\PUPS.sbi (*)
2008-01-09 Includes\PUPSC.sbi (*)
2008-01-09 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-01-09 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2008-01-09 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (*)
2008-01-09 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)


--- Startup entries list ---
Located: HK_LM:Run, ATIPTA
command: "D:\ATI Control Panel\atiptaxx.exe"
file: D:\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 0bc11b0f5dbd99089157fcf6267a812c

Located: HK_LM:Run, BluetoothAuthenticationAgent
command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58984
MD5: dd35c08bad29b1c0ba6e6dbb1034769c

Located: HK_LM:Run, Easy-PrintToolBox
command: C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
file:

Located: HK_LM:Run, iTunesHelper
command: "D:\iTunes\iTunesHelper.exe"
file: D:\iTunes\iTunesHelper.exe
size: 257088
MD5: b0e9efadf04e9e25c0001b48757f3e71

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 55824
MD5: f9e700bb7257ef2cdcb22ee499329e29

Located: HK_LM:Run, MBM 5
command: "D:\Motherboard Monitor 5\MBM5.EXE"
file: D:\Motherboard Monitor 5\MBM5.EXE
size: 594432
MD5: 090261b46c2a689be9b1dd5d6f80e288

Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 158208
MD5: 4fd22142f54692463a7b98b7de175573

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, nod32kui
command: "D:\Eset\nod32kui.exe" /WAITSERVICE
file: D:\Eset\nod32kui.exe
size: 949376
MD5: 5323ffad4055db50f1656d79c83c1ddf

Located: HK_LM:Run, NVMixerTray
command: "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
file: C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 37fff683aee7f09f5f7087138192bf02

Located: HK_LM:Run, SmartGuardian
command: D:\Smart Guardian\ITESmart.exe
file: D:\Smart Guardian\ITESmart.exe
size: 180224
MD5: 2dd07415f76156ade161760becf912ee

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
size: 144784
MD5: 9cc69118fdcbf17119f814fc0a65ca06

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 1eda1c63e0d2ae1aebdf98083454079c

Located: HK_CU:Run, AtiTrayTools
command: "D:\ATI Tray Tools\atitray.exe"
file: D:\ATI Tray Tools\atitray.exe
size: 516608
MD5: 8735c1e8a8c09ff14f3ee4c8d7d08c3b

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: Startup (common), Last.fm Helper.lnk
command: D:\Last.fm\LastFMHelper.exe
file: D:\Last.fm\LastFMHelper.exe
size: 110592
MD5: 8555f2e7ef38b7c413727a6241999ee8

Located: Startup (common), Logitech SetPoint.lnk
command: D:\Logitech\SetPoint\SetPoint.exe
file: D:\Logitech\SetPoint\SetPoint.exe
size: 784912
MD5: 4212d11c8599a16f05e8cc68f3177673

Located: Startup (user), Adobe Gamma.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, LBTWlgn
command: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
file: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
size: 72208
MD5: 73c4183ca90466efcc7326ce98d74528

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---


--- ActiveX list ---
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24.9.2007 23:31:44
Date (last access): 14.1.2008 14:25:38
Date (last write): 25.9.2007 1:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_04
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_04\bin\
Long name: npjpi160_04.dll
Short name: NPJPI1~1.DLL
Date (created): 14.12.2007 1:59:16
Date (last access): 14.1.2008 14:26:02
Date (last write): 14.12.2007 3:42:38
Filesize: 132496
Attributes: archive
MD5: 58A1C3B13CC79E76F66CA6F8FED3B36A
CRC32: A4EACB48
Version: 6.0.40.12

{D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class)
DPF name:
CLSID name: CRLDownloadWrapper Class
Installer:
Codebase: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Path: C:\WINDOWS\Downloaded Program Files\
Long name: crlocx.ocx
Short name:
Date (created): 6.11.2007 2:53:54
Date (last access): 14.1.2008 14:27:24
Date (last write): 6.11.2007 2:53:56
Filesize: 43760
Attributes: archive
MD5: 83412AE824500F533C22599DCAE43F1A
CRC32: AB100875
Version: 1.0.0.1



--- Process list ---
PID: 0 ( 0) [System]
PID: 1204 ( 4) \SystemRoot\System32\smss.exe
PID: 1328 (1204) \??\C:\WINDOWS\system32\csrss.exe
PID: 1364 (1204) \??\C:\WINDOWS\system32\winlogon.exe
PID: 1408 (1364) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1420 (1364) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1588 (1408) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1652 (1408) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1856 (1408) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 392 (1408) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 608 (1408) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 752 ( 684) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1016 (1408) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 181864
MD5: 2652D3E89E6FDAB77891B687E02113BA
PID: 1048 (1408) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 198248
MD5: 087238E6A0A67EBDF70B160814FEAE74
PID: 1140 (1408) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 587096
MD5: 0629361FAC4576BA48AB39F4903DCE9E
PID: 1224 (1408) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1324 (1408) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
size: 172032
MD5: D5A40B566B6BF947B2E643DE621B1BDE
PID: 1604 (1408) C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
size: 110592
MD5: 55F24E6EC983FCC7510293B05A27CEEC
PID: 1780 (1408) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1812 ( 752) C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 37FFF683AEE7F09F5F7087138192BF02
PID: 1848 ( 752) D:\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 0BC11B0F5DBD99089157FCF6267A812C
PID: 2024 ( 752) D:\Eset\nod32kui.exe
size: 949376
MD5: 5323FFAD4055DB50F1656D79C83C1DDF
PID: 2036 (1408) D:\Eset\nod32krn.exe
size: 552064
MD5: 7DA9D9593081CB76FCCDAB3F14438370
PID: 352 ( 752) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58984
MD5: DD35C08BAD29B1C0BA6E6DBB1034769C
PID: 360 ( 752) D:\Motherboard Monitor 5\MBM5.EXE
size: 594432
MD5: 090261B46C2A689BE9B1DD5D6F80E288
PID: 380 ( 752) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 404 ( 752) D:\Smart Guardian\ITESmart.exe
size: 180224
MD5: 2DD07415F76156ADE161760BECF912EE
PID: 576 (1408) D:\NORTON~1\NORTON~1\NPROTECT.EXE
size: 95328
MD5: 81E45A1E03F1FCCBDCE761D0D8845B6A
PID: 580 ( 752) D:\iTunes\iTunesHelper.exe
size: 257088
MD5: B0E9EFADF04E9E25C0001B48757F3E71
PID: 808 ( 752) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 1EDA1C63E0D2AE1AEBDF98083454079C
PID: 920 ( 752) C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
size: 144784
MD5: 9CC69118FDCBF17119F814FC0A65CA06
PID: 932 ( 752) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 956 ( 752) D:\ATI Tray Tools\atitray.exe
size: 516608
MD5: 8735C1E8A8C09FF14F3EE4C8D7D08C3B
PID: 1820 (1408) D:\Outpost Firewall\outpost.exe
size: 94720
MD5: 3ADAED9541D900F226CB0074613A1E03
PID: 2136 (1408) C:\WINDOWS\system32\PnkBstrA.exe
size: 66872
MD5: 831883B107684301F48ACE752C963984
PID: 2508 ( 752) D:\Last.fm\LastFMHelper.exe
size: 110592
MD5: 8555F2E7EF38B7C413727A6241999EE8
PID: 2604 (1408) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
size: 856064
MD5: F8076ABDA4B2A04983CBFBBC910F5477
PID: 2692 ( 752) D:\Logitech\SetPoint\SetPoint.exe
size: 784912
MD5: 4212D11C8599A16F05E8CC68F3177673
PID: 2704 (1408) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
size: 155648
MD5: 99120CD3351D989107DAABE735998792
PID: 3156 (1408) D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
size: 181416
MD5: F15D5050C234D07E85D224C346476B89
PID: 3244 (1408) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 819352
MD5: F11341CD0D1DC5EFF5FEFFCC7424984E
PID: 3344 (2692) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
size: 55824
MD5: 0C3BF35A6AADC2708875DA3B866A22E0
PID: 3052 (1408) C:\Program Files\iPod\bin\iPodService.exe
size: 500800
MD5: 661194608009B558DE1925C7EBE1A4BA
PID: 3172 (1408) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 572 ( 752) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 3464 ( 752) D:\BitComet\BitComet.exe
size: 3394048
MD5: 3352109854CC6FF841C4CDBE71CFF4ED
PID: 3892 (1408) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2100 ( 572) D:\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3196 ( 752) D:\Mozilla\mozilla.exe
size: 98192
MD5: 60949311D9B94A9FF4BDD5AE380DAD75
PID: 1568 ( 752) C:\WINDOWS\system32\mspaint.exe
size: 343040
MD5: 57ADB09ED3617B042D155449490A9F76
PID: 2620 (1408) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3072 ( 752) D:\Thunderbird\thunderbird.exe
size: 8479856
MD5: 63D9D78D9977E5BFAA524EFF37B30AA5
PID: 3008 ( 572) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2096 (2024) D:\Eset\nod32.exe
size: 494712
MD5: E260989D58CC7FB4FD87D9DA4A0E83DD
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 14.1.2008 14:35:29

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: NOD32 protected [MSAFD Tcpip [TCP/IP]]
GUID: {A630DA18-BD5F-4DDF-9D81-8FC84C981FC2}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 1: NOD32 protected [MSAFD Tcpip [UDP/IP]]
GUID: {EACACE5E-2F33-4A31-B7ED-6B4E1F493E09}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 2: NOD32 protected [MSAFD Tcpip [RAW/IP]]
GUID: {5FB532E2-89F7-43C0-8A2E-1341C3C32358}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 3: NOD32 protected [RSVP UDP Service Provider]
GUID: {7651F150-E13C-427E-B025-B681BB80B510}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 4: NOD32 protected [RSVP TCP Service Provider]
GUID: {E662C53E-7F73-4C3E-AC6A-F2A85C524B42}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 11: NOD32
GUID: {28A4D8DA-E908-4C6F-A926-A66CC7AD3224}
Filename: C:\WINDOWS\system32\imon.dll



--- Uninstall list ---
(AddressBook)

Adobe Flash Player ActiveX 9.0.45.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Flash Player Plugin 9.0.47.0 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

Adobe Photoshop CS2 9.0 (Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 9
version (major): 9
install location: D:\Adobe Photoshop CS2\
uninstall cmd: msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

Adobe Shockwave Player 10.2.0.22 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave

(Agnitum Outpost Firewall Pro)

Agnitum Outpost Firewall Pro 4.0 (Agnitum Outpost Firewall Pro_is1)
install date: 20070422
install location: D:\Outpost Firewall\
uninstall cmd: D:\Outpost Firewall\uninst.exe
publisher: Agnitum, Ltd.
help link: http://www.agnitum.com/support/index.php

ATI Display Driver NGO-ATI-OD-173 (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Auto Gordian Knot 2.40 2.40 (AutoGK)
uninstall cmd: D:\AutoGK\uninst.exe
publisher: len0x

AviSynth 2.5 (AviSynth)
uninstall cmd: "C:\Program Files\AviSynth 2.5\Uninstall.exe"

Azureus 2.5.0.4 (Azureus)
install location: C:\Program Files\Azureus
uninstall cmd: C:\Program Files\Azureus\Uninstall.exe

(Branding)

Canon PIXMA iP3000 (CANONBJ_Deinstall_CNMCP61.DLL)
uninstall cmd: C:\WINDOWS\system32\CNMCP61.exe "-PRINTERNAMECanon PIXMA iP3000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmi0409.dll"

CCleaner (remove only) (CCleaner)
uninstall cmd: "D:\CCleaner\uninst.exe"

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

Canon Utilities Easy-PhotoPrint (Easy-PhotoPrint)
uninstall cmd: D:\Canon\Easy-PhotoPrint\uninst.exe D:\Canon\Easy-PhotoPrint\uninst.ini

Canon Utilities Easy-PrintToolBox (Easy-PrintToolBox)
uninstall cmd: C:\WINDOWS\BJPSUNST.EXE

Easy-WebPrint (Easy-WebPrint)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fD:\Canon\Easy-WebPrint\Uninst.isu

(Fontcore)

Grand Prix 4 2006 v4.1 (Grand Prix 4 2006 v4.1)
uninstall cmd: "C:\WINDOWS\Grand Prix 4 2006\uninstall.exe" "/U:D:\Igre\Grand Prix 4 2006\Uninstall\uninstall.xml"
publisher: Nichols Software Solutions
contact: Nichols Software Solutions Support Department
help link: http://home.iprimus.com.au/lnichols

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "D:\hijackthis\HijackThis.exe" /uninstall
publisher: TrendMicro

ICQ (ICQ)
uninstall cmd: D:\ICQ\ICQUninstall.EXE

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Call of Duty® 4 - Modern Warfare™ 1.3 Patch (InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F})
uninstall cmd: C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409

PowerQuest PartitionMagic 8.0 8.00.000 (InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804})
version: 134217728
version (major): 8
estimated size: 46018
install date: 20070423
install location: D:\PartitionMagic 8.0\
install source: D:\Partition Magic insatll\Setup\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
publisher: PowerQuest
comments: PowerQuest Inc.
contact: Customer Support Department
help link: http://www.powerquest.com/support
help telephone: 1-801-226-6834
readme: Readme.txt

(InstallShield_{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E})

Call of Duty® 2 1.3 (InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374})
version: 16777216
version (major): 1
estimated size: 3582472
install date: 20070619
install location: D:\Igre\Call of Duty 2\
install source: H:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
publisher: Activision
comments: Call of Duty® 2
contact: Technical Support
help link: http://activision.custhelp.com

Call of Duty® 4 - Modern Warfare™ 1.3 (InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217})
version: 16777216
version (major): 1
estimated size: 6497364
install date: 20071108
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: D:\igre\cod4rar\rzr-cod4\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
publisher: Activision
contact: Technical Support
help link: http://activision.custhelp.com

Call of Duty® 4 - Modern Warfare™ 1.2 Patch (InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD})
uninstall cmd: C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB889858)

(KB891122)

(KB892313)

(KB893240)

(KB893241)

3.1 (KB893803)
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

(KB895181)

(KB895316)

(KB895572)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB907658)

(KB911565)

(KB911854)

Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239

K-Lite Codec Pack 3.01 Full 3.01 (KLiteCodecPack_is1)
install date: 20070505
install location: D:\K-Lite Codec Pack\
uninstall cmd: C:\Documents and Settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe

Last.fm 1.3.2.13 (LastFM_is1)
install date: 20071103
install location: D:\Last.fm\
uninstall cmd: "D:\Last.fm\unins000.exe"
publisher: Last.fm
help link: http://www.last.fm

LimeWire 4.12.11 4.12.11 (LimeWire)
uninstall cmd: "D:\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.5 (Symantec Corporation) 2.5.55.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Magic ISO Maker v5.4 (build 0239) (Magic ISO Maker v5.4 (build 0239))
uninstall cmd: D:\MagicISO\UNWISE.EXE D:\MagicISO\INSTALL.LOG

CD-LabelPrint (MediaNavigation.CDLabelPrint)
install location: D:\Canon\CD-LabelPrint\
uninstall cmd: "D:\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(MobileOptionPack)

Motherboard Monitor 5 5 (Motherboard Monitor 5_is1)
uninstall cmd: "D:\Motherboard Monitor 5\unins000.exe"
publisher: Alexander van Kaam

Mozilla (1.7.13) (Mozilla (1.7.13))
uninstall cmd: C:\WINDOWS\MozillaUninstall.exe /ua "1.7.13 (en)"

Mozilla Firefox (2.0.0.11) 2.0.0.11 (en-US) (Mozilla Firefox (2.0.0.11))
install location: D:\Firefox
uninstall cmd: D:\Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

Mozilla Thunderbird (2.0.0.9) 2.0.0.9 (en-US) (Mozilla Thunderbird (2.0.0.9))
install location: D:\Thunderbird
uninstall cmd: D:\Thunderbird\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Thunderbird

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Ahead Nero Burning ROM (Nero - Burning Rom!UninstallKey)
uninstall cmd: D:\Nero6\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Digital (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

NOD32 antivirus system (NOD32)
uninstall cmd: D:\Eset\Setup\setup.exe /UNINSTALL

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(PhotoRecord)

Ray Adams ATI Tray Tools (rayatitray)
uninstall cmd: "D:\ATI Tray Tools\uninstall.exe"

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(SBEWIN32.EXE)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}

(SchedulingAgent)

(Sevinst)

(Shockwave)

Smart Guardian (Smart Guardian)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"D:\Smart Guardian\Uninst.isu"

SopCast 1.1.2 1.1.2 (SopCast)
uninstall cmd: D:\SopCast\uninst.exe

SopCore 1.1.2 1.1.2 (SopCore)
uninstall cmd: C:\Program Files\SopCast\uninst.exe

Norton SystemWorks 2005 (Symantec Corporation) 8.00.99 (SymSetup.{71E7B3F5-CFAF-4C1E-B494-528E28707937})
install location: D:\Norton SystemWorks
install source: H:\driveri\NSW2005 (H_)
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe /X
publisher: Symantec Corporation

TVUPlayer 2.3.3.2 2.3.3.2 (TVUPlayer)
uninstall cmd: C:\Program Files\TVUPlayer\uninst.exe
publisher: TVU networks

VideoLAN VLC media player 0.8.6c 0.8.6c (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

vLite 1.1.2 (vLite_is1)
install date: 20071205
install location: D:\vLite\
uninstall cmd: "D:\vLite\unins000.exe"
publisher: Dino Nuhagic (nuhi)
help link: http://www.vLite.net

VobSub v2.23 (Remove Only) (VobSub)
uninstall cmd: "C:\Program Files\Gabest\VobSub\uninstall.exe"

VTTV 1.0.1 1.0.1 (VTTV)
uninstall cmd: D:\VTTV\uninst.exe

Winamp (remove only) (Winamp)
uninstall cmd: "D:\Winamp\UninstWA.exe"

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: D:\WinRAR\uninstall.exe

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

XviD MPEG4 Video Codec (remove only) (XviD MPEG4 Video Codec)
uninstall cmd: "C:\WINDOWS\system32\xvid-uninstall.exe"

Call of Duty® 4 - Modern Warfare™ 1.3 Patch 1.3 ({050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F})
version: 16973824
version (major): 1
version (minor): 3
estimated size: 7680
install date: 20071208
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\{92F8601D-62CB-496F-8679-909FD680645F}\
publisher: Activision

ATI Control Panel 6.14.10.5173 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

CDDRV_Installer 4.24.15 ({0C826C5B-B131-423A-A229-C71B3CACCD6A})
version: 68681743
version (major): 4
version (minor): 24
estimated size: 2173
install date: 20071214
install location: C:\Program Files\Common Files\Logishrd\CDDRV2\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\{BB914D41-7750-4CF6-B566-419B42A070A2}\
uninstall cmd: MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
publisher: Logitech

4.0 ({0D330013-4A99-46D6-83C6-2C959C68DBFF})
version: 67108864
version (major): 4
estimated size: 1683
install date: 20070423
install source: D:\roxio8\CD1\DVDINFOPRO_40\
uninstall cmd: MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
publisher: Sonic Solutions

Adobe Photoshop CS2 9.0 ({236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 150994944
version (major): 9
estimated size: 639892
install date: 20070423
install location: D:\Adobe Photoshop CS2\
install source: D:\Downloads\Software\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe® Photoshop® CS2\
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

Need for Speedâ„¢ Carbon ({259C0ABB-A3B2-4D70-008F-BF7EE491B70B})
uninstall cmd: D:\igre\Madden NFL 08\eauninstall.exe

2.3.0 ({26792CA7-D87A-4DBE-896B-C2F66B344511})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 22602
install date: 20070423
install source: D:\roxio8\CD1\CINEPLAYER_23\
uninstall cmd: MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
publisher: Roxio
help link: http://www.cineplayer.com/default.asp?af=%...%s&lang=ENU

KhalInstallWrapper 4.24.99 ({3101CB58-3482-4D21-AF1A-7057FC935355})
version: 68681827
version (major): 4
version (minor): 24
estimated size: 1289
install date: 20071214
install location: C:\Program Files\Logitech\KhalInstallWrapper\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\pft52.tmp\1-SetPoint\KHAL\
uninstall cmd: MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
publisher: Logitech

J2SE Runtime Environment 5.0 Update 9 1.5.0.90 ({3248F0A8-6813-11D6-A77B-00B0D0150090})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 130117
install date: 20070422
install source: C:\Documents and Settings\Isus\Local Settings\Application Data\Sun\Java\jre1.5.0_09\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: D:\jre1.5.0_09\README.txt

Java™ SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 137306
install date: 20070423
install source: http://javadl.sun.com/webapps/download/Get...6/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt

Java™ 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113966
install date: 20080113
install source: http://javadl.sun.com/webapps/download/Get...5/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_03\README.txt

Java™ 6 Update 4 1.6.0.40 ({3248F0A8-6813-11D6-A77B-00B0D0160040})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 116818
install date: 20080113
install source: http://javadl.sun.com/webapps/download/Get...2/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_04\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20070422
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Skypeâ„¢ 3.5 3.5.239 ({5C82DAE5-6EB0-4374-9254-BE3319BA4E82})
version: 50659567
version (major): 3
version (minor): 5
estimated size: 32634
install date: 20071003
install location: C:\Program Files\Skype\
install source: C:\Documents and Settings\All Users\Application Data\Skype\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\
uninstall cmd: MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/3.5.0.239/en/help

QuickTime 7.1.5.120 ({5E863175-E85D-44A6-8968-82507D34AE7F})
version: 117506053
version (major): 7
version (minor): 1
estimated size: 72135
install date: 20070509
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\IXP020.TMP\
uninstall cmd: MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Norton CleanSweep 1.0.0 ({634B01DF-A45B-4623-80E1-E15FF82A4979})
version: 16777216
version (major): 1
estimated size: 14484
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\NCS\
uninstall cmd: MsiExec.exe /I{634B01DF-A45B-4623-80E1-E15FF82A4979}
publisher: <no manufacturer>

6.0.0 ({637099FB-45FD-4BC7-9651-6FB540DBB749})
version: 100663296
version (major): 6
estimated size: 11476
install date: 20070423
install source: D:\roxio8\CD1\BUMP_60\
uninstall cmd: MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
publisher: Sonic Solutions

Norton Utilities 18.0.0 ({6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5})
version: 301989888
version (major): 18
estimated size: 22722
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\NU\
uninstall cmd: MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
publisher: <no manufacturer>

PartitionMagic 8.00.000 ({6BE2A4A4-99FB-48ED-AE1E-4E850389F804})
version: 134217728
version (major): 8
estimated size: 46018
install date: 20070423
install location: D:\PartitionMagic 8.0\
install source: D:\Partition Magic insatll\Setup\
publisher: PowerQuest
comments: PowerQuest Inc.
contact: Customer Support Department
help link: http://www.powerquest.com/support
help telephone: 1-801-226-6834
readme: Readme.txt

3.0.0 ({6D4F02C4-F6AF-4659-A933-7FC06235A8D5})
version: 50331648
version (major): 3
estimated size: 1413
install date: 20070423
install source: D:\roxio8\CD1\RCP_DATA_30\
uninstall cmd: MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
publisher: Roxio

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 333644
install date: 20070508
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

Norton SystemWorks 2005 8.02.6 ({71E7B3F5-CFAF-4C1E-B494-528E28707937})
version: 134348806
version (major): 8
version (minor): 2
install date: 20070502
install source: H:\driveri\NSW2005 (H_)\NSW\
publisher: Symantec Corporation

Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20070423
install location: C:\Program Files\Adobe\Adobe Stock Photos\
install source: D:\Downloads\Software\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe® Photoshop® CS2\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

Call of Duty® 2 Patch 1.3 1.3 ({7B4A5C13-069F-4AFE-AE57-C497B4E33C7E})
version: 16973824
version (major): 1
version (minor): 3
estimated size: 36264
install date: 20070619
install location: D:\Igre\Call of Duty 2\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\_is3E9\

3.0.0 ({7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA})
version: 50331648
version (major): 3
estimated size: 15589
install date: 20070423
install source: D:\roxio8\CD1\RCP_CORE_30\
uninstall cmd: MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
publisher: Roxio

Roxio Easy Media Creator 8 Suite 8.0.085 ({868901EE-7807-4F89-A134-7C705D34F91F})
version: 134217813
version (major): 8
estimated size: 443212
install date: 20070423
install location: D:\Easy Media Creator 8\
install source: D:\roxio8\CD1\
uninstall cmd: MsiExec.exe /I{868901EE-7807-4F89-A134-7C705D34F91F}
publisher: Roxio, Inc.
comments: Master installer for The Digital Media Suite
contact: http://support.roxio.com
help link: http://support.roxio.com
readme: D:\Easy Media Creator 8\RoxioEasyMediaCreator8ReadMe.html

3.0.0 ({8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D})
version: 50331648
version (major): 3
estimated size: 765
install date: 20070423
install source: D:\roxio8\CD1\RCP_COPY_30\
uninstall cmd: MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
publisher: Roxio

Ulead Disc-Direct SDK 1.0 ({8D2C1E44-7685-4D05-8342-B0DC6422FA47})
version: 16777216
install location: C:\Program Files\Ulead Systems\Ulead Disc-Direct SDK
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\Setup.exe" -l0x9

Adobe Common File Installer 1.00.0000 ({8EDBA74D-0686-4C99-BFDD-F894678E5B39})
version: 16777216
version (major): 1
estimated size: 136561
install date: 20070423
install location: C:\Program Files\Common Files\Adobe\
install source: D:\Downloads\Software\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe® Photoshop® CS2\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505

NSW_DRM_COLLECTION 1.0.0 ({900B1884-2D6F-4a70-A3C7-C3F4DA873FDB})
version: 16777216
version (major): 1
estimated size: 631
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\NSW\
uninstall cmd: MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
publisher: Symantec Corporation

Microsoft Office Professional Edition 2003 11.0.6361.0 ({9011041A-6000-11D3-8CFE-0150048383C9})
version: 184555737
version (major): 11
estimated size: 136338
install date: 20070424
install location: D:\Powerpoint\
install source: H:\
uninstall cmd: MsiExec.exe /I{9011041A-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: D:\Powerpoint\OFFICE11\1050\OFREADME.HTM

OpenOffice.org 2.0 2.0.8990 ({987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0})
version: 33563422
version (major): 2
estimated size: 216687
install date: 20070423
install source: D:\OpenOffice.org 2.0 Installation Files\
uninstall cmd: MsiExec.exe /I{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0}
publisher: OpenOffice.org
comments: OpenOffice.org 2.0 (en-US) (OOA680m1(Build:8990))
contact: Department for technical support
help link: http://www.openoffice.org
help telephone: x-xxx-xxx-xxx

Norton SystemWorks 1.0.0 ({9E23C48E-5483-4971-BA50-089F2FABCD66})
version: 16777216
version (major): 1
estimated size: 2284
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\Support\HelpMsi\
uninstall cmd: MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
publisher: Symantec Corp.

Madden NFL 08 ({A3BC1DBD-64D6-4EBC-0091-24C811662D40})
uninstall cmd: D:\igre\Madden NFL 08\EAUninstall.exe
publisher: Electronic Arts

Microsoft Visual C++ 2005 Redistributable 8.0.50727.42 ({A49F249F-0C91-497F-86DF-B2585E8E76B7})
version: 134268455
version (major): 8
estimated size: 5192
install date: 20070422
install source: C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\Redist\
uninstall cmd: MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
publisher: Microsoft Corporation

iTunes 7.1.1.5 ({AB90749C-7422-4580-8A7A-66CC5E9E5F98})
version: 117506049
version (major): 7
version (minor): 1
estimated size: 51658
install date: 20070509
install location: D:\iTunes\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\IXP020.TMP\
uninstall cmd: MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Adobe Reader 7.0.5 7.0.5 ({AC76BA86-7AD7-1033-7B44-A70500000002})
version: 117440517
version (major): 7
estimated size: 62388
install date: 20070423
install location: D:\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: D:\Acrobat 7.0\Reader\Readme.htm

Adobe Reader 7.0.5 Language Support 7.0.5 ({AC76BA86-7AD7-5464-3428-7050000000A7})
version: 117440517
version (major): 7
estimated size: 34373
install date: 20070923
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\SpellingDictionary\{E54EF49D-FCD5-4B3E-97B9-128D247834E1}\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Spelling Dictionaries for Adobe Reader 7.0
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Bridge 1.0 001.000.004 ({B74D4E10-6884-0000-0000-000000000103})
version: 16777219
version (major): 1
estimated size: 340780
install date: 20071205
install location: C:\Program Files\Adobe\Adobe Bridge\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\
uninstall cmd: MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html

BlueSoleil ({B9F499B8-D1F0-42FC-84BE-CC552123CCCB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9

WinFast Entertainment Center(WDM Driver) ({BE4AA694-815A-4045-BD49-C94F2BED7458})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE4AA694-815A-4045-BD49-C94F2BED7458}\setup.exe"

WinFast PVR ({C882DE6B-1482-42D6-A7C2-A9F946EDBAF6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}\setup.exe"

Marvell Miniport Driver 7.21.1.3 ({C950420B-4182-49EA-850A-A6A2ABF06C6B})
version: 118816769
version (major): 7
version (minor): 21
estimated size: 489
install date: 20070422
install location: C:\Program Files\Marvell\Miniport Driver\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\_is179\
uninstall cmd: MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
publisher: Marvell
help link: http://www.marvell.com/yukon/support

Acronis True Image 9.0.2323 ({CA83357B-931E-44DC-AD43-9996FEEB8116})
version: 150997267
version (major): 9
estimated size: 38886
install date: 20070422
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\
uninstall cmd: MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
publisher: Acronis
contact: Acronis

Call of Duty® 2 1.00.0000 ({D0A05794-48C2-4424-A15A-9F20FCFDD374})
version: 16777216
version (major): 1
estimated size: 3582472
install date: 20070619
install location: D:\Igre\Call of Duty 2\
install source: H:\
publisher: Activision
comments: Call of Duty® 2
contact: Technical Support
help link: http://activision.custhelp.com

MSRedist 1.0.0.0 ({D1725BDB-BA2B-4503-A8CB-F5C835D743FA})
version: 16777216
version (major): 1
estimated size: 7239
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\Support\MsRedist\
uninstall cmd: MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
publisher: Symantec Corporation

NvMixer ({D7A6C517-11F2-419F-B5BB-27772B939698})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall

Canon PhotoRecord 02.02.00013 ({D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE})
version: 33685517
version (major): 2
version (minor): 2
estimated size: 82430
install date: 20070422
install source: D:\driveri\pixma\PREC2\
uninstall cmd: MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
publisher: Cisra

NOD32 FiX v1.9 ({DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1)
install location: D:\Eset\
uninstall cmd: "D:\Eset\unins000.exe"

ccCommon 103.0.2.10 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 1728053250
version (major): 103
estimated size: 5695
install date: 20070423
install source: H:\driveri\NSW2005 (H_)\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec

Ad-Aware 2007 7.0.2.5 ({DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF})
version: 117440514
version (major): 7
estimated size: 23301
install date: 20080113
install location: C:\Program Files\Lavasoft\Ad-Aware 2007\
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
publisher: Lavasoft
help link: http://www.lavasoftsupport.com

Call of Duty® 4 - Modern Warfare™ 1.00.0000 ({E48469CC-635E-4FD5-A122-1497C286D217})
version: 16777216
version (major): 1
estimated size: 6497364
install date: 20071108
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: D:\igre\cod4rar\rzr-cod4\
publisher: Activision
contact: Technical Support
help link: http://activision.custhelp.com

Call of Duty® 4 - Modern Warfare™ 1.2 Patch 1.2 ({E5141379-B2D9-4BBC-BB2A-5805541571DD})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 6196
install date: 20071126
install location: D:\igre\Call of Duty 4 - Modern Warfare\
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\{EABA2099-AA87-4E43-8C9F-19D1DE272479}\
publisher: Activision

Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20070423
install location: C:\Program Files\Adobe\Adobe Help Center\
install source: D:\Downloads\Software\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe® Photoshop® CS2\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

3.0.0 ({EB748B9B-F872-4E95-98E8-5CA7E5425DAF})
version: 50331648
version (major): 3
estimated size: 404
install date: 20070423
install source: D:\roxio8\CD1\RCP_TOOLS_30\
uninstall cmd: MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
publisher: Roxio

3.0.0 ({F0EACC27-A729-406C-9BF6-C8F10CEC36F8})
version: 50331648
version (major): 3
estimated size: 1511
install date: 20070423
install source: D:\roxio8\CD1\RCP_AUDIO_30\
uninstall cmd: MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
publisher: Roxio

Logitech SetPoint 4.24 ({F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E})
version: 68681728
install date: 20071214
install location: D:\Logitech\SetPoint
install source: C:\DOCUME~1\Isus\LOCALS~1\Temp\pft52.tmp\1-SetPoint\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Logitech

Vista Codec Package 4.5.4 ({F9FD80CE-0448-4D4F-8BCD-77FC514C3F99})
version: 67436548
version (major): 4
version (minor): 5
estimated size: 32760
install date: 20071127
install location: D:\VistaCodecPack\
install source: C:\WINDOWS\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\
uninstall cmd: MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
publisher: Shark007
contact: Shark007
help link: http://shark007.testbox.dk
help telephone: xxx-xxx-xxxx
readme: http://shark007.xpdnc.org/description.txt



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): aawservice
Display name: Ad-Aware 2007 Service
Description: Ad-Aware service
Object name: LocalSystem
Image path: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
Image size: 587096
Image MD5: 0629361FAC4576BA48AB39F4903DCE9E
Start: 2
Type: 272
Error Control: 0
Depends On services: RpcSS

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): AcrSch2Svc
Display name: Acronis Scheduler2 Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
Image size: 172032
Image MD5: D5A40B566B6BF947B2E643DE621B1BDE
Start: 2
Type: 272
Error Control: 1
Depends On services: RpcSs

Service (registry key): ADBLOCK.DLL
Display name: Outpost Firewall PlugIn (ADBLOCK.DLL)
Image path: \??\D:\Outpost Firewall\kernel\ADBLOCK.DLL
Image size: 33568
Image MD5: A16016DF239DB6EB67CE4D5EB5AAECB6
Start: 3
Type: 1
Error Control: 1

Service (registry key): Adobe LM Service
Display name: Adobe LM Service
Description: AdobeLM Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
Image size: 72704
Image MD5: C1EB9968EC89FBA5F3A264E2E57923AB
Start: 3
Type: 16
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AMON
Display name: AMON
Image path: \SystemRoot\system32\drivers\amon.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): apuo6xar
Start: 3
Type: 1
Error Control: 0

Service (registry key): ARP.DLL
Display name: Outpost Firewall PlugIn (ARP.DLL)
Image path: \??\D:\Outpost Firewall\kernel\ARP.DLL
Image size: 17408
Image MD5: 8C7C92A53045ECA7BCFB31169C9B99C6
Start: 3
Type: 1
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_2.0.50727
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASPI32
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 29896
Image MD5: D33C507942299753868204CC7642FA27
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Ati HotKey Poller
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 446464
Image MD5: 39BE36B74B2D17B336146E82373E0396
Start: 2
Type: 272
Error Control: 1

Service (registry key): ati2mtag
Image path: system32\DRIVERS\ati2mtag.sys
Image size: 1972224
Image MD5: 6B618C7764E03A78599D74E31B8AB17B
Start: 3
Type: 1
Error Control: 0

Service (registry key): ATIAVAIW
Display name: %DISPLAY_NAME%
Description: %SERVICE_DESCRIPTION%
Image path: system32\DRIVERS\atinavt2.sys
Image size: 168832
Image MD5: E5A0AF0AF6021EDBB48835A0702EAA48
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atierecord
Start: 0
Type: 0
Error Control: 0

Service (registry key): atitray
Display name: atitray
Image path: \??\D:\ATI Tray Tools\atitray.sys
Image size: 14336
Image MD5: BB7DDCDD5FE3ABD690C59B9476A018D0
Start: 1
Type: 1
Error Control: 1

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BlueletAudio
Display name: Bluetooth Audio Service
Image path: system32\DRIVERS\blueletaudio.sys
Image size: 20480
Image MD5: 04E84C8049EE93614A2FF6D676D1E247
Start: 3
Type: 1
Error Control: 1

Service (registry key): BlueSoleil Hid Service
Display name: BlueSoleil Hid Service
Object name: LocalSystem
Image path: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Image size: 110592
Image MD5: 55F24E6EC983FCC7510293B05A27CEEC
Start: 2
Type: 16
Error Control: 1

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): BT
Display name: Bluetooth PAN Network Adapter
Image path: system32\DRIVERS\btnetdrv.sys
Image size: 10804
Image MD5: D1813668A0117AE05BC0B81C874F91D4
Start: 3
Type: 1
Error Control: 1

Service (registry key): Btcsrusb
Display name: Bluetooth USB For Bluetooth Service
Image path: System32\Drivers\btcusb.sys
Image size: 23000
Image MD5: 7304ACC25455746912DE37D7DED387ED
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthEnum
Display name: Bluetooth Request Block Driver
Image path: system32\DRIVERS\BthEnum.sys
Image size: 17024
Image MD5: D24B8D1784C68A25060FFFBE8ED34B76
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHidEnum
Display name: Bluetooth HID Enumerator
Image path: system32\DRIVERS\vbtenum.sys
Image size: 11860
Image MD5: 161969D2DD1D39CD2F1EDBC60C61FA99
Start: 3
Type: 1
Error Control: 0

Service (registry key): BTHidMgr
Display name: Bluetooth HID Manager Service
Image path: System32\Drivers\BTHidMgr.sys
Image size: 28271
Image MD5: A9164C2A39BD917B9F42AE087560AC3D
Start: 0
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Display name: Bluetooth Modem Communications Driver
Image path: system32\DRIVERS\bthmodem.sys
Image size: 38016
Image MD5: 9DF0ADF74CE1D6371ED60CF92EB1D9A6
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthPan
Display name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Image path: system32\DRIVERS\bthpan.sys
Image size: 100992
Image MD5: 10355270BE12641B9764235DA39DCF0F
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Display name: Bluetooth Port Driver
Image path: System32\Drivers\BTHport.sys
Image size: 274304
Image MD5: 30B76EC553B202890E90A93A4E1A27B5
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthServ
Display name: Bluetooth Support Service
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): BTHUSB
Display name: Bluetooth Radio USB Driver
Image path: System32\Drivers\BTHUSB.sys
Image size: 18944
Image MD5: F06D4CB9918B462A84D9AC00027EFC30
Start: 3
Type: 1
Error Control: 1

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Display name: Closed Caption Decoder
Image path: system32\DRIVERS\CCDECODE.sys
Image size: 17024
Image MD5: 6163ED60B684BAB19D3352AB22FC48B2
Start: 3
Type: 1
Error Control: 1

Service (registry key): ccEvtMgr
Display name: Symantec Event Manager
Description: Symantec Event Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Image size: 198248
Image MD5: 087238E6A0A67EBDF70B160814FEAE74
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS,ccSetMgr

Service (registry key): ccPwdSvc
Display name: Symantec Password Validation
Description: Symantec Password Validation Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
Image size: 79464
Image MD5: 09FFA9C63DD0E33684D6F5CDC71CD1C0
Start: 3
Type: 16
Error Control: 0

Service (registry key): ccSetMgr
Display name: Symantec Settings Manager
Description: Symantec Settings Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Image size: 181864
Image MD5: 2652D3E89E6FDAB77891B687E02113BA
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): cdudf_xp
Start: 1
Type: 2
Error Control: 1

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): clr_optimization_v2.0.50727_32
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66240
Image MD5: 3C4D595E7F9B747325AEF28B4ADCAAE5
Start: 3
Type: 16
Error Control: 0

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): CONTENT.DLL
Display name: Outpost Firewall PlugIn (CONTENT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\CONTENT.DLL
Image size: 4896
Image MD5: 03CAEE995C78C59EEF78A086C5FA5032
Start: 3
Type: 1
Error Control: 1

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): CX23880
Display name: WinFast CX2388x WDM Video Capture.
Image path: system32\drivers\cx88vid.sys
Image size: 162944
Image MD5: 47813EDD5BEBD250DE420D24F7AB37A3
Start: 2
Type: 1
Error Control: 1

Service (registry key): CXAVXBAR
Display name: WinFast CX2388x WDM Crossbar.
Image path: system32\drivers\cxavxbar.sys
Image size: 9728
Image MD5: 8303E99B649DBF80D24E51D9A9C8B707
Start: 2
Type: 1
Error Control: 1

Service (registry key): CXTUNE
Display name: WinFast CX2388x WDM TVTuner.
Image path: system32\drivers\CX88TUNE.sys
Image size: 50816
Image MD5: EA2ECEEC41A5E0A1629D791BE92B218E
Start: 2
Type: 1
Error Control: 1

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): DNSCACHE.DLL
Display name: Outpost Firewall PlugIn (DNSCACHE.DLL)
Image path: \??\D:\Outpost Firewall\kernel\DNSCACHE.DLL
Image size: 14464
Image MD5: 18A8BDD4C43D17439DE3999085293C85
Start: 3
Type: 1
Error Control: 1

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1

Service (registry key): drvmcdb
Display name: drvmcdb
Image path: system32\drivers\drvmcdb.sys
Image size: 88016
Image MD5: 7DF2E645FBDA7CDE94FCABBA7F0DE4C2
Start: 0
Type: 1
Error Control: 1

Service (registry key): dvd_2K
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 124800
Image MD5: 157754F0DF355A9E0A6F54721914F9C6
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): FTPFILT.DLL
Display name: Outpost Firewall PlugIn (FTPFILT.DLL)
Image path: \??\D:\Outpost Firewall\kernel\FTPFILT.DLL
Image size: 9248
Image MD5: E999964A4264E69B3590F72472665C80
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Display name: GEARAspiWDM
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 15664
Image MD5: 4AC51459805264AFFD5F6FDFB9D9235F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 3

Edited by Bajo, 14 January 2008 - 08:46 AM.


#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 January 2008 - 10:27 AM

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.
Please Note:
Only do the following if you have connection problems after performing the above steps:
Go to Start>Control Panel,and choose 'Network Connections'.
Then right click on your default connection,usually 'Local Area Connection' or 'Dial-up Connection' if you are using Dial-up,then left click on 'Properties'.
Double-click on the 'Internet Protocol (TCP/IP)' item and select the radio button that says: 'Obtain DNS servers Automatically'.
Click OK twice,restart your computer.


Download SmitfraudFix (by S!Ri),to your desktop.
Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #5 - Search and clean DNS Hijack.
Follow the prompts.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt
Post the Smitfraudfix report into your next reply.

Click on Start/Run,type CMD then press Ok.
At the command prompt copy and paste NETSH WINSOCK RESET then press Enter.
At the command prompt copy and paste NETSH WINSOCK RESET CATALOG then press Enter.
At the command prompt copy and paste IPCONFIG /FLUSHDNS then press Enter.
Type EXIT press Enter again,restart your pc.

Let me know whats happening now.
Posted Image
Posted Image

#9 Bajo

Bajo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 January 2008 - 12:51 PM

I can't save smitfraud. Mozilla gives me a pop up saying that the source file could not be read. I have disabled NOD32 and Outpost, due to the fact that NOD was locking the file. I rebooted my PC and tried again but no sucess. I tried several other dowload adresses but again no sucess. Same with Forefox 2 and IE, and seamonkey.:thumbsup:
anyway here' s the Fixwareout log:
Username "Isus" - 14.01.2008 18:22:51 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0FAA6478-916B-426B-8EA3-6D33D28C9BAE}
"DhcpNameServer"="85.255.115.43,85.255.112.142" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{20BCC57A-2885-4A06-8773-0BD16FA9DA4D}
"DhcpNameServer"="85.255.115.43,85.255.112.142" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AAACAB21-9938-4B14-92B0-7F6AE59EA089}
"DhcpNameServer"="85.255.115.43,85.255.112.142" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BF35AD66-74A8-4D7A-AE26-99FCE514ACCC}
"DhcpNameServer"="85.255.115.43,85.255.112.142" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D1C6EA88-AECE-4373-9D16-CA0BD0D3CA30}
"DhcpNameServer"="85.255.115.43,85.255.112.142" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F2F579A6-B6AE-4DA2-BBD3-CD2F27132A7F}
"DhcpNameServer"="85.255.115.43,85.255.112.142" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"ATIPTA"="\"D:\\ATI Control Panel\\atiptaxx.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"nod32kui"="\"D:\\Eset\\nod32kui.exe\" /WAITSERVICE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"MBM 5"="\"D:\\Motherboard Monitor 5\\MBM5.EXE\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SmartGuardian"="D:\\Smart Guardian\\ITESmart.exe"
"iTunesHelper"="\"D:\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_04\\bin\\jusched.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AtiTrayTools"="\"D:\\ATI Tray Tools\\atitray.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Edited by Bajo, 14 January 2008 - 01:12 PM.


#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 January 2008 - 01:40 PM

Do the following if you haven't already:
Click on Start/Run,type CMD then press Ok.
At the command prompt copy and paste NETSH WINSOCK RESET then press Enter.
At the command prompt copy and paste NETSH WINSOCK RESET CATALOG then press Enter.
At the command prompt copy and paste IPCONFIG /FLUSHDNS then press Enter.
Type EXIT press Enter again,restart your pc.

Let me know whats happening now.
Posted Image
Posted Image

#11 Bajo

Bajo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 January 2008 - 01:59 PM

I succeeded in dowloading smitfraud, safe mode with networking, adminsitartor account then switched users and rebooted into safe mode copyed smitfraud onto my desktop and ran it. I had ot run it in normal mode 'cause it said that the clearance of DNS can only be performed in normal mode.
I also turned Run As off in comptuer management, rebooted but it's still here and a lot of programs don't work, it says that there's no program associtaed with the shortcut.

here's the smitfraud report:
SmitFraudFix v2.274

Scan done at 19:46:54,31, pon 14.01.2008
Run from C:\Documents and Settings\Isus\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{94A52010-7089-45E3-BAE1-D3F370CEFD01}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{94A52010-7089-45E3-BAE1-D3F370CEFD01}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{94A52010-7089-45E3-BAE1-D3F370CEFD01}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{94A52010-7089-45E3-BAE1-D3F370CEFD01}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{94A52010-7089-45E3-BAE1-D3F370CEFD01}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{94A52010-7089-45E3-BAE1-D3F370CEFD01}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

#12 Bajo

Bajo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 January 2008 - 02:21 PM

RUN AS is still active, better to say it reactivated it self. I stopped it again in compueter management. I'm still getting a stupid pop up that a program is not working.

Here's a shot of the message I get on startup.
Posted Image


here a shot of what I disabled in Computer management in the hope that Run As will NOT return.
Posted Image

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 January 2008 - 02:38 PM

Disabling the RunAs Command:
http://www.windowsnetworking.com/kbase/Win...nAsCommand.html

Can I disable the RunAs command?
http://www.petri.co.il/disable_runas.htm
Posted Image
Posted Image

#14 Bajo

Bajo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 January 2008 - 05:50 PM

Operation succesful, patient dead.
After the registy editing and the reboot not a single program ran. The icons were there on the desktop but no reaction.

So I reistalled and restored windows, with that zlob dns changer is again here. I'll check a backup that's a bit older and let you know.

Should I post a new HJT log,or should I proceed with the above posted steps. Last time I did that i got the Run As problem...

Edited by Bajo, 14 January 2008 - 05:53 PM.


#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 15 January 2008 - 08:48 AM

So I reistalled and restored windows

What exactly are you doing,just running System Restore,if you are then you're wasting your time and mine,you're just restoring the problem back each time.

Should I post a new HJT log,or should I proceed with the above posted steps. Last time I did that i got the Run As problem...


Download Combofix by sUBs again and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users