Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think My Pc Is Infected, Help Required Please.


  • This topic is locked This topic is locked
14 replies to this topic

#1 frankmeardon

frankmeardon

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 26 June 2008 - 04:50 AM

Hi,

I'm a new member, and this is firts post, so forgive me if I'm in wrong area/topic etc.

I believe my PC is infected, several reasons -

1. PC slow down and/or stop, unable to do anything but power off
2. Spyboy Search and Destroy - Advanced - System Tools , System Startup indicates Mutbo-A Trojan infection, although Spybot scan shows zero infection.
3. PC has had previous infections, I have reformated harddrives and reinstalled Vista, but it's more than possible I made mistakes/missed things.
4. I have 2 external hard drives, these were not part of reformat, not sure if they could be/are infected.
5. Results on all scanners show zero across the board, I'm not that good, so suspicious. Use Kaspersky Intenet Security, PC Tools Spyware Doctor plus 3 or 4 on demand anti spyware apps, inc Spybot, ASquared, MalwareBytes Anti Malware.
6. Had problems with updates, inc Windows Update, update messages indicate updates successful, however when checked manually updates never happened.
7. Mysterious User Account appeared, which I believe I have deleted, but just not sure.

I hope someone can help!!

Thanks

Frank Meardon

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 June 2008 - 12:36 PM

Hi,

Could you please post the logfiles of all the scans you did?
Could you make a new logfile with MalwareBytes Anti-Malware, and post that one too? :thumbsup:

Greetings,
Superbird

#3 frankmeardon

frankmeardon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 26 June 2008 - 02:37 PM

Hi Superbird

Good to "meet" you.

I'm running Malwarebytes scan again, to follow.
Also having difficulty spotting Kaspersky full scan report, so runninh again, to follow.

Are there any special instructions re HiJackthis scan?



Here are other reports as follows

1. Spybot (included below)
2. SuperAntiSpyware (inc below)
3. A-Squared (inc below)
4. PCTools AntiSpyware to follow
5. Windows Defender to follow
6. HiJackThis to follow - any special



--------------------------------------------------------------------------------------------------------------------------------------
1. Spybot

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-06-19 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-17 Includes\Adware.sbi
2008-06-18 Includes\AdwareC.sbi
2008-06-18 Includes\Beta.sbi
2007-11-06 Includes\Beta.uti
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-24 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-16 Includes\Hijackers.sbi
2008-06-17 Includes\HijackersC.sbi
2008-06-25 Includes\Keyloggers.sbi
2008-06-24 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-06-24 Includes\Malware.sbi
2008-06-24 Includes\MalwareC.sbi
2008-06-17 Includes\PUPS.sbi
2008-06-24 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-06-18 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-17 Includes\Spyware.sbi
2008-06-17 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-24 Includes\Trojans.sbi
2008-06-25 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)


--- Startup entries list ---
Located: HK_LM:Run, a-squared
command: "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
file: C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 2131600
MD5: ABA34F304584FFEB3257682DAE45BD80

Located: HK_LM:Run, AVP
command: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
file: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
size: 227856
MD5: 7519905CD74F26E9385B83BF2EF242C2

Located: HK_LM:Run, ISTray
command: "C:\Program Files\Spyware Doctor\pctsTray.exe"
file: C:\Program Files\Spyware Doctor\pctsTray.exe
size: 1107848
MD5: 1AC2459FC32ACCD069D75A4240F75385

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:Run, AVP (DISABLED)
command: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
file: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
size: 227856
MD5: 7519905CD74F26E9385B83BF2EF242C2

Located: HK_LM:Run, RtHDVCpl (DISABLED)
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4907008
MD5: B503285B5D1CAC5AE445D60C690DCFF9

Located: HK_LM:Run, StartCCC (DISABLED)
command: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 90112
MD5: 033FF248550305ED52ED2D2844A8A11B

Located: HK_LM:Run, UpdReg (DISABLED)
command: C:\Windows\UpdReg.EXE
file: C:\Windows\UpdReg.EXE
size: 90112
MD5: C419DF63E0121D72411285780C2FC6CC

Located: HK_CU:Run, RoboForm (DISABLED)
where: S-1-5-21-485629900-3275589529-764576695-1000...
command: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
file: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 160592
MD5: AD124C23E4D961354492CC1F5C61F4BA

Located: Startup (user), Secunia PSI (RC3).lnk (DISABLED)
where: C:\Users\FMCOMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Secunia\PSI (RC3)\psi.exe
file: C:\Program Files\Secunia\PSI (RC3)\psi.exe
size: 663552
MD5: A53A32D97CD02E0319765EA55B5F9FEA

Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, klogon
command: C:\Windows\system32\klogon.dll
file: C:\Windows\system32\klogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 19/06/2008 09:41:06
Date (last access): 19/06/2008 09:41:06
Date (last write): 29/11/2006 17:35:00
Filesize: 436288
Attributes: archive
MD5: 3374C2A0344BE49368DC342329404B49
CRC32: D21F22AC
Version: 2006.11.29.1

{724d43a9-0d85-11d4-9908-00400523e39a} (RoboForm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: RoboForm
CLSID name:
description: RoboForm
classification: Legitimate
known filename: RoboForm.dll
info link: http://www.roboform.com/
info source: TonyKlein
Path: C:\Program Files\Siber Systems\AI RoboForm\
Long name: roboform.dll
Short name:
Date (created): 22/06/2008 00:49:50
Date (last access): 22/06/2008 00:49:50
Date (last write): 22/06/2008 00:49:22
Filesize: 5751624
Attributes: archive
MD5: C9A4C5759FE9E86336D93B861F55A114
CRC32: E2BBE9EA
Version: 6.9.90.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 21/06/2008 17:41:40
Date (last access): 25/03/2008 02:37:02
Date (last write): 25/03/2008 04:28:02
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2



--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/8/b...heckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 20/03/2008 18:06:36
Date (last access): 20/03/2008 18:06:36
Date (last write): 20/03/2008 18:06:36
Filesize: 1480232
Attributes: archive
MD5: E058C4821D48E0A67F6069CB50818D44
CRC32: 3513AE02
Version: 1.7.69.2

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer: C:\Windows\Downloaded Program Files\jinstall-6u6.inf
Codebase: http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: npjpi160_06.dll
Short name: NPJPI1~1.DLL
Date (created): 25/03/2008 02:37:02
Date (last access): 25/03/2008 02:37:02
Date (last write): 25/03/2008 04:28:02
Filesize: 132496
Attributes: archive
MD5: 5522AFEAB77DD6D401F3FE5C0A46122E
CRC32: F643B062
Version: 6.0.60.2

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: npjpi160_06.dll
Short name: NPJPI1~1.DLL
Date (created): 25/03/2008 02:37:02
Date (last access): 25/03/2008 02:37:02
Date (last write): 25/03/2008 04:28:02
Filesize: 132496
Attributes: archive
MD5: 5522AFEAB77DD6D401F3FE5C0A46122E
CRC32: F643B062
Version: 6.0.60.2



--- Process list ---
PID: 3584 (1120) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 3660 (1108) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 3708 (3636) C:\Windows\Explorer.EXE
size: 2927104
MD5: FFA764631CB70A30065C12EF8E174F9F
PID: 3844 (3708) C:\Program Files\Spyware Doctor\pctsTray.exe
size: 1107848
MD5: 1AC2459FC32ACCD069D75A4240F75385
PID: 3864 (3708) C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 2131600
MD5: ABA34F304584FFEB3257682DAE45BD80
PID: 3872 (3708) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
size: 227856
MD5: 7519905CD74F26E9385B83BF2EF242C2
PID: 1700 (3212) C:\Program Files\Internet Explorer\ieuser.exe
size: 299520
MD5: 5B2E1C16A2C420F60CD391B666003F14
PID: 1132 (3212) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 5B92133D3E7FB2644677686305E29E81
PID: 2556 (3708) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 460 ( 4) smss.exe
size: 64000
PID: 544 ( 532) csrss.exe
size: 6144
PID: 592 ( 532) wininit.exe
size: 96768
PID: 612 ( 600) csrss.exe
size: 6144
PID: 644 ( 592) services.exe
size: 279040
PID: 656 ( 592) lsass.exe
size: 9728
PID: 668 ( 592) lsm.exe
size: 229888
PID: 780 ( 600) winlogon.exe
size: 314880
PID: 860 ( 644) svchost.exe
size: 21504
PID: 920 ( 644) svchost.exe
size: 21504
PID: 1020 ( 644) Ati2evxx.exe
size: 610304
PID: 1076 ( 644) svchost.exe
size: 21504
PID: 1108 ( 644) svchost.exe
size: 21504
PID: 1120 ( 644) svchost.exe
size: 21504
PID: 1232 (1076) audiodg.exe
size: 88064
PID: 1268 ( 644) SLsvc.exe
size: 2623488
PID: 1312 ( 644) svchost.exe
size: 21504
PID: 1392 ( 644) svchost.exe
size: 21504
PID: 1592 ( 644) svchost.exe
size: 21504
PID: 1636 (1020) Ati2evxx.exe
size: 610304
PID: 1680 ( 644) a2service.exe
PID: 1744 ( 644) avp.exe
PID: 1840 ( 644) msiexec.exe
size: 71680
PID: 1984 ( 644) svchost.exe
size: 21504
PID: 2000 ( 644) pctsAuxs.exe
PID: 2020 ( 644) pctsSvc.exe
PID: 512 ( 644) svchost.exe
size: 21504
PID: 536 ( 644) svchost.exe
size: 21504
PID: 660 ( 644) SearchIndexer.exe
size: 302080
PID: 2080 (1108) WUDFHost.exe
size: 142336
PID: 3164 (1120) taskeng.exe
size: 169472
PID: 3120 (3708) mbam.exe
PID: 892 ( 860) WmiPrvSE.exe
PID: 3580 ( 660) SearchProtocolHost.exe
size: 179200
PID: 3988 ( 660) SearchFilterHost.exe
size: 76800


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 26/06/2008 19:36:57

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.dell.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A96D6633-AA2F-40EF-A8CC-2DA696CE28AA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A96D6633-AA2F-40EF-A8CC-2DA696CE28AA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BBFA5EAC-286C-490E-A947-309E88216782}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BBFA5EAC-286C-490E-A947-309E88216782}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{89A0DE6D-57D1-40D1-9C33-DF98FE4FED43}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{89A0DE6D-57D1-40D1-9C33-DF98FE4FED43}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4FC6DE02-FE4B-4410-9EFE-E0991E7758FA}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4FC6DE02-FE4B-4410-9EFE-E0991E7758FA}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AB894BD7-9112-44AC-891A-BDD7F562899F}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AB894BD7-9112-44AC-891A-BDD7F562899F}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A96D6633-AA2F-40EF-A8CC-2DA696CE28AA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A96D6633-AA2F-40EF-A8CC-2DA696CE28AA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BBFA5EAC-286C-490E-A947-309E88216782}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BBFA5EAC-286C-490E-A947-309E88216782}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS



--- Uninstall list ---


--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): a2AntiMalware
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: a-squared Anti-Malware Service
Description: Scans the PC for unwanted software and provides protection from malicious code
Object name: LocalSystem
Image path: "C:\Program Files\a-squared Anti-Malware\a2service.exe"
Image size: 380016
Image MD5: 6474CEF72CC65F54A09CE5CEDB236DCC
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\drivers\acpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): AERTFilters
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Andrea RT Filters Service
Object name: LocalSystem
Image path: %SystemRoot%\system32\AERTSrv.exe
Image size: 77824
Image MD5: 330A1E4DF07C2E29949ED8631CD8828E
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: A1545B731579895D8CC44FC0481C1192
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): AmdK7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE Channel
Image path: system32\drivers\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Ati External Event Utility
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 610304
Image MD5: C797D9EE6AEB9DBC01FC00B14216E02F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Atierecord
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): atikmdag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\atikmdag.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): AVP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kaspersky Internet Security 7.0
Description: Provides protection against computer viruses and spyware, hacker attacks, cyber-crime and spam.
Object name: LocalSystem
Image path: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r
Image size: 227856
Image MD5: 7519905CD74F26E9385B83BF2EF242C2
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): BCM43XV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom Extensible 802.11 Network Adapter Driver
Image path: system32\DRIVERS\bcmwl6.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bowser
Description: Implements the datagram receiver for the computer browser browser service.
Image path: system32\DRIVERS\bowser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltlo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\system32\drivers\brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\system32\drivers\brserwdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\system32\drivers\brusbmdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\system32\drivers\brusbser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\drivers\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\drivers\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Common Log (CLFS)
Description: Common Log (CLFS)
Image path: System32\CLFS.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 70144
Image MD5: A4AF4201BD519971F8F34724F3CA9DBB
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: \SystemRoot\system32\drivers\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: BE01E566D1F569AAB32D0335613E1EEA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: system32\drivers\crcdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Crusoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Transmeta Crusoe Processor Driver
Image path: \SystemRoot\system32\drivers\crusoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): CT20XUT.DLL
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\CT20XUT.DLL
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ctac32k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative AC3 Software Decoder
Image path: system32\drivers\ctac32k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ctaud2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative Audio Driver (WDM)
Image path: system32\drivers\ctaud2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): CTEXFIFX.DLL
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\CTEXFIFX.DLL
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): CTHWIUT.DLL
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\CTHWIUT.DLL
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ctprxy2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative Proxy Driver
Image path: system32\drivers\ctprxy2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ctsfm2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative SoundFont Management Device Driver
Image path: system32\drivers\ctsfm2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\drivers\disk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx

Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): e1express
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel® PRO/1000 PCI Express Network Connection Driver
Image path: system32\DRIVERS\e1e6032.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): E1G60
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel® PRO/1000 NDIS 6 Adapter Driver
Image path: system32\DRIVERS\E1G60I32.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso

Service (registry key): Ecache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost Caching Driver
Description: ReadyBoost Caching Driver
Image path: System32\drivers\ecache.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 292352
Image MD5: 9BE3744D295A7701EB425332014F0797
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 131072
Image MD5: AD1870C8E5D6DD340C829E6074BF3C3F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehstart
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Media Center Service Launcher
Description: @%SystemRoot%\ehome\ehstart.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): EmdCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): EMDMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost
Description: @%SystemRoot%\system32\emdmgmt.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 0
Depends On services: rpcss,ecache,slsvc,fileinfo

Service (registry key): emupia
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: E-mu Plug-in Architecture Driver
Image path: system32\drivers\emupia2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: File Information FS MiniFilter
Description: Collects information about files in memory to be consumed by other system services.
Image path: system32\drivers\fileinfo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr

Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FileTrace
Description: ETW File Trace Filter
Image path: system32\drivers\filetrace.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3

Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 36864
Image MD5: 993883524AA9CF1C90E1545411A9AC9C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0

Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\drivers\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Mup

Service (registry key): ha20x2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative 20X HAL Driver
Image path: system32\drivers\ha20x2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA Function Driver for High Definition Audio Service
Image path: system32\drivers\HdAudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\drivers\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\drivers\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HpCISSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\hpcisss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: system32\drivers\HTTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\i2omp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID Controller Vista
Image path: \SystemRoot\system32\drivers\iastorv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 864256
Image MD5: E7CC3AEAED9893A88876744CD439F76C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE

Service (registry key): IKFileSec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: File Security Driver
Image path: system32\drivers\ikfilesec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): IKSysFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Filter Driver
Image path: system32\drivers\iksysflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): IKSysSec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Security Driver
Image path: system32\drivers\iksyssec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: IKSysFlt

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntcAzAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for Realtek HD Audio (WDM)
Image path: system32\drivers\RTKVHDA.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-200
Description: @%SystemRoot%\system32\iphlpsvc.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ipmidrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Bus Enumerator
Description: IR Bus Enumerator
Image path: system32\drivers\irenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort Driver
Image path: system32\DRIVERS\msiscsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): iteatapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ITEATAPI_Service_Install
Image path: \SystemRoot\system32\drivers\iteatapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): iteraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ITERAID_Service_Install
Image path: \SystemRoot\system32\drivers\iteraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard HID Driver
Image path: system32\DRIVERS\kbdhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: DCF733788C7D088D814E5F80EB4B3E0F
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): kl1
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: kl1
Image path: system32\DRIVERS\kl1.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): KLIF
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kaspersky Lab Driver
Description: Kaspersky Lab Interceptor and Filter
Image path: system32\DRIVERS\klif.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): KLIM6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kaspersky Anti-Virus NDIS 6 Filter
Description: Kaspersky Anti-Virus NDIS 6 Filter
Image path: system32\DRIVERS\klim6.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio

Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UAC File Virtualization
Description: Virtualizes file write failures to per-user locations.
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): MBAMCatchMe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MBAMCatchMe
Image path: \??\C:\Windows\system32\drivers\mbamcatchme.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mcx2Svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehres.dll,-15501
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Messenger
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor Class Function Driver Service
Image path: system32\DRIVERS\monitor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mount Point Manager
Description: Driver responsible with maintaining persistent drive letters and names for volumes
Image path: System32\drivers\mountmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Bus Driver
Image path: \SystemRoot\system32\drivers\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Firewall
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe

Service (registry key): Mraid35x
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\mraid35x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebDav Client Redirector Driver
Description: WebDav Client Redirector Driver
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB MiniRedirector Wrapper and Engine
Description: Implements the framework for the SMB filesystem redirector
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB 1.x MiniRedirector
Description: Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB 2.0 MiniRedirector
Description: Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\msahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Device Specific Module
Image path: \SystemRoot\system32\drivers\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 105984
Image MD5: FD7520CC3A80C5FC8C48852BB24C6DED
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ISA/EISA Class Driver
Image path: system32\drivers\msisadrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Installer
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec /V
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mup
Description: Multiple UNC Provider
Image path: System32\Drivers\mup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS System Driver
Description: NDIS System Driver
Image path: system32\drivers\ndis.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): netbt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NETBT
Description: This service implements NetBios over TCP/IP.
Image path: System32\DRIVERS\netbt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip

Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %systemroot%\system32\lsass.exe
Image size: 9728
Image MD5: DCF733788C7D088D814E5F80EB4B3E0F
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi

Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netprof.dll,-246
Description: @%SystemRoot%\system32\netprof.dll,-247
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 122880
Image MD5: F9102685F97F9BA85F4A70AFCF722CFE
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp

Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy

Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NSI proxy service
Description: NSI proxy service
Image path: system32\drivers\nsiproxy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): ntrigdigi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: N-trig HID Tablet Driver
Image path: \SystemRoot\system32\drivers\ntrigdigi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce™ RAID Class Driver
Image path: \SystemRoot\system32\drivers\nvraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP Bus Filter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NEC FireWarden OHCI Compliant IEEE 1394 Host Controller
Image path: \SystemRoot\system32\drivers\ohci1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ossrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Creative OS Services Driver
Image path: system32\drivers\ctoss2k.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8004
Description: @%SystemRoot%\system32\p2psvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\drivers\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Partition Manager
Description: Disk class filter driver that auctions out partitions to volume managers
Image path: System32\drivers\partmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Parvdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\parvdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\drivers\pci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8002
Description: @%SystemRoot%\system32\p2psvc.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc

Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8000
Description: @%SystemRoot%\system32\p2psvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc

Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe

Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\drivers\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: DCF733788C7D088D814E5F80EB4B3E0F
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): PSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PSI
Description: PSI mini-filter driver
Image path: system32\DRIVERS\psi_mf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): PxHelp20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QLogic Fibre Channel Miniport Driver
Image path: \SystemRoot\system32\drivers\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QLogic iSCSI Miniport Driver
Image path: \SystemRoot\system32\drivers\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalService
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc

Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Redirected Buffering Sub Sysytem
Description: Provides the framework for network mini-redirectors
Image path: system32\DRIVERS\rdbss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDPCDD
Description: RDPDD Chained DD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: \SystemRoot\system32\drivers\rdpdr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Image path: system32\drivers\rdpencdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,RasMan,bfe
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 7680
Image MD5: 5123F83CBC4349D065534EEB6BBDC42B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: DcomLaunch

Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: DCF733788C7D088D814E5F80EB4B3E0F
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SASDIFSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASDIFSV
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): SASENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASENUM
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SASKUTIL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASKUTIL
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBP-2 Transport/Protocol Bus Driver
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBSD Security Center Service
Object name: LocalSystem
Image path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Image size: 810320
Image MD5: A0C00A6265949AC72AB51B711743CA6D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: wscsvc

Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): sdAuxService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PC Tools Auxiliary Service
Description: Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced.
Object name: LocalSystem
Image path: C:\Program Files\Spyware Doctor\pctsAuxs.exe
Image size: 337800
Image MD5: 7A95E655EF27C9A4321B520471866783
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): sdCoreService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PC Tools Security Service
Description: Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled.
Object name: LocalSystem
Image path: C:\Program Files\Spyware Doctor\pctsSvc.exe
Image size: 1017224
Image MD5: 4A5FEB6E495E54EFBE9FE1E7B7E1F657
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: \SystemRoot\system32\drivers\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Port Driver
Image path: \SystemRoot\system32\drivers\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\drivers\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\drivers\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): sisagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\system32\drivers\sisagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sisraid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SiteAdvisor Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SiteAdvisor Service
Description: Provides low-level support for McAfee SiteAdvisor
Object name: LocalSystem
Image path: "C:\Program Files\SiteAdvisor\6261\SAService.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0

Service (registry key): slsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\SLsvc.exe,-101
Description: @%SystemRoot%\system32\SLsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\SLsvc.exe
Image size: 2623488
Image MD5: 0BA91E1358AD25236863039BB2609A2E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): SLUINotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\SLUINotify.dll,-103
Description: @%SystemRoot%\system32\SLUINotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SLSvc,netprofm,EventSystem

Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 12800
Image MD5: 2A146A055B4401C16EE62D18B8E2A032
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Spooler
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 125952
Image MD5: 846CDF9A3CF4DA9B306ADFB7D55EE4C2
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: RPCSS,http

Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2

Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: srv2
Description: Default SDDL for Windows Resource Protected file
Image path: System32\DRIVERS\srv2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet

Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection

Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Symc8xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\symc8xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sym_hi
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sym_hi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sym_u3
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sym_u3.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tablet PC Input Service
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Tcpip6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD

Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-8192
Description: @%SystemRoot%\System32\shsvcs.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Modules Installer
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 39424
Image MD5: 16613A1BAD034D4ECF957AF18B7C2FF5
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services Security Filter Driver
Description: Terminal Services Security Filter Driver
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): tunmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Tun Miniport Adapter Driver
Image path: system32\DRIVERS\tunmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Tunnel Miniport Adapter Driver
Image path: system32\DRIVERS\tunnel.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\drivers\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 35840
Image MD5: ECEF404F62863755951E09C802C94AD5
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP Bus Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uliahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\uliahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): UlSata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ulsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ulsata2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ulsata2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBus Enumerator Driver
Image path: system32\DRIVERS\umbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UPnP Device Host
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): usb
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome Infrared Receiver (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: \SystemRoot\system32\drivers\usbprint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 382976
Image MD5: B13BC395B9D6116628F5AF47E0802AC4
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): viaagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\system32\drivers\viaagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ViaC7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA C7 Processor Driver
Image path: \SystemRoot\system32\drivers\viac7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\drivers\volmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Dynamic Volume Manager
Description: Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks
Image path: System32\drivers\volmgrx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Storage volumes
Image path: system32\drivers\volsnap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\vsmraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 1054720
Image MD5: D5FB73D19C46ADE183F968E13F186B23
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): VxD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\w32time.dll,-200
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\drivers\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Wanarp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Watchdog Timer Driver
Image path: \SystemRoot\system32\drivers\wd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Mode Driver Frameworks service
Image path: system32\drivers\Wdf01000.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k wdisvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog,mpssvc

Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Problem Reports and Solutions Control Panel Support
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0

Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-3068
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp

Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP

Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WLAN AutoConfig
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 137728
Image MD5: ABA4CF9F856D9A3A25F4DDD7690A6E9D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Media Player Network Sharing Service
Description: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
Image size: 896512
Image MD5: 3978704576A121A9204F8CC49A301A9B
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: UPnPHost,http

Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Winsock IFS driver
Description: Winsock IFS driver
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,WinMgmt

Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 302080
Image MD5: EF68EEBE88FDBE6D31F3E446C1DD9FB8
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {A96D6633-AA2F-40EF-A8CC-2DA696CE28AA}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {BBFA5EAC-286C-490E-A947-309E88216782}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

--------------------------------------------------------------------------------------------------------------------------

2. SuperAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/23/2008 at 01:27 AM

Application Version : 4.0.1154

Core Rules Database Version : 3487
Trace Rules Database Version: 1478

Scan type : Complete Scan
Total Scan Time : 00:42:20

Memory items scanned : 591
Memory threats detected : 0
Registry items scanned : 5409
Registry threats detected : 0
File items scanned : 79174
File threats detected : 0

------------------------------------------------------------------------------------------------------------------------------------------------
3. A-Squared

a-squared HiJackFree Analysisa-squared
a-squared HiJackFree Analysis
www.hijackfree.com

Version info: Result ToDo
Your used version of a-squared HiJackFree: 3.1.0.16
The current version of a-squared HiJackFree: 3.1.0.16

Your used operating system version: Windows Vista Service Pack 1
The current version of your operating system: Windows Vista Service Pack 1

Registry Autoruns: Result ToDo
Name: Windows Defender
Path: C:\Program Files\Windows Defender\MSASCui.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: ISTray
Path: C:\Program Files\Spyware Doctor\pctsTray.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: a-squared
Path: C:\Program Files\a-squared Anti-Malware\a2guard.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: AVP
Path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Tricky and Other Autoruns: Result ToDo
Name: shell
Path: explorer.exe
Location: system.ini
Not checked Unknown Item
Search at Google
Name: scrnsave.exe
Path: C:\Windows\system32\logon.scr
Location: system.ini
Not checked Unknown Item
Search at Google
Name: FILES
Path: 40
Location: config.sys
Not checked Unknown Item
Search at Google
Name: SET BLASTER
Path: A220 I5 D1 P330 T3
Location: autoexec.nt
Not checked Unknown Item
Search at Google
Name: dos
Path: high, umb
Location: config.nt
Not checked Unknown Item
Search at Google
Name: device
Path: %SystemRoot%\system32\himem.sys
Location: config.nt
Not checked Unknown Item
Search at Google
Name: files
Path: 40
Location: config.nt
Not checked Unknown Item
Search at Google
Name: Secunia PSI (RC3).lnk
Path:
Location: C:\Users\FMCOMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: SA
Path:
Location: C:\Windows\tasks\
Not checked Unknown Item
Search at Google
Name: SCHEDLGU
Path:
Location: C:\Windows\tasks\
Not checked Unknown Item
Search at Google
Name: Spybot - Search + Destroy - Scheduled Task
Path:
Location: C:\Windows\tasks\
Not checked Unknown Item
Search at Google
Name: Shell
Path: explorer.exe
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Not checked Unknown Item
Search at Google
Name: $GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\Windows\system32\unregmp2.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\Windows\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: C:\Windows\system32\regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: C:\Program Files\Windows Mail\WinMail.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: C:\Windows\system32\unregmp2.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\Windows\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\Windows\system32\Rundll32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: VBScript Script File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: VBScript Encoded File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Script File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Encoded File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script Host Settings File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Application
Path: %1
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Application
Path: %1
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Batch File
Path: %1
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Screen Saver
Path: %1
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Shortcut to MS-DOS Program
Path: %1
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: SCRNSAVE.EXE
Path: C:\Windows\system32\logon.scr
Location: HKCU\Control Panel\Desktop\
Not checked Unknown Item
Search at Google
Name: WebCheck
Path:
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Name: mswsock.dll
Path: %SystemRoot%\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Explorer And Browser Addons: Result ToDo
Name: Yahoo! Toolbar Helper
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
Good: 1 - Bad: 0
View Details
Name:
Path: C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {724d43a9-0d85-11d4-9908-00400523e39a}
Good: 1 - Bad: 0
View Details
Name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: SABShellExecuteHook Class
Path: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ClsID: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Running Processes: Result ToDo
Name: [System Process]
Process ID: 0
Path:
Info: Threads: 4 - Priority: N/A - Visible: No
Good: 1 - Bad: 0
View Details
Name: System
Process ID: 4
Path:
Info: Threads: 136 - Priority: N/A - Visible: No
Good: 1 - Bad: 0
View Details
Name: smss.exe
Process ID: 460
Path: C:\Windows\System32\smss.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 512
Path: C:\Windows\System32\svchost.exe
Info: Threads: 7 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 536
Path: C:\Windows\System32\svchost.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: csrss.exe
Process ID: 544
Path: C:\Windows\System32\csrss.exe
Info: Threads: 12 - Priority: Normal - Visible: No
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: wininit.exe
Process ID: 592
Path: C:\Windows\System32\wininit.exe
Info: Threads: 3 - Priority: High - Visible: No
Good: 1 - Bad: 0
View Details
Name: csrss.exe
Process ID: 612
Path: C:\Windows\System32\csrss.exe
Info: Threads: 9 - Priority: Normal - Visible: No
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: services.exe
Process ID: 644
Path: C:\Windows\System32\services.exe
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: lsass.exe
Process ID: 656
Path: C:\Windows\System32\lsass.exe
Info: Threads: 12 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: SearchIndexer.exe
Process ID: 660
Path: C:\Windows\System32\SearchIndexer.exe
Info: Threads: 14 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: lsm.exe
Process ID: 668
Path: C:\Windows\System32\lsm.exe
Info: Threads: 9 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: winlogon.exe
Process ID: 780
Path: C:\Windows\System32\winlogon.exe
Info: Threads: 3 - Priority: High - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 860
Path: C:\Windows\System32\svchost.exe
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 920
Path: C:\Windows\System32\svchost.exe
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: Ati2evxx.exe
Process ID: 1020
Path: C:\Windows\System32\Ati2evxx.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1076
Path: C:\Windows\System32\svchost.exe
Info: Threads: 21 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 1108
Path: C:\Windows\System32\svchost.exe
Info: Threads: 32 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 1120
Path: C:\Windows\System32\svchost.exe
Info: Threads: 51 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: iexplore.exe (BleepingComputer.com -$GT; Replying in I Think My Pc Is Infected, Help Required Please. - Windows Internet Explorer)
Process ID: 1132
Path: C:\Program Files\Internet Explorer\iexplore.exe
Info: Threads: 38 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
Name: audiodg.exe
Process ID: 1232
Path:
Info: Threads: 5 - Priority: N/A - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: SUPERAntiSpyware.exe
Process ID: 1248
Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: SLsvc.exe
Process ID: 1268
Path: C:\Windows\System32\SLsvc.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 1312
Path: C:\Windows\System32\svchost.exe
Info: Threads: 27 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 1392
Path: C:\Windows\System32\svchost.exe
Info: Threads: 25 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 1592
Path: C:\Windows\System32\svchost.exe
Info: Threads: 23 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: Ati2evxx.exe
Process ID: 1636
Path: C:\Windows\System32\Ati2evxx.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2service.exe
Process ID: 1680
Path: C:\Program Files\a-squared Anti-Malware\a2service.exe
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: ieuser.exe
Process ID: 1700
Path: C:\Program Files\Internet Explorer\ieuser.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: avp.exe
Process ID: 1744
Path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Info: Threads: 39 - Priority: Normal - Visible: No
Good: 2 - Bad: 0
View Details
Name: MSASCui.exe (Windows Defender)
Process ID: 1860
Path: C:\Program Files\Windows Defender\MSASCui.exe
Info: Threads: 12 - Priority: Normal - Visible: Yes
Good: 2 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1984
Path: C:\Windows\System32\svchost.exe
Info: Threads: 5 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: pctsAuxs.exe
Process ID: 2000
Path: C:\Program Files\Spyware Doctor\pctsAuxs.exe
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: pctsSvc.exe
Process ID: 2020
Path: C:\Program Files\Spyware Doctor\pctsSvc.exe
Info: Threads: 36 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: WUDFHost.exe
Process ID: 2080
Path: C:\Windows\System32\WUDFHost.exe
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: TrustedInstaller.exe
Process ID: 2176
Path: C:\Windows\servicing\TrustedInstaller.exe
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: avp.exe
Process ID: 2584
Path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 2 - Bad: 0
View Details
Name: mbam.exe (Malwarebytes' Anti-Malware)
Process ID: 3120
Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Info: Threads: 5 - Priority: Normal - Visible: Yes
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: taskeng.exe
Process ID: 3164
Path: C:\Windows\System32\taskeng.exe
Info: Threads: 5 - Priority: BelowNormal - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2HiJackFree.exe (a-squared HiJackFree 3.1)
Process ID: 3384
Path: C:\Program Files\a-squared Anti-Malware\a2HiJackFree.exe
Info: Threads: 5 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
Name: a2guard.exe
Process ID: 3540
Path: C:\Program Files\a-squared Anti-Malware\a2guard.exe
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: taskeng.exe
Process ID: 3584
Path: C:\Windows\System32\taskeng.exe
Info: Threads: 13 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: dwm.exe
Process ID: 3660
Path: C:\Windows\System32\dwm.exe
Info: Threads: 8 - Priority: High - Visible: No
Good: 1 - Bad: 0
View Details
Name: explorer.exe
Process ID: 3708
Path: C:\Windows\explorer.exe
Info: Threads: 29 - Priority: Normal - Visible: No
Good: 2 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 3752
Path: C:\Windows\System32\svchost.exe
Info: Threads: 11 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: taskmgr.exe (Windows Task Manager)
Process ID: 3816
Path: C:\Windows\System32\taskmgr.exe
Info: Threads: 6 - Priority: High - Visible: Yes
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: pctsTray.exe
Process ID: 3844
Path: C:\Program Files\Spyware Doctor\pctsTray.exe
Info: Threads: 7 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: avp.exe (27% - Scan My Computer : running)
Process ID: 3872
Path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Info: Threads: 10 - Priority: Normal - Visible: Yes
Good: 2 - Bad: 0
View Details
This analysis is saved and available for at least 7 days at this website address.

--------------------------------------------------------------------------------------------------------------------------------



4. PCToolsSpywareDoctor

Sorry, but PC giving problems, Internet Explorer slow/freezing in couple of tabs, so more to follow

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2008 - 12:56 AM

Hi,

If you don't mind I will have these reports too: PC Tools Spyware Doctor, Windows defender, and a NEW logfile of MalwareBytes' Anti-Malware. :thumbsup:

#5 frankmeardon

frankmeardon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 27 June 2008 - 04:36 AM

Hi Superbird,

I'm not sure how to get a scan log from Defender, can you help please. After 8 hours scanning Windows Defender seems to have just stopped without completing scan, with the following message -

-Programme can't check for definition updates Error 0x80072f8f - I haven't checked Msoft site for error/resolution, will check later (leaving home soon)

Also MalwareBytes report looks short on any detail, have I missed something?

In a couple of hours from now I'll be away for one or two days, so will be able to collect your responses, but won't be able to get to my P C, I'll post you as soon as I'm back to PC



Here's the reports...

--------------------------------------------------------------------------------------------------------

New MalWareBytes AntiMalware Scan Results

Malwarebytes' Anti-Malware 1.18
Database version: 894

08:56:56 27/06/2008
mbam-log-6-27-2008 (08-56-56).txt

Scan type: Full Scan (C:\|D:\|J:\|K:\|)
Objects scanned: 324433
Time elapsed: 13 hour(s), 10 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------

PCTools SpyWareDoctor Scan Report

PC Tools Spyware Doctor
Date Status
22/06/2008 15:54:13:298 Service Started
Spyware Doctor Service Application started
22/06/2008 15:54:13:298 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
22/06/2008 15:54:13:388 Anti-Malware Engine
Anti-Malware detection engine was disabled
22/06/2008 15:56:55:97 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
22/06/2008 15:56:59:10 Scan Started
Scan Type - Intelli-Scan

22/06/2008 15:57:11:542 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

22/06/2008 15:57:59:509 OnGuards status
All OnGuards were Enabled
22/06/2008 15:58:02:907 Immuniser Results
ActiveX section has been immunised, Processed 2957 items.
22/06/2008 15:58:22:577 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 132696
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0

22/06/2008 15:59:08:142 Service Stopped
Spyware Doctor Service Application Stopped
22/06/2008 15:59:22:219 Service Started
Spyware Doctor Service Application started
22/06/2008 15:59:22:219 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
22/06/2008 15:59:22:299 OnGuards status
All OnGuards were Enabled
22/06/2008 15:59:23:279 Immuniser Results
ActiveX section has been immunised, Processed 108 items.
22/06/2008 16:02:45:395 Scan Started
Scan Type - Full Scan

22/06/2008 16:02:57:888 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

22/06/2008 16:20:28:297 Immuniser Results
ActiveX section has been immunised. No items were processed.
22/06/2008 16:45:25:127 Scan Finished
Scan Type - Full Scan
Items Processed - 214925
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0

22/06/2008 17:06:30:372 Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

22/06/2008 17:06:32:471 Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 1
Remove Failed - 0

22/06/2008 22:20:38:360 Immuniser Results
ActiveX section has been immunised. No items were processed.
22/06/2008 23:30:02:210 Service Stopped
Spyware Doctor Service Application Stopped
22/06/2008 23:31:33:275 Service Started
Spyware Doctor Service Application started
22/06/2008 23:31:33:275 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
22/06/2008 23:31:33:628 OnGuards status
All OnGuards were Enabled
22/06/2008 23:31:34:561 Immuniser Results
ActiveX section has been immunised. No items were processed.
22/06/2008 23:53:37:774 Immuniser Guard status changed
OnGuard Protection: Immuniser Guard had been turned off
22/06/2008 23:53:38:612 Immuniser Results
The ActiveX section has been Unimmunised, Processed 3054 items.
22/06/2008 23:53:39:195 Immuniser Guard status changed
OnGuard Protection: Immuniser Guard has been turned on
22/06/2008 23:53:43:475 Immuniser Results
ActiveX section has been immunised, Processed 3054 items.
22/06/2008 23:54:53:207 Scan Started
Scan Type - Custom Scan

22/06/2008 23:55:56:637 Scan Finished
Scan Type - Custom Scan
Items Processed - 110651
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

23/06/2008 00:00:01:244 Immuniser Results
ActiveX section has been immunised. No items were processed.
23/06/2008 00:20:36:272 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

23/06/2008 00:24:23:682 Scan Started
Scan Type - Intelli-Scan

23/06/2008 00:26:43:161 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 115465
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

23/06/2008 02:11:02:281 Service Stopped
Spyware Doctor Service Application Stopped
23/06/2008 07:51:23:547 Service Started
Spyware Doctor Service Application started
23/06/2008 07:51:23:547 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
23/06/2008 07:51:23:963 OnGuards status
All OnGuards were Enabled
23/06/2008 07:51:24:764 Immuniser Results
ActiveX section has been immunised. No items were processed.
23/06/2008 08:16:27:314 Immuniser Results
ActiveX section has been immunised. No items were processed.
23/06/2008 08:16:52:256 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - indextools.com/ indextools.com

23/06/2008 08:19:16:676 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - indextools.com/ indextools.com

23/06/2008 08:19:38:349 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - indextools.com/ indextools.com

23/06/2008 08:20:20:16 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - indextools.com/ indextools.com

23/06/2008 08:20:45:64 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - indextools.com/ indextools.com

23/06/2008 08:22:46:469 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - indextools.com/ indextools.com

23/06/2008 08:23:10:377 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - indextools.com/ indextools.com

23/06/2008 13:10:28:444 Service Stopped
Spyware Doctor Service Application Stopped
23/06/2008 13:11:59:634 Service Started
Spyware Doctor Service Application started
23/06/2008 13:11:59:634 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
23/06/2008 13:23:44:630 Service Stopped
Spyware Doctor Service Application Stopped
23/06/2008 13:25:05:965 Service Started
Spyware Doctor Service Application started
23/06/2008 13:25:05:965 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
23/06/2008 13:46:38:716 Smart Update
Smart update has experienced a download error. Please try again later.
23/06/2008 17:28:04:763 Scan Started
Scan Type - Intelli-Scan

23/06/2008 17:29:35:874 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 112733
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

23/06/2008 17:29:36:61 Service Stopped
Spyware Doctor Service Application Stopped
23/06/2008 17:31:25:60 Service Started
Spyware Doctor Service Application started
23/06/2008 17:31:25:61 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
23/06/2008 17:31:25:185 OnGuards status
All OnGuards were Enabled
23/06/2008 17:31:26:134 Immuniser Results
ActiveX section has been immunised. No items were processed.
23/06/2008 18:01:10:883 Immuniser Results
ActiveX section has been immunised. No items were processed.
23/06/2008 18:19:03:658 Scan Started
Scan Type - Custom Scan

23/06/2008 20:47:00:880 Scan Finished
Scan Type - Custom Scan
Items Processed - 420903
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

23/06/2008 20:52:16:74 Immuniser Results
ActiveX section has been immunised. No items were processed.
23/06/2008 21:12:10:158 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

23/06/2008 21:12:29:114 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

23/06/2008 22:22:40:626 Service Stopped
Spyware Doctor Service Application Stopped
24/06/2008 11:50:05:892 Service Started
Spyware Doctor Service Application started
24/06/2008 11:50:05:892 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24/06/2008 11:50:05:993 OnGuards status
All OnGuards were Enabled
24/06/2008 11:50:06:728 Immuniser Results
ActiveX section has been immunised. No items were processed.
24/06/2008 12:02:00:432 Immuniser Results
ActiveX section has been immunised. No items were processed.
24/06/2008 12:02:06:147 Immuniser Results
ActiveX section has been immunised. No items were processed.
24/06/2008 12:02:06:370 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24/06/2008 12:03:20:925 Service Stopped
Spyware Doctor Service Application Stopped
24/06/2008 21:03:52:945 Service Started
Spyware Doctor Service Application started
24/06/2008 21:03:52:946 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24/06/2008 21:03:53:54 OnGuards status
All OnGuards were Enabled
24/06/2008 21:03:53:804 Immuniser Results
ActiveX section has been immunised, Processed 3 items.
24/06/2008 21:08:37:938 Service Stopped
Spyware Doctor Service Application Stopped
26/06/2008 06:57:14:923 Service Started
Spyware Doctor Service Application started
26/06/2008 06:57:14:923 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 09:54:21:687 Service Started
Spyware Doctor Service Application started
26/06/2008 09:54:21:687 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 09:54:21:800 OnGuards status
All OnGuards were Enabled
26/06/2008 09:54:22:700 Immuniser Results
ActiveX section has been immunised, Processed 3 items.
26/06/2008 09:57:09:872 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 09:57:09:886 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 09:58:04:236 Scan Started
Scan Type - Full Scan

26/06/2008 10:06:17:254 Immuniser Results
ActiveX section has been immunised, Processed 6 items.
26/06/2008 10:13:35:812 Service Started
Spyware Doctor Service Application started
26/06/2008 10:13:35:812 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 10:19:20:795 Service Stopped
Spyware Doctor Service Application Stopped
26/06/2008 10:20:52:378 Service Started
Spyware Doctor Service Application started
26/06/2008 10:20:52:378 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 10:20:52:512 OnGuards status
All OnGuards were Enabled
26/06/2008 10:20:53:707 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 10:40:46:647 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 10:51:07:361 Service Stopped
Spyware Doctor Service Application Stopped
26/06/2008 11:33:25:150 Service Started
Spyware Doctor Service Application started
26/06/2008 11:33:25:150 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 11:33:25:272 OnGuards status
All OnGuards were Enabled
26/06/2008 11:33:26:26 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 11:35:23:844 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 11:36:47:353 Scan Started
Scan Type - Full Scan

26/06/2008 12:25:35:812 Service Started
Spyware Doctor Service Application started
26/06/2008 12:25:35:812 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 12:25:35:927 OnGuards status
All OnGuards were Enabled
26/06/2008 12:25:37:260 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 12:52:01:738 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 14:07:33:27 Scan Started
Scan Type - Custom Scan

26/06/2008 14:07:45:662 Scan Finished
Scan Type - Custom Scan
Items Processed - 161
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

26/06/2008 14:08:18:190 Scan Started
Scan Type - Intelli-Scan

26/06/2008 14:08:30:869 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 0
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

26/06/2008 14:15:20:814 Service Stopped
Spyware Doctor Service Application Stopped
26/06/2008 19:07:07:234 Service Started
Spyware Doctor Service Application started
26/06/2008 19:07:07:234 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 19:07:07:334 OnGuards status
All OnGuards were Enabled
26/06/2008 19:07:08:85 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 19:09:52:884 Scan Started
Scan Type - Intelli-Scan

26/06/2008 19:11:53:847 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 115077
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

26/06/2008 19:12:59:322 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 19:13:06:380 Scan Started
Scan Type - Intelli-Scan

26/06/2008 19:13:18:637 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 0
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

26/06/2008 19:30:20:644 Service Started
Spyware Doctor Service Application started
26/06/2008 19:30:20:644 Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26/06/2008 19:30:20:767 OnGuards status
All OnGuards were Enabled
26/06/2008 19:30:22:52 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 19:41:59:699 Immuniser Results
ActiveX section has been immunised. No items were processed.
26/06/2008 20:04:01:941 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

26/06/2008 20:04:42:597 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

26/06/2008 20:07:37:597 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

26/06/2008 20:08:04:650 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

26/06/2008 20:08:54:463 OnGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m.webtrends.com/ m.webtrends.com

26/06/2008 20:20:56:431 Scan Started
Scan Type - Custom Scan

26/06/2008 20:21:47:685 Scan Finished
Scan Type - Custom Scan
Items Processed - 111546
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

26/06/2008 20:30:32:456 Scan Started
Scan Type - Custom Scan

26/06/2008 20:30:39:774 Scan Finished
Scan Type - Custom Scan
Items Processed - 26105
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

26/06/2008 20:31:33:13 Immuniser Guard status changed
OnGuard Protection: Immuniser Guard had been turned off
26/06/2008 20:31:33:978 Immuniser Results
Unimmunise operation stopped
26/06/2008 20:31:33:980 Immuniser Guard status changed
OnGuard Protection: Immuniser Guard has been turned on
26/06/2008 20:31:38:983 Immuniser Results
ActiveX section has been immunised, Processed 2341 items.
27/06/2008 00:35:05:852 Scan Started
Scan Type - Full Scan

27/06/2008 00:35:05:914 Scheduled task started
Initialising Scheduled task: Full scan of this computer
27/06/2008 01:48:30:522 Immuniser Results
ActiveX section has been immunised. No items were processed.
27/06/2008 06:10:26:631 Scan Finished
Scan Type - Full Scan
Items Processed - 414506
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

27/06/2008 08:10:48:330 Immuniser Results
ActiveX section has been immunised. No items were processed.
27/06/2008 09:00:47:952 Immuniser Results
ActiveX section has been immunised. No items were processed.

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2008 - 04:57 AM

Hi,

I really can't see any malwarerelated problems.
Please do this:

Download Dial-a-fix-2006 and unzip both files to their own folder at the Desktop.In the folder Dial-a-fix-v0.60.0.24, doubleclick on Dial-a-fix.exe
There will open a window, click on the icon with the double green mark (check all).
Now, click GO and let the tool do his job.
When the program has finished, close the window by pressing Exit

Do you still have problems/a slow computer?
If yes, Which problems do you have exactly?

#7 frankmeardon

frankmeardon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 28 June 2008 - 05:35 AM

Hi Superbird,

Good to hear my PC is clean so far as you can tell. Tried to download Dial a Fix 2006, uzipped folder and attempted to open DAF - looks like it's not Vista ready, following error message - Dial a fix is not ready for Vista (yet) There are many changes in Vista that prevent the normal operation of dial a fix. Checked authors site, no Vista compatable DAF available.

It would be much easier to explain if I could attach screenshots, however try as I have I can't find a way of doing it - I'm using Paint and Snip. Can you advise please?

Here's why I think my PV may have an infection -

1. It may be that I worry too much and without cause re security.
2. I'm pretty much self taught, so maybe I'm misinterpreting situations and/or data I find in areas of the PC I don't deeply understand.

If either proves to be the case then I'll owe you an apology for time wasting.

Meanwhile here's the list of malware indicators -

3. SpybotS&D - I run Spybot in advanced mode. In Spybot Tools, System StartUp is listed apps that run on system startup, see below.

In the right hand panel of SBot there's data and description, giving user some detail to help decide if startup should continue or not, to save resource. Here's what's included under the Kaspersky startup entry -

Current Filename - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security7.0\avp.exe
DataBase Status - not required - virus, spyware, malware or other resource log
Value - AVP
Filename - (path to Trojan)
Description - Added by the MUTBO-A Trojan

Also listed with Trojan references are -

SunJavaUpdateSched, javamx.exe SDBOT-WI WORM
SunJavaUpdateSced, scvhost.exe SDBOT -AVX WORM

I've assumed this indicates my PC has infections.


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---System StartUP

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-06-19 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-17 Includes\Adware.sbi
2008-06-18 Includes\AdwareC.sbi
2008-06-18 Includes\Beta.sbi
2007-11-06 Includes\Beta.uti
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-24 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-16 Includes\Hijackers.sbi
2008-06-17 Includes\HijackersC.sbi
2008-06-25 Includes\Keyloggers.sbi
2008-06-24 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-06-24 Includes\Malware.sbi
2008-06-24 Includes\MalwareC.sbi
2008-06-17 Includes\PUPS.sbi
2008-06-24 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-06-18 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-17 Includes\Spyware.sbi
2008-06-17 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-24 Includes\Trojans.sbi
2008-06-25 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, a-squared
command: "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
file: C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 2132112
MD5: 5ADFF7D8831251DCB5039C74CBFAF58C

Located: HK_LM:Run, AVP
command: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
file: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
size: 227856
MD5: 7519905CD74F26E9385B83BF2EF242C2

Located: HK_LM:Run, ISTray
command: "C:\Program Files\Spyware Doctor\pctsTray.exe"
file: C:\Program Files\Spyware Doctor\pctsTray.exe
size: 1107848
MD5: 1AC2459FC32ACCD069D75A4240F75385

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:Run, AVP (DISABLED)
command: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
file: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
size: 227856
MD5: 7519905CD74F26E9385B83BF2EF242C2

Located: HK_LM:Run, ISTray (DISABLED)
command: "C:\Program Files\Spyware Doctor\pctsTray.exe"
file: C:\Program Files\Spyware Doctor\pctsTray.exe
size: 1107848
MD5: 1AC2459FC32ACCD069D75A4240F75385

Located: HK_LM:Run, RtHDVCpl (DISABLED)
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4907008
MD5: B503285B5D1CAC5AE445D60C690DCFF9

Located: HK_LM:Run, StartCCC (DISABLED)
command: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 90112
MD5: 033FF248550305ED52ED2D2844A8A11B

Located: HK_LM:Run, UpdReg (DISABLED)
command: C:\Windows\UpdReg.EXE
file: C:\Windows\UpdReg.EXE
size: 90112
MD5: C419DF63E0121D72411285780C2FC6CC

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-485629900-3275589529-764576695-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, RoboForm (DISABLED)
where: S-1-5-21-485629900-3275589529-764576695-1000...
command: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
file: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 160592
MD5: AD124C23E4D961354492CC1F5C61F4BA

Located: Startup (user), Secunia PSI (RC3).lnk (DISABLED)
where: C:\Users\FMCOMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Secunia\PSI (RC3)\psi.exe
file: C:\Program Files\Secunia\PSI (RC3)\psi.exe
size: 663552
MD5: A53A32D97CD02E0319765EA55B5F9FEA

Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, klogon
command: C:\Windows\system32\klogon.dll
file: C:\Windows\system32\klogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!


4. Unable to update - as mentioned earlier, I am unable to update Vista/Defender and am being hit with an error code indicating an issue with syncing time with delivery server. I have read that this issue could be conected to Malware that is smart enough to change reg entries, altering the system time that update servers see, thereby preventing updates,also, changing update messages to report update successful, when it was not.

Here's a copy of an event log for time service, note the two different times,
first time in line three reports16:32:21.
second time further down listed as TimeCreated SystemTime="2008-06-18T15:32:21.000Z" />



Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 18/06/2008 16:32:21
Event ID: 134
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: PC
Description:
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" EventSourceName="W32Time" />
<EventID Qualifiers="33370">134</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-06-18T15:32:21.000Z" />
<EventRecordID>363</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security />
</System>
<EventData Name="MSG_MANUAL_PEER_DNS_ERROR">
<Data Name="ErrorMessage">No such host is known. (0x80072AF9)</Data>
<Data Name="RetryMinutes">15</Data>
<Data Name="DomainPeer">time.windows.com,0x9</Data>
</EventData>
</Event>

5. PC Freezes on numerous occainsions, can only either switch off from tower, or unplug electric cable.

6. Security tools not recognising manufacturers and applications on install attempts. Today I tried to reinstall McAffee Site Advisor from McAffee.com, Kaspewrsky, A-Squared and Defender all flagged warnings, listed details below



MCAFEE SITE ADVISOR INSTALL ATTEMPT DETAILS

A-Squared Alerts

File properties:
File name: SiteAdv.exe
File path: C:\Users\FMCOMP\AppData\Local\Temp\
Description: info not available
Company: info not available
Version: info not available
Copyright: info not available

Process details:
Run as service: No
Started by autorun: No


File properties:
File name: SiteAdv.exe
File path: C:\Users\FMCOMP\AppData\Local\Temp\
Description: info not available
Company: info not available
Version: info not available
Copyright: info not available

Process details:
Run as service: No
Started by autorun: No


Then Different .exe, different path ie to Programme Files

File properties:
File name: SiteAdv.exe
File path: C:\PROGRAM FILES\SITEADVISOR\6261\SITEADV.EXE
Description: info not available
Company: info not available
Version: info not available
Copyright: info not available

Process details:
Run as service: No
Started by autorun: Yes


Kaspersky Alert

Possible Trojan or Spyware Downloader
McAffee SiteAdvisor

Behaviour typical of Trojans
Trojan.generic

COM Surrogate


WINDOWS DEFENDER

When click to update A-Squared says

Possible backdoor or spyware - possiblemalicious behaviour

C:\WINDOWS\SYSTEM32\DLLHOST.EXE

C:\WINDOWS\SYSTEM32\DLLHOST.EXE

Hope this helps, and I'm not wasting your time.

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 June 2008 - 06:40 AM

Hi,

And I really don't see any infection present. Do this:

Go to Kaspersky Online Scanner
Click "Accept".
Scan your whole computer, and post the logfile in your next reply.

#9 frankmeardon

frankmeardon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 30 June 2008 - 11:25 AM

Hi Superbird,

Whilst the online scanner worked well, and showed no infections, there were numerous locked files listed. After almost an hours work there seems to be no way to copy this list. I was also unable to save the log file of results, the system forced me to save into a temp file, then when I tried to open no such file existed.

I'm so frustrated with things not working without real complications, and I've spent days trying to sort things out, to no avail, I've decided to format/reformat and re-install from ground up, I have relevant discs plus support contract from Dell.

Thanks for your time and help, it's great to know that people like you are willing and able to help folks like me.

Cheers

Frank

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 June 2008 - 12:37 PM

Hi,

What problems do you still have exactly?

#11 frankmeardon

frankmeardon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 01 July 2008 - 05:56 PM

Hi,

System Freezes - only solution is to unplug power supply, happens 3 times a week or more. Hijack?

IE7 Freeze, happens frequently, maybe hijack?

Unable to update windows, I think that registry has been changed so that systime out of sync with updateserver? - see previous note.

Note within Spybot which seems to confirm presence of Malware? see previous response

Phising filter - when I click on check website, in Tools, Phising Filter recieve the following message
"Phising filter cannot check this website, Microsoft Online Service is temporarily unavailable"
It has been unavailable for 3 to 4 weeks, I don't believe this. Maybe sign of Malware?


C:\$$DeleteMe.$$DeleteMe.$$DeleteMe.$$DeleteMe.$$DeleteMe.$$DeleteMe..01c8d2af45a1a2ff.0001.01c8d2af657738f8.0000.01c8d2b3f3412fcd.0000.01c8d2b41a0f3738.0000.01c8d2bd08d798f3.0000.01c8d2bd2c9fee7f.0000

It's not a file I have saved/changed/opened I've never seen anything quite like this file name - malware?

I've been working with PC's since the mid 80's, and I have a gut feel that something is not right, that the PC has a lurking piece of nasty somewhere.

Some programme (.exe) files installed to temp files (I'll send you some examples tomorrow, it's almost midnight and I have to sleep)

Cheers

Frank

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 02 July 2008 - 12:26 AM

Hi,

I think you could better post a HijackThislog. You'll find the steps you need to do here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
If you have questions about posting a Hijackthislog, please ask.

Good luck. :thumbsup:

#13 frankmeardon

frankmeardon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 03 July 2008 - 05:57 AM

Hi,

I've read instructions, and actioned the suggestions prior to running HJThis.

Edited by Orange Blossom, 04 July 2008 - 11:42 PM.
Removed HJT log. ~ OB


#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 04 July 2008 - 03:43 AM

Hi,

Good luck with it.
You're welcome. :thumbsup:

Take care

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,849 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 04 July 2008 - 11:46 PM

Hello frankmeardon,

Now that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/155795/i-think-my-pc-is-infected-help-required-please/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

Note that I inserted the link from this topic into your HJT topic. To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users