Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud Found But Can't Remove It Please Help


  • Please log in to reply
23 replies to this topic

#1 drozee78

drozee78

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 02 June 2007 - 05:45 PM

i have run ad aware, spy sweeper, and spybot search and destroy. it still hasn't cleared it.

Logfile of HijackThis v1.99.1
Scan saved at 6:26:57 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AMERIC~1.0B\waol.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX17.277\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe (file missing)

here is my log. thank you in advance for any assistance you can give me.

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:05 AM

Posted 03 June 2007 - 11:54 AM

Hello drozee78,

What is finding smitfraud? Where is the location? If you have a log, please post it.


Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Edited by SifuMike, 03 June 2007 - 11:55 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 10:24 AM

both ad aware and spy search and destroy found four instances of smitfraud. but could only remove one. i am not sure if either of those programs produces a log like smitfraudfix did though. if it does and you could tell me where to locate it i would happily post it. here is the smitfraudfix log you requested though.
SmitFraudFix v2.191

Scan done at 11:13:59.19, Mon 06/04/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1127427244\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1127427244\ee\aolsoftware.exe
c:\program files\common files\aol\1127427244\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{50EDBD88-DC17-491D-881B-8F9B812D4BB3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{50EDBD88-DC17-491D-881B-8F9B812D4BB3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{50EDBD88-DC17-491D-881B-8F9B812D4BB3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:05 AM

Posted 04 June 2007 - 11:28 AM

Hi drozee78,

both ad aware and spy search and destroy found four instances of smitfraud. but could only remove one. i am not sure if either of those programs produces a log like smitfraudfix did though. if it does and you could tell me where to locate it i would happily post it.




Here is how to get the Spybot 1.4 log and Ad-aware SE log.

You can get the log by opening Spybot 1.4> select Mode> Advanced > Tools> View Report> copy and paste the report to your reply.


The fastest way to get the Adaware SE log is to navigate to your Ad-aware SE folder: C:\Documents and Settings\USER NAME\Application Data\Lavasoft\Ad-Aware\Logs.

Open this folder and find the correct log.
The logs are named "Ad-Aware log##-##-##.txt" (the #'s will be the date of the scan). Highlight all of the text in the logfile with your mouse.
On your keyboard, press Ctrl + C, which will copy the text to your clipboard.
Now be online, logged in and ready to post your logfile.
Press Ctl and V and that will copy your logfile to the post!

Edited by SifuMike, 04 June 2007 - 11:29 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 12:20 PM

first part of spybot log. its very big and wasn't sure if it would fit in one post so i am breaking it up.
thank you for the easy directions! :thumbsup:
--- Search result list ---
Smitfraud-C.CoreService: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

Smitfraud-C.CoreService: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core

Smitfraud-C.CoreService: Data (File, fixing failed)
C:\WINDOWS\system32\drivers\core.cache.dsk

Smitfraud-C.CoreService: System file (File, fixing failed)
C:\WINDOWS\system32\drivers\core.sys

Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Statcounter: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Zedo: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


WebTrends live: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


AdRevolver: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


AdRevolver: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


TagASaurus: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-02 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-30 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-05-30 Includes\DialerC.sbi (*)
2007-05-30 Includes\Hijackers.sbi (*)
2007-05-30 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-05-30 Includes\KeyloggersC.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-05-30 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-05-30 Includes\PUPSC.sbi (*)
2007-05-30 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-05-30 Includes\SecurityC.sbi (*)
2007-05-30 Includes\Spybots.sbi (*)
2007-05-30 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi (*)
2007-05-30 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888239
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 256576
MD5: d2ed7af383aab672cb7e135040967954

Located: HK_LM:Run, MPFEXE
command: "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
file: C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
size: 992808
MD5: ff79902a27581102d8565aef54ba91f6

Located: HK_LM:Run, pccguide.exe
command: "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
file:

Located: HK_LM:Run, PCClient.exe
command: "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: d195e74b712dd105402b90e6cb28263f

Located: HK_LM:Run, SpySweeper
command: "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
size: 3653120
MD5: 21d45fa761453c55bde632c68456fe9c

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9c1c80bbf8e6044980890e2d2d91091c

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file:

Located: HK_LM:Run, TM Outbreak Agent
command: "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
file: C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
size: 290816
MD5: 276ac4907973330c51ce6023b9d5898b

Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_LM:RunOnceEx,
command:
file:

Located: HK_CU:Run, AOL Fast Start
command: "C:\Program Files\America Online 9.0b\AOL.EXE" -b
file: C:\Program Files\America Online 9.0b\AOL.EXE
size: 50776
MD5: eb5b898ce2ffa25335ee71a020eba4ec

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: Startup (common), Kodak software updater.lnk
command: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
file: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
size: 16423
MD5: db9012564169875f5b2aa7f5fc4905e4

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (disabled), BigFix (DISABLED)
command: C:\PROGRA~1\BigFix\BigFix.exe /atstartup
file: C:\PROGRA~1\BigFix\BigFix.exe
size: 1742384
MD5: 3802278fed9e3594b4bc3377ff0cff3b

Located: Startup (disabled), Install Pending Files (DISABLED)
command: C:\PROGRA~1\SIFXINST\SIFXINST.EXE /ApplyPending
file: C:\PROGRA~1\SIFXINST\SIFXINST.EXE
size: 729088
MD5: f114b3381d680d5dd79cc60cf356a9fd

Located: Startup (disabled), palstart (DISABLED)
command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
file:

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/24/2005 12:12:08 AM
Date (last access): 6/4/2007 12:39:16 PM
Date (last write): 1/12/2006 8:38:22 PM
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: ssv.dll
Short name:
Date (created): 6/2/2007 5:35:10 PM
Date (last access): 6/4/2007 12:39:16 PM
Date (last write): 3/14/2007 3:43:40 AM
Filesize: 501400
Attributes: archive
MD5: 70FD57D6EDBED8D80C1995257C99D27E
CRC32: 3CE654AC
Version: 6.0.10.6



--- ActiveX list ---
{05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object)
DPF name:
CLSID name: StagingUI Object
Installer:
Codebase: http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
description:
classification: Legitimate
known filename: StagingUI.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: StagingUI.ocx
Short name: STAGIN~1.OCX
Date (created): 1/24/2007 10:24:24 PM
Date (last access): 6/2/2007 7:25:42 PM
Date (last write): 1/24/2007 10:24:24 PM
Filesize: 397720
Attributes: archive
MD5: FF58F2E8ADD7A21AC10888189A2DA62E
CRC32: 118A20A8
Version: 9.5.5579.1

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwa...director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 7/23/2006 6:59:00 PM
Date (last access): 5/27/2007 10:54:50 PM
Date (last write): 6/26/2006 10:10:34 AM
Filesize: 54960
Attributes: archive
MD5: 7E8A1C5DC0F1372BB2D170B0A88ED0C3
CRC32: 0DEDE8C7
Version: 10.1.3.18

{3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite)
DPF name:
CLSID name: MSN Games – Buddy Invite
Installer:
Codebase: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
description:
classification: Legitimate
known filename: ZBuddy.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZBuddy.ocx
Short name:
Date (created): 1/24/2007 10:24:24 PM
Date (last access): 6/2/2007 7:25:42 PM
Date (last write): 1/24/2007 10:24:24 PM
Filesize: 232352
Attributes: archive
MD5: 560B653EF510810B4CEF62827E8C095F
CRC32: 13E185C2
Version: 9.5.5579.1

{5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object)
DPF name:
CLSID name: ZonePAChat Object
Installer:
Codebase: http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
description:
classification: Legitimate
known filename: ZPAChat.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZPAChat.ocx
Short name:
Date (created): 1/24/2007 10:24:28 PM
Date (last access): 6/2/2007 7:25:42 PM
Date (last write): 1/24/2007 10:24:28 PM
Filesize: 509848
Attributes: archive
MD5: A91F756CE0A17EB8EACE27A9086E215A
CRC32: 96795A06
Version: 9.5.5579.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 6/2/2007 6:28:44 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 5/29/2003 4:00:20 PM
Date (last access): 6/4/2007 11:22:18 AM
Date (last write): 5/29/2003 4:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 1/24/2007 6:39:48 PM
Date (last access): 6/2/2007 7:25:42 PM
Date (last write): 1/24/2007 6:39:48 PM
Filesize: 149544
Attributes: archive
MD5: AA9F01AD8F571FAF01C52081943E7FCF
CRC32: 19359EEF
Version: 9.5.5579.1

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 6/4/2007 12:59:08 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 6/4/2007 12:59:08 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwa...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 6:46:26 PM
Date (last access): 6/4/2007 11:10:20 AM
Date (last write): 11/9/2006 6:46:26 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0

{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator)
DPF name:
CLSID name: MSN Games – Game Communicator
Installer:
Codebase: http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
description:
classification: Legitimate
known filename: StProxy.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: StProxy.dll
Short name:
Date (created): 1/24/2007 10:24:24 PM
Date (last access): 6/4/2007 11:22:18 AM
Date (last write): 1/24/2007 10:24:24 PM
Filesize: 299432
Attributes: archive
MD5: C68867D8C7C098AA75A40D6BB1706BE4
CRC32: D775327E
Version: 9.5.5579.1

{FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object)
DPF name:
CLSID name: CheckersZPA Object
Installer:
Codebase: http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: CheckersZPA.ocx
Short name: CHECKE~1.OCX
Date (created): 1/26/2007 12:01:20 PM
Date (last access): 6/2/2007 7:25:42 PM
Date (last write): 1/26/2007 12:01:20 PM
Filesize: 373144
Attributes: archive
MD5: 8CB3DD360D599CAF5D5FC78F866A1A63
CRC32: F2DCAB69
Version: 9.5.5579.1

-- Process list ---
PID: 0 ( 0) [System]
PID: 700 ( 4) \SystemRoot\System32\smss.exe
PID: 1208 ( 700) \??\C:\WINDOWS\system32\csrss.exe
PID: 1236 ( 700) \??\C:\WINDOWS\system32\winlogon.exe
PID: 1280 (1236) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1292 (1236) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1480 (1280) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1588 (1280) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1628 (1280) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1688 (1280) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1836 (1280) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 296 (1280) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 404 (1280) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
size: 46640
MD5: 85180CF88C5EBAD73B452A43A004CA51
PID: 504 (1280) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 812 (1280) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
size: 280080
MD5: D3AC7881F875CC6EA7AC54F724DE76CE
PID: 1000 (1280) C:\Program Files\mcafee.com\personal firewall\MPFService.exe
size: 548864
MD5: 54762D5377D42E53BBFF823E631D1533
PID: 1048 (1280) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
size: 172032
MD5: 33D7285F12D934268A34206DFC4AD1B3
PID: 1108 (1280) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1120 (1280) C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
size: 2151936
MD5: 5718D799E0F4B1B53936E8239D30928A
PID: 1960 (1936) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2028 (1280) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 912 (1960) C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
size: 290816
MD5: 276AC4907973330C51CE6023B9D5898B
PID: 984 (1960) C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
size: 3653120
MD5: 21D45FA761453C55BDE632C68456FE9C
PID: 1072 (1960) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: D195E74B712DD105402B90E6CB28263F
PID: 1096 (1960) C:\Program Files\iTunes\iTunesHelper.exe
size: 256576
MD5: D2ED7AF383AAB672CB7E135040967954
PID: 1772 (1960) C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
size: 992808
MD5: FF79902A27581102D8565AEF54BA91F6
PID: 560 (1960) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01D90AE5DCCBCE0C7B52874FEC35A608
PID: 1164 (1960) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C
PID: 1084 (1960) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2296 (1280) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2356 (1280) C:\Program Files\iPod\bin\iPodService.exe
size: 492608
MD5: 688B773BA6074D5E9695EF1886FDCD3E
PID: 2388 (1960) C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
size: 16423
MD5: DB9012564169875F5B2AA7F5FC4905E4
PID: 1920 (1628) C:\WINDOWS\system32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 2160 (1628) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 3740 (2128) C:\Program Files\Common Files\AOL\1127427244\ee\aolsoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3
PID: 3336 (3740) C:\Program Files\Common Files\AOL\1127427244\ee\aolsoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3
PID: 2184 (3336) c:\program files\common files\aol\1127427244\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
size: 8784
MD5: 1690AF1445AA58FE6B335790019FCE22
PID: 4020 (1960) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3480 (2572) C:\Program Files\America Online 9.0b\waol.exe
size: 37464
MD5: 7FAB3C273C8214D517BDD0CBD2BA1815
PID: 3644 (3480) C:\Program Files\America Online 9.0b\shellmon.exe
size: 54872
MD5: B2179019B78406ED702AD87D5602B3F4
PID: 2548 (1960) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3320 (1960) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/4/2007 12:59:07 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/intl/ar/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.gatewaybiz.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.gatewaybiz.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{95E6656C-FD06-489D-8145-A77D109A263D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{95E6656C-FD06-489D-8145-A77D109A263D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{50EDBD88-DC17-491D-881B-8F9B812D4BB3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{50EDBD88-DC17-491D-881B-8F9B812D4BB3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3497D4E6-36C6-4D1B-9586-D28D4AD48620}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3497D4E6-36C6-4D1B-9586-D28D4AD48620}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{955BFF23-DCB0-49A8-8D84-4F570D95E42B}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{955BFF23-DCB0-49A8-8D84-4F570D95E42B}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F5CCDB05-70E7-4E58-8B41-796A3AD0AB3F}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F5CCDB05-70E7-4E58-8B41-796A3AD0AB3F}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9552320B-5C85-42AC-AE27-24F7C0E4B216}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9552320B-5C85-42AC-AE27-24F7C0E4B216}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADC44D22-BE03-46D1-820E-B87EDEF133CD}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADC44D22-BE03-46D1-820E-B87EDEF133CD}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

#6 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 12:25 PM

PART II OF SPY BOT

--- Uninstall list ---
(AddressBook)

Adobe Shockwave Player 10.1.3.18 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave

AnyDVD (AnyDVD)
install location: C:\Program Files\SlySoft\AnyDVD
uninstall cmd: "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
publisher: SlySoft

AOL Uninstaller (Choose which Products to Remove) (AOL Uninstaller)
uninstall cmd: C:\Program Files\Common Files\AOL\uninstaller.exe

AOL You've Got Pictures Screensaver (AOL YGP Screensaver)
uninstall cmd: C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe

AOL Coach Version 2.0(Build:20041026.5 en) (AolCoach2_en)
uninstall cmd: C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP

(AOLFirewall)
uninstall cmd: "C:\Program Files\mcafee.com\personal firewall\aol\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S

(AOLOCP_N)

Apex RM RMVB Converter 5.71 V5.71 (Apex RM RMVB Converter_is1)
install location: C:\Program Files\Apex\Apex RM RMVB Converter\
uninstall cmd: "C:\Program Files\Apex\Apex RM RMVB Converter\unins000.exe"
publisher: Apex Corporation
help link: http://www.tompegx.com/rm-converter.html

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

Battleship Chess (Battleship Chess_is1)
install location: C:\Program Files\Battleship Chess\
uninstall cmd: "C:\Program Files\Battleship Chess\unins000.exe"

Big Kahuna Reef (Big Kahuna Reef_is1)
install location: C:\Program Files\Big Kahuna Reef\
uninstall cmd: "C:\Program Files\Big Kahuna Reef\unins000.exe"

BigFix (BigFix)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"

Blox World (Blox World_is1)
install location: C:\Program Files\Blox World\
uninstall cmd: "C:\Program Files\Blox World\unins000.exe"

Bricktopia (Bricktopia_is1)
install location: C:\Program Files\Bricktopia\
uninstall cmd: "C:\Program Files\Bricktopia\ReflexiveArcade\unins000.exe"

Casino Island To Go (Casino Island To Go_is1)
install location: C:\Program Files\Casino Island To Go\
uninstall cmd: "C:\Program Files\Casino Island To Go\ReflexiveArcade\unins000.exe"

CloneDVD2 (CloneDVD2)
install location: C:\Program Files\Elaborate Bytes\CloneDVD2
uninstall cmd: "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
publisher: Elaborate Bytes

CloneDVDmobile (CloneDVDmobile)
install location: C:\Program Files\SlySoft\CloneDVDmobile
uninstall cmd: "C:\Program Files\SlySoft\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="C:\Program Files\SlySoft\CloneDVDmobile"
publisher: SlySoft

Conexant AC-Link Audio (CNXT_AUDIO)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -IQTA0360.INF

Soft Data Fax Modem with SmartCP (CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_0360107B)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_0360107B\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_0360107B

(Conexant PCI Audio)

(Connection Manager)

Cucusoft DVD to iPod + iPod Video Converter Suite 5.28.5.12 (Cucusoft DVD to iPod + iPod Video Converter Suite_is1)
install location: C:\Program Files\Cucusoft\ipod-converter\
uninstall cmd: "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
publisher: Cucusoft, Inc.
help link: http://www.cucusoft.com

(DirectAnimation)

(DirectDrawEx)

Dream Day Wedding (Dream Day Wedding_is1)
install date: 20070209
install location: C:\Program Files\Dream Day Wedding\
uninstall cmd: "C:\Program Files\Dream Day Wedding\ReflexiveArcade\unins000.exe"

(DXM_Runtime)

(Fontcore)

Gem Mine (Gem Mine_is1)
install location: C:\Program Files\Gem Mine\
uninstall cmd: "C:\Program Files\Gem Mine\unins000.exe"

Guardian (Guardian_is1)
install location: C:\Program Files\Guardian\
uninstall cmd: "C:\Program Files\Guardian\ReflexiveArcade\unins000.exe"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX02.961\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

IncrediMail Xe 5.2.5.2670 (IncrediMail)
uninstall cmd: C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
publisher: IncrediMail Ltd.
help link: http://www.incredimail.com/english/help/index.html

(InstallShield Uninstall Information)

Texas Instruments PCIxx21/x515 drivers. 1.09.0000 (InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC})
version: 17367040
version (major): 1
version (minor): 9
estimated size: 620
install date: 20050922
install source: D:\I386\APPS\APP02892\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
publisher: Texas Instruments Inc.
comments: TI PCIxx21/PCIx515 Software components
contact: Customer Support Department
help link: Please contact your vendor directly
help telephone: ...

READIO 1.0.0000 (InstallShield_{B9CB28DB-21A7-46C3-972A-F20701908021})
version: 16777216
version (major): 1
estimated size: 70188
install date: 20070204
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\WZSE0.TMP\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{B9CB28DB-21A7-46C3-972A-F20701908021}
publisher: Readio Network
comments: -
contact: Customer Support Department
help link: http://www.readionetwork.com
help telephone: 781-453-4060
readme: Readme.txt

InterActual Player (InterActual Player)
uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe

Jewel Quest (Jewel Quest_is1)
install location: C:\Program Files\Jewel Quest\
uninstall cmd: "C:\Program Files\Jewel Quest\ReflexiveArcade\unins000.exe"

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888239 20041124.162528 (KB888239)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888239

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Security Update for Windows XP (KB893066) 2 (KB893066)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) (KB893803)
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Hotfix for Windows XP (KB896344) 2 (KB896344)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344

Security Update for Windows XP (KB896358) 1 (KB896358)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051225
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458

Update for Windows XP (KB898461) 1 (KB898461)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899589) 1 (KB899589)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060427
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051226
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060119
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051226
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911280) 1 (KB911280)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060207
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060715
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060715
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060715
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20061116
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Windows XP (KB922760) 1 (KB922760)
install date: 20061116
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922760

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB923689) (KB923689)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694

Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20061116
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20061116
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667

Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398

Security Update for Windows XP (KB925454) 1 (KB925454)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925454

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20060927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

Security Update for Windows XP (KB925902) 1 (KB925902)
install date: 20070406
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925902

Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255

Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436

Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779

Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802

Update for Windows XP (KB927891) 3 (KB927891)
install date: 20070523
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927891

Security Update for Windows XP (KB928090) 1 (KB928090)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090

Security Update for Windows XP (KB928255) 1 (KB928255)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928255

Security Update for Windows XP (KB928843) 1 (KB928843)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928843

Update for Windows XP (KB929338) 1 (KB929338)
install date: 20070316
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929338

Security Update for Windows XP (KB929969) 1 (KB929969)
install date: 20070111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969

Security Update for Windows XP (KB930178) 1 (KB930178)
install date: 20070411
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930178

Update for Windows XP (KB930916) 1 (KB930916)
install date: 20070509
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930916

Security Update for Windows XP (KB931261) 1 (KB931261)
install date: 20070411
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931261

Security Update for Windows XP (KB931768) 1 (KB931768)
install date: 20070509
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768

Security Update for Windows XP (KB931784) 1 (KB931784)
install date: 20070411
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931784

Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836

Security Update for Windows XP (KB932168) 1 (KB932168)
install date: 20070411
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932168

CloneDVD 4.1.0.23 (MainApp.exe_is1)
install date: 20070525
install location: C:\Program Files\CloneDVD\
uninstall cmd: "C:\Program Files\CloneDVD\unins000.exe"
publisher: Copyright © 2003-2007 DVD X Studios.
comments: http://www.clonedvd.net
help link: http://www.clonedvd.net

MaxGammon (MaxGammon_is1)
install location: C:\Program Files\MaxGammon\
uninstall cmd: "C:\Program Files\MaxGammon\ReflexiveArcade\unins000.exe"

(McAfee Personal Firewall Plus API)
uninstall cmd: C:\Program Files\Common Files\McAfee\Installer\mcinst.exe "C:\Program Files\mcafee.com\personal firewall\mpfp.inf" /uninstall

(MobileOptionPack)

Microsoft Money 2005 14 (Money2005b)
uninstall cmd: C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
publisher: Microsoft
comments: The installation database contains the logic and data required to install Money 2005.
help link: http://support.microsoft.com
help telephone: (800) 936-5700

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero BurnRights (Nero BurnRights!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL

(NetMeeting)

(OutlookExpress)

Paltalk Messenger 8.4 (PalTalk8.2)
uninstall cmd: "C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
publisher: AVM Software Inc.
contact: AVM Software Inc. Support Department
help link: http://www.paltalk.com

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Microsoft Digital Image Starter Edition 2006 11.0.0422 (PictureItSuiteTrial_v11)
install location: C:\Program Files\Microsoft Digital Image 2006\
install source: D:\I386\APPS\APP25667\pod\
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?prd=10964&...p;sar=PictureIt

Pure Networks Port Magic 1.2.1393.0 (Port Magic)
install location: C:\Program Files\Pure Networks\Port Magic
uninstall cmd: C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
publisher: Pure Networks
help link: http://aol-support.purenetworks.com

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

(Shockwave)

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Safety and Security Center Uninstaller (SSC Uninstaller)
uninstall cmd: C:\Program Files\Common Files\AOL\uninstaller.exe

Streambox Vcr Suite 2 (Streambox Vcr Suite_is1)
uninstall cmd: "C:\Program Files\StreamboxVcrSuite2\unins000.exe"
publisher: The Streaming Media Recording Forum
help link: http://pub25.ezboard.com/fstreemeboxvcrfrm1

Synaptics Pointing Device Driver 7.12.3.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

The_Free_Copts Toolbar (The_Free_Copts Toolbar)
uninstall cmd: C:\PROGRA~1\THE_FR~1\UNWISE.EXE C:\PROGRA~1\THE_FR~1\INSTALL.LOG

Thomas & Friends - Trouble on the Tracks (Thomas & Friends - Trouble on the Tracks)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Thomas & Friends - Trouble on the Tracks\Uninst.isu"

TriPeaks Solitaire To Go (TriPeaks Solitaire To Go_is1)
install location: C:\Program Files\TriPeaks Solitaire To Go\
uninstall cmd: "C:\Program Files\TriPeaks Solitaire To Go\ReflexiveArcade\unins000.exe"

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20060616
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.5.0540.0 (WgaNotify)
install date: 20060617
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

Wondershare DVD to iPod Ripper(Build 2.6.0.1) Trial Version (Wondershare DVD to iPod Ripper_is1)
install location: C:\Program Files\Wondershare\DVD to iPod Ripper\
uninstall cmd: "C:\Program Files\Wondershare\DVD to iPod Ripper\unins000.exe"
publisher: Wondershare Software
help link: http://www.dvd-ripper-copy.com/other/support.html

Yahoo! Toolbar (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

Yahoo! Toolbar (Yahoo! Toolbar)

Zodiac Tower (Zodiac Tower_is1)
install location: C:\Program Files\Zodiac Tower\
uninstall cmd: "C:\Program Files\Zodiac Tower\ReflexiveArcade\unins000.exe"

Microsoft Office 2000 Premium 9.00.2720 ({00000409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 184215
install date: 20060326
install source: E:\o2k\
uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

Notifier 5.03.0000.0001 ({0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 2334
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Notifier\
uninstall cmd: MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

kgchlwn 5.03.0000.0002 ({03EDED24-8375-407D-A721-4643D9768BE1})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 457
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgchlwn\
uninstall cmd: MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

ESSSONIC 5.3.0000.0001 ({073F22CE-9A5B-4A40-A604-C7270AC6BF34})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 2801
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sonic\
uninstall cmd: MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

Canon iP1700 ({1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700)
uninstall cmd: "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700 /L0x0009

kgchday 5.03.0000.0002 ({11F3F858-4131-4FFA-A560-3FE282933B6E})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 12657
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgchday\
uninstall cmd: MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

ESSPCD 5.03.0000.0001 ({14D4ED84-6A9A-45A0-96F6-1753768C3CB5})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 197
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sysext\ESSpcd\
uninstall cmd: MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

Recovery Software Suite Gateway 1.00.0000 ({15377C3E-9655-400F-B441-E69F0A6BEAFE})
version: 16777216
version (major): 1
estimated size: 5309
install date: 20050922
install location: C:\WINDOWS\
install source: D:\I386\APPS\APP20648\
publisher: Gateway

HLPPDOCK 5.03.0000.0001 ({154508C0-07C5-4659-A7A0-E49968750D21})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 45
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\HLPPDOCK\
uninstall cmd: MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
readme: _

essvatgt 5.03.0000.0001 ({2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 105
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ess\essvatgt\
uninstall cmd: MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
publisher: EASTMAN KODAK Company
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

J2SE Runtime Environment 5.0 Update 2 1.5.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0150020})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 120657
install date: 20050922
install source: C:\Documents and Settings\Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_02\README.txt

Java™ SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 163726
install date: 20070602
install source: http://javadl.sun.com/webapps/download/Get...6/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20040826
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20061116
install source: c:\fb31c480c5b4ea9af5dae525\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

Trend Micro Antivirus 11.25 ({3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C})
version: 186187776
version (major): 11
version (minor): 25
estimated size: 25701
install date: 20051125
install location: C:\Program Files\Trend Micro\Antivirus\
install source: E:\Setup\
uninstall cmd: MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}
publisher: Trend Micro
help link: http://kb.trendmicro.com/solutions/
help telephone: 949-387-7800

OTtBPSDK 4.00.0000.0000 ({3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353})
version: 67108864
version (major): 4
estimated size: 530
install date: 20060128
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\OTTBPSDK\
uninstall cmd: MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
publisher: EASTMAN KODAK Company
contact: Customer Support Department
help link: http://www.kodak.com/go/easysharesupport

Microsoft Works 08.04.0623 ({416D80BA-6F6D-4672-B7CF-F54DA2F80B44})
version: 134480495
version (major): 8
version (minor): 4
estimated size: 294265
install date: 20040811
install source: E:\MSWORKS\
uninstall cmd: MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
publisher: Microsoft Corporation
comments: Microsoft Works 8.0 installation.
help link: http://support.microsoft.com/support/works
help telephone:

CR2 4.00.0000.0003 ({432C3720-37BF-4BD7-8E49-F38E090246D0})
version: 67108864
version (major): 4
estimated size: 581
install date: 20060128
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\KDEVICES\CR2\
uninstall cmd: MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

iTunes 7.0.2.16 ({446DBFFA-4088-48E3-8932-74316BA4CAE4})
version: 117440514
version (major): 7
estimated size: 48898
install date: 20061223
install location: C:\Program Files\iTunes\
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP720.TMP\
uninstall cmd: MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

QuickTime 7.1.3.170 ({50D8FFDD-90CD-4859-841F-AA1961C7767A})
version: 117506051
version (major): 7
version (minor): 1
estimated size: 71803
install date: 20061223
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP720.TMP\
uninstall cmd: MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

CardRd81 4.00.0000.0004 ({54C8FE84-89C4-40E8-976C-439EB0729BD6})
version: 67108864
version (major): 4
estimated size: 505
install date: 20060128
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\KDEVICES\CR8in1\
uninstall cmd: MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:

Spy Sweeper 4.5 ({5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1)
install location: C:\Program Files\Webroot\Spy Sweeper\
uninstall cmd: "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
publisher: Webroot Software, Inc.

Microsoft Digital Image Starter Edition 2006 Editor 11.0.0422 ({5D95AD35-368F-47D5-B63A-A082DDF00111})
version: 184549798
version (major): 11
estimated size: 227167
install date: 20050922
install source: D:\I386\APPS\APP25667\
publisher: Microsoft Corporation
comments: Microsoft Digital Image Starter Edition 2006 Editor
help link: http://go.microsoft.com/fwlink/?prd=10964&...p;sar=PictureIt
help telephone:

#7 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 12:30 PM

SHASTA 5.03.0000.0002 ({605A4E39-613C-4A12-B56F-DEFBE6757237})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 3853
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\SHASTA\
uninstall cmd: MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

TIxx21 1.09.0000 ({612DC38A-B36A-4699-88EB-12C7394DE2FC})
version: 17367040
version (major): 1
version (minor): 9
estimated size: 620
install date: 20050922
install source: D:\I386\APPS\APP02892\
publisher: Texas Instruments Inc.
comments: TI PCIxx21/PCIx515 Software components
contact: Customer Support Department
help link: Please contact your vendor directly
help telephone: ...

ESSBrwr 5.03.0000.0101 ({643EAE81-920C-4931-9F0B-4B343B225CA6})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 256
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sysext\Essbrwr\
uninstall cmd: MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
publisher: CyberLink Corporation
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298

Microsoft Digital Image Starter Edition 2006 Library 11.0.0422 ({691F4068-81BF-49E3-B32E-FE3E16400111})
version: 184549798
version (major): 11
estimated size: 32724
install date: 20050922
install source: D:\I386\APPS\APP25667\pod\
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?prd=10964&...p;sar=PictureIt
help telephone: (425)

kgckids 5.03.0000.0002 ({693C08A7-9E76-43FF-B11E-9A58175474C4})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 2713
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgckids\
uninstall cmd: MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

Windows Backup Utility 5.1 ({76EFFC7C-17A6-479D-9E47-8E658C1695AE})
version: 83951616
version (major): 5
version (minor): 1
estimated size: 1233
install date: 20040826
install source: C:\Bundle\VALUEADD\MSFT\NTBACKUP\
uninstall cmd: MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/management

Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
version: 16777222
version (major): 1
estimated size: 3557
install date: 20070602
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
publisher: Lavasoft AB
help link: http://www.lavasoftsupport.com

ESShelp 5.03.0000.0003 ({87843A41-7808-4F2E-B13F-25C1E67CF2FD})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 1785
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESShelp\
uninstall cmd: MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

staticcr 5.03.0000.0001 ({8943CE61-53BD-475E-90E1-A580869E98A2})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 25
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\static\
uninstall cmd: MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

ESSTOOLS 5.00.0000.0004 ({8A502E38-29C9-49FA-BCFA-D727CA062589})
version: 83886080
version (major): 5
estimated size: 1573
install date: 20060128
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESSTOOLS\
uninstall cmd: MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

Intel® Extreme Graphics 2 Driver ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582

kgcvday 5.03.0000.0002 ({8A8664E1-84C8-4936-891C-BC1F07797549})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 5305
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcvday\
uninstall cmd: MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

Napster Burn Engine 2.5.0000 ({8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1})
version: 33882112
version (major): 2
version (minor): 5
estimated size: 7959
install date: 20050922
install location: C:\Program Files\Common Files\Roxio Shared\BurnPlugin\
install source: C:\Documents and Settings\Owner\Local Settings\Temp\{4AB4855E-0785-4453-A01E-D8D3CBBFFC5E}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Roxio\
uninstall cmd: MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
publisher: Roxio
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-5555

ESSini 5.03.0000.0201 ({8E92D746-CD9F-4B90-9668-42B74C14F765})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 69
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESSini\
uninstall cmd: MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:

Microsoft Office Standard Edition 2003 11.0.6361.0 ({91120409-6000-11D3-8CFE-0150048383C9})
version: 184555737
version (major): 11
estimated size: 453006
install date: 20050922
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

ESSgui 5.03.0000.0101 ({91517631-A9F3-4B7C-B482-43E0068FD55A})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 5565
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESSgui\
uninstall cmd: MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:

VPRINTOL 5.03.0000.0101 ({999D43F4-9709-4887-9B1A-83EBB15A8370})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 245
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\VPRINTOL\
uninstall cmd: MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

kgcinvt 5.03.0000.0003 ({9BD54685-1496-46A5-AB62-357CD140ED8B})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 6265
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcinvt\
uninstall cmd: MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

ESScore 5.03.0000.0301 ({9D8FEE90-0377-49A9-AEFB-525BDE549BA4})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 19420
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESScore\
uninstall cmd: MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:

Microsoft Digital Image Library 9 - Blocker 9.00.0000 ({9F7FC79B-3059-4264-9450-39EB368E3225})
version: 150994944
version (major): 9
publisher: Microsoft Corporation

kgcmove 5.03.0000.0003 ({A1588373-1D86-4D44-86C9-78ABD190F9CC})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 549
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcmove\
uninstall cmd: MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

Apple Software Update 1.0.2.1 ({A50C25D7-62E9-4511-AD70-8E2DA5E79B7D})
version: 16777218
version (major): 1
estimated size: 2460
install date: 20061223
install location: C:\Program Files\Apple Software Update\
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP720.TMP\
uninstall cmd: MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Adobe Reader 7.0.8 7.0.8 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440520
version (major): 7
estimated size: 61483
install date: 20060825
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

ESSCDBK 5.03.0000.0001 ({AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 401
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sysext\Esscdbk\
uninstall cmd: MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
publisher: EASTMAN KODAK Company
comments: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

OfotoXMI 5.03.0000.0302 ({B162D0A6-9A1D-4B7C-91A5-88FB48113C45})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 946
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Sysext\OFOTOXMI\
uninstall cmd: MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
readme: _

CCScore 5.03.0000.0003 ({B4B44FE7-41FF-4DAD-8C0A-E406DDA72992})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 409
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ccs\
uninstall cmd: MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:
readme:

KSU 632.62.0002.0001 ({B997C2A0-4383-41BF-B76E-9B8B7ECFB267})
version: 2017329154
version (major): 632
version (minor): 62
estimated size: 6490
install date: 20060128
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\
uninstall cmd: MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _
readme: _

READIO 1.0.0000 ({B9CB28DB-21A7-46C3-972A-F20701908021})
version: 16777216
version (major): 1
estimated size: 70188
install date: 20070204
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\WZSE0.TMP\
publisher: Readio Network
comments: -
contact: Customer Support Department
help link: http://www.readionetwork.com
help telephone: 781-453-4060
readme: Readme.txt

Napster 3.0.3.7 ({BBBCAE4B-B416-4182-A6F2-438180894A81})
version: 50331651
install location: C:\Program Files\Napster
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
publisher: Napster
contact: Customer Support
help link: mailto:support@napster.com

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 37015
install date: 20050922
install source: D:\I386\APPS\APP25908\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

MSN Messenger 7.5 7.5.0306.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
version: 117768498
version (major): 7
version (minor): 5
estimated size: 15734
install date: 20070113
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation

essvcpt 5.03.0000.0001 ({D1973749-F5E7-40EB-B528-F2B78685B9FF})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 29
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ess\essvcpt\
uninstall cmd: MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
publisher: EASTMAN KODAK Company
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: _

Kodak EasyShare software ({D32470A1-B10C-4059-BA53-CF0486F68EBC})
uninstall cmd: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_2c300c\Setup.exe /APR-REMOVE
publisher: Eastman Kodak Company

Macrogaming SweetIM 2.0 2.0.0008 ({D9BBFA60-4514-4F08-A78F-91957F957495})
version: 33554440
version (major): 2
estimated size: 4021
install date: 20070121
install location: C:\Program Files\Macrogaming\SweetIM\
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\{57AFAD28-F69A-4158-83D1-5469E0F0D92F}\
uninstall cmd: MsiExec.exe /X{D9BBFA60-4514-4F08-A78F-91957F957495}
publisher: Macrogaming LTD.
contact: SweetIM Technical Support Department
help link: http://www.sweetim.com

SFR 5.00.0000.0005 ({DB02F716-6275-42E9-B8D2-83BA2BF5100B})
version: 83886080
version (major): 5
estimated size: 2603
install date: 20060128
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\Sfr1\
uninstall cmd: MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
publisher: Eastman Kodak Company
comments: _
contact: _
help link: _
help telephone: _

kgcbaby 5.03.0000.0002 ({E18B549C-5D15-45DA-8D8F-8FD2BD946344})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 5273
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcbaby\
uninstall cmd: MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

({E85FA9A1-C241-4698-893B-DD99509B8DB0})

CA Pest Patrol Realtime Protection 001.001.0024 ({F05A5232-CE5E-4274-AB27-44EB8105898D})
version: 16842776
version (major): 1
version (minor): 1
estimated size: 3605
install date: 20070319
install source: C:\WINDOWS\Downloaded Installations\{06A0ED53-F3DC-4E3A-A4C2-77D03DA112C5}\
uninstall cmd: MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
publisher: Computer Associates Inc.
contact: http://www.ca.com
help link: http://www.ca.com

kgcbase 5.03.0000.0004 ({F22C222C-3CE2-4A4B-A83F-AF4681371ABE})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 14693
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\kgcbase\
uninstall cmd: MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

SKINXSDK 5.03.0000.0101 ({F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 5009
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\SKINXSDK\
uninstall cmd: MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

({F64306A5-4C32-41bb-B153-53986527FAB4})

SweetIM For Internet Explorer 3.0b 3.00.0022 ({F6D63A65-BD23-46F3-B9A3-87F442423481})
version: 50331670
version (major): 3
estimated size: 608
install date: 20070121
install location: C:\Program Files\Macrogaming\SweetIMBarForIE\
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\{B579FE5E-5BBC-4CCD-A38C-C01408F80CC3}\
uninstall cmd: MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481}
publisher: Macrogaming LTD.
contact: SweetIM Technical Support Department
help link: http://www.sweetim.com

OTtBP 5.03.0000.0001 ({F71760CD-0F8B-4DCC-B7B7-6B223CC3843C})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 577
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ottbp\
uninstall cmd: MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
publisher: EASTMAN KODAK Company
comments: _
contact: _
help link: http://www.kodak.com/go/easysharesupport
help telephone: 1-555-555-4505

({F90DA605-4E92-11D4-A319-00104BCAB4AB})

WIRELESS 5.03.0000.0003 ({F9593CFB-D836-49BC-BFF1-0E669A411D9F})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 233
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\wireless\
uninstall cmd: MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport

ESSPDock 5.03.0000.0008 ({FCDB1C92-03C6-4C76-8625-371224256091})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 5733
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\kdevices\pdock\
uninstall cmd: MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
publisher: EASTMAN KODAK Company
comments:
contact:
help link: http://www.kodak.com/go/easysharesupport
help telephone:

SKIN0001 5.03.0000.0101 ({FDF9943A-3D5C-46B3-9679-586BD237DDEE})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 10749
install date: 20070113
install source: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\SKIN0001\
uninstall cmd: MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
publisher: EASTMAN KODAK Company
help link: http://www.kodak.com/go/easysharesupport



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Image path: system32\DRIVERS\ABP480N5.SYS
Image size: 23552
Image MD5: 6ABB91494FE6C59089B9336452AB2EA3
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Display name: Microsoft Embedded Controller Driver
Image path: system32\DRIVERS\ACPIEC.sys
Image size: 11648
Image MD5: 9859C0F6936E723E4892D7141B1327D5
Start: 0
Type: 1
Error Control: 1

Service (registry key): adpu160m
Image path: system32\DRIVERS\adpu160m.sys
Image size: 101888
Image MD5: 9A11864873DA202C996558B2106B0BBC
Start: 0
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 1EE7B434BA961EF845DE136224C30FEC
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Display name: Intel AGP Bus Filter
Image path: system32\DRIVERS\agp440.sys
Image size: 42368
Image MD5: 2C428FA0C3E3A01ED93C9B2A27D8D4BB
Start: 0
Type: 1
Error Control: 1

Service (registry key): agpCPQ
Display name: Compaq AGP Bus Filter
Image path: system32\DRIVERS\agpCPQ.sys
Image size: 44928
Image MD5: 67288B07D6ABA6C1267B626E67BC56FD
Start: 0
Type: 1
Error Control: 1

Service (registry key): Aha154x
Image path: system32\DRIVERS\aha154x.sys
Image size: 12800
Image MD5: C23EA9B5F46C7F7910DB3EAB648FF013
Start: 0
Type: 1
Error Control: 1

Service (registry key): aic78u2
Image path: system32\DRIVERS\aic78u2.sys
Image size: 55168
Image MD5: 19DD0FB48B0C18892F70E2E7D61A1529
Start: 0
Type: 1
Error Control: 1

Service (registry key): aic78xx
Image path: system32\DRIVERS\aic78xx.sys
Image size: 56960
Image MD5: B7FE594A7468AA0132DEB03FB8E34326
Start: 0
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Image path: system32\DRIVERS\aliide.sys
Image size: 5248
Image MD5: 1140AB9938809700B46BB88E46D72A96
Start: 0
Type: 1
Error Control: 1

Service (registry key): alim1541
Display name: ALI AGP Bus Filter
Image path: system32\DRIVERS\alim1541.sys
Image size: 42752
Image MD5: F312B7CEF21EFF52FA23056B9D815FAD
Start: 0
Type: 1
Error Control: 1

Service (registry key): amdagp
Display name: AMD AGP Bus Filter Driver
Image path: system32\DRIVERS\amdagp.sys
Image size: 43008
Image MD5: 675C16A3C1F8482F85EE4A97FC0DDE3D
Start: 0
Type: 1
Error Control: 1

Service (registry key): amsint
Image path: system32\DRIVERS\amsint.sys
Image size: 12032
Image MD5: 79F5ADD8D24BD6893F2903A3E2F3FAD6
Start: 0
Type: 1
Error Control: 1

Service (registry key): AnyDVD
Display name: AnyDVD
Image path: System32\Drivers\AnyDVD.sys
Image size: 96328
Image MD5: A3676BFD030F909EC1951419A20C0C17
Start: 3
Type: 1
Error Control: 1

Service (registry key): AOL ACS
Display name: AOL Connectivity Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
Image size: 46640
Image MD5: 85180CF88C5EBAD73B452A43A004CA51
Start: 2
Type: 272
Error Control: 1

Service (registry key): AOL TopSpeedMonitor
Display name: AOL TopSpeed Monitor
Object name: LocalSystem
Image path: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Image size: 100016
Image MD5: 7FB54900AA9792AB6307C699EC1859D4
Start: 2
Type: 272
Error Control: 0

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: system32\DRIVERS\arp1394.sys
Image size: 60800
Image MD5: F0D692B0BFFB46E30EB3CEA168BBC49F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Image path: system32\DRIVERS\asc.sys
Image size: 26496
Image MD5: 62D318E9A0C8FC9B780008E724283707
Start: 0
Type: 1
Error Control: 1

Service (registry key): asc3350p
Image path: system32\DRIVERS\asc3350p.sys
Image size: 22400
Image MD5: 69EB0CC7714B32896CCBFD5EDCBEA447
Start: 0
Type: 1
Error Control: 1

Service (registry key): asc3550
Image path: system32\DRIVERS\asc3550.sys
Image size: 14848
Image MD5: 5D8DE112AA0254B907861E9E9C31D597
Start: 0
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: A986FCFDAC587E68478DB51547B90800
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:05 AM

Posted 04 June 2007 - 12:33 PM

Hi drozee78,

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post the ComboFix log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix.

To disable Norton AntiVirus Script Blocking
Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options. If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK

Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 12:36 PM

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): AVG Anti-Spyware Driver
Display name: AVG Anti-Spyware Driver
Image path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Image size: 4096
Image MD5: 7D78B7FD0EBE00F177B053A08C78E35B
Start: 1
Type: 1
Error Control: 1

Service (registry key): AVG Anti-Spyware Guard
Display name: AVG Anti-Spyware Guard
Object name: LocalSystem
Image path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Image size: 204800
Image MD5: E8FBDCC8D618D1BB84B828F247A6244B
Start: 2
Type: 16
Error Control: 1

Service (registry key): AvgAsCln
Display name: AVG Anti-Spyware Clean Driver
Image path: System32\DRIVERS\AvgAsCln.sys
Image size: 3968
Image MD5: 6D4A1DA6E6D522B3EBBCBFF4A3589EC5
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): BCM43XX
Display name: Broadcom 802.11 Network Adapter Driver
Image path: system32\DRIVERS\bcmwl5.sys
Image size: 371712
Image MD5: E7DEBB46B9EF1F28932E533BE4A3D1A9
Start: 3
Type: 1
Error Control: 1

Service (registry key): bcm4sbxp
Display name: Broadcom 440x 10/100 Integrated Controller XP Driver
Image path: system32\DRIVERS\bcm4sbxp.sys
Image size: 45056
Image MD5: 1D101B8ABD4509498B055877A82D17AA
Start: 3
Type: 1
Error Control: 1

Service (registry key): bdfdll
Display name: bdfdll
Image path: \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): Bdfndisf
Display name: BitDefender Firewall NDIS Filter Service
Image path: system32\DRIVERS\bdfndisf.sys
Image size: 71040
Image MD5: D0664E7BDBF5B9FE824C321B758E3E3E
Start: 3
Type: 1
Error Control: 1

Service (registry key): BDFSDRV
Display name: BDFSDRV
Image path: \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): bdftdif
Display name: bdftdif
Image path: \??\C:\Program Files\Common Files\Softwin\BitDefender Firewall\bdftdif.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): bdpredir
Display name: bdpredir
Image path: \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): CAMCAUD
Display name: Conexant AMC Audio
Image path: system32\drivers\camc6aud.sys
Image size: 38016
Image MD5: 9329D489979CB29BA5E2CFFC1DD28932
Start: 3
Type: 1
Error Control: 1

Service (registry key): CAMCHALA
Image path: system32\drivers\camc6hal.sys
Image size: 350976
Image MD5: 66FB398D9336FEE6BEA79B68F362B167
Start: 3
Type: 1
Error Control: 1

Service (registry key): cbidf
Image path: system32\DRIVERS\cbidf2k.sys
Image size: 13952
Image MD5: 90A673FC8E12A79AFBED2576F6A7AAF9
Start: 0
Type: 1
Error Control: 1

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Image path: system32\DRIVERS\cd20xrnt.sys
Image size: 7680
Image MD5: F3EC03299634490E97BBCE94CD2954C7
Start: 0
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdr4_xp
Start: 1
Type: 1
Error Control: 1

Service (registry key): Cdralw2k
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 4
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmBatt
Display name: Microsoft AC Adapter Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 14080
Image MD5: 4266BE808F85826AEDF3C64C1E240203
Start: 3
Type: 1
Error Control: 1

Service (registry key): CmdIde
Image path: system32\DRIVERS\cmdide.sys
Image size: 6656
Image MD5: E5DCB56C533014ECBC556A8357C929D5
Start: 0
Type: 1
Error Control: 1

Service (registry key): Compbatt
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 9344
Image MD5: DF1B1A24BF52D0EBC01ED4ECE8979F50
Start: 0
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): core
Image path: system32\drivers\core.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cpqarray
Image path: system32\DRIVERS\cpqarray.sys
Image size: 14976
Image MD5: 3EE529119EED34CD212A215E8C40D4B6
Start: 0
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Image path: system32\DRIVERS\dac2w2k.sys
Image size: 179584
Image MD5: E550E7418984B65A78299D248F0A7F36
Start: 0
Type: 1
Error Control: 1

Service (registry key): dac960nt
Image path: system32\DRIVERS\dac960nt.sys
Image size: 14720
Image MD5: 683789CAA3864EB46125AE86FF677D34
Start: 0
Type: 1
Error Control: 1

Service (registry key): DcCam
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): dpti2o
Image path: system32\DRIVERS\dpti2o.sys
Image size: 20192
Image MD5: 40F3B93B4E5B0126F2F5C0A7A5E22660
Start: 0
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1

Service (registry key): ElbyCDIO
Display name: ElbyCDIO Driver
Image path: System32\Drivers\ElbyCDIO.sys
Image size: 15440
Image MD5: 945EF111161BAE49075107E5BC11A23F
Start: 1
Type: 1
Error Control: 1

Service (registry key): ElbyDelay
Display name: ElbyDelay
Image path: System32\Drivers\ElbyDelay.sys
Image size: 11984
Image MD5: E205C313417DA6FA7AFE85912A310A65
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 128896
Image MD5: 3D234FB6D6EE875EB009864A299BEA29
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Display name: GEARAspiWDM
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 15664
Image MD5: 4AC51459805264AFFD5F6FDFB9D9235F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HidUsb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0

Service (registry key): hpn
Image path: system32\DRIVERS\hpn.sys
Image size: 25952
Image MD5: B028377DEA0546A5FCFBA928A8AEFAE0
Start: 0
Type: 1
Error Control: 1

Service (registry key): HSFHWICH
Image path: system32\DRIVERS\HSFHWICH.sys
Image size: 207232
Image MD5: A4877A17E87D6E6AB959B36B9EF3DE8A
Start: 3
Type: 1
Error Control: 0

Service (registry key): HSF_DPV
Image path: system32\DRIVERS\HSF_DPV.sys
Image size: 1038208
Image MD5: 5A8585E84425E823D6CF22515CABF5D0
Start: 3
Type: 1
Error Control: 0

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262784
Image MD5: CB77BB47E67E84DEB17BA29632501730
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Image path: system32\DRIVERS\i2omp.sys
Image size: 18560
Image MD5: ED6BF9E441FDEA13292A6D30A64A24C3
Start: 0
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1

Service (registry key): ialm
Image path: system32\DRIVERS\ialmnt5.sys
Image size: 708989
Image MD5: 7B46903F26A729E68DD73FF7955DFC83
Start: 3
Type: 1
Error Control: 0

Service (registry key): IDriverT
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Start: 3
Type: 16
Error Control: 0

Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Image path: system32\DRIVERS\ini910u.sys
Image size: 16000
Image MD5: 4A40E045FAEE58631FD8D91AFC620719
Start: 0
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Image path: system32\DRIVERS\intelide.sys
Image size: 5504
Image MD5: 2D722B2B54AB55B2FA475EB58D7B2AAD
Start: 0
Type: 1
Error Control: 1

Service (registry key): intelppm
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 36096
Image MD5: 279FB78702454DFF2BB445F238C048D2
Start: 1
Type: 1
Error Control: 1

Service (registry key): Ip6Fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\DRIVERS\Ip6Fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: E2168CBC7098FFE963C6F23F472A3593
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iPod Service
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 492608
Image MD5: 688B773BA6074D5E9695EF1886FDCD3E
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): ITMRTSVC
Display name: CA Pest Patrol Realtime Protection Service
Description: Service component for CA Pest Patrol Realtime Protection
Object name: LocalSystem
Image path: "C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe"
Image size: 280080
Image MD5: D3AC7881F875CC6EA7AC54F724DE76CE
Start: 2
Type: 16
Error Control: 1

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 172416
Image MD5: BA5DEDA4D934E6288C2F66CAF58D2562
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): mdmxsdk
Image path: system32\DRIVERS\mdmxsdk.sys
Image size: 13059
Image MD5: 3C318B9CD391371BED62126581EE9961
Start: 2
Type: 1
Error Control: 0

Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): MPFIREWL
Display name: MPFIREWL
Image path: System32\Drivers\MpFirewall.sys
Image size: 80640
Image MD5: ED815D20113E80B15568EDD6F8BF47CB
Start: 1
Type: 1
Error Control: 1
Depends On services: TcpIp

Service (registry key): MpfService
Display name: McAfee Personal Firewall Service
Object name: LocalSystem
Image path: "C:\Program Files\mcafee.com\personal firewall\MPFService.exe"
Image size: 548864
Image MD5: 54762D5377D42E53BBFF823E631D1533
Start: 2
Type: 16
Error Control: 1

Service (registry key): mraid35x
Image path: system32\DRIVERS\mraid35x.sys
Image size: 17280
Image MD5: 3F4BB95E5A44F3BE34824E8E7CAF0737
Start: 0
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 453120
Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1

Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): mxnic
Display name: Macronix MX987xx Family Fast Ethernet NT Driver
Image path: system32\DRIVERS\mxnic.sys
Image size: 19968
Image MD5: E1CDF20697D992CF83FF86DD04DF1285
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip,MPFIREWL

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): NIC1394
Display name: 1394 Net Driver
Image path: system32\DRIVERS\nic1394.sys
Image size: 61824
Image MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): nv
Image path: system32\DRIVERS\nv4_mini.sys
Image size: 1897408
Image MD5: 2B298519EDBFCF451D43E0F1E8F1006D
Start: 3
Type: 1
Error Control: 0

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): ohci1394
Display name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Image path: system32\DRIVERS\ohci1394.sys
Image size: 61056
Image MD5: 0951DB8E5823EA366B0E408D71E1BA2A
Start: 0
Type: 1
Error Control: 1

Service (registry key): ose
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 89136
Image MD5: 7A56CF3E3F12E8AF599963B16F50FB6A
Start: 3
Type: 16
Error Control: 1

Service (registry key): Outlook
Start: 0
Type: 0
Error Control: 0

Service (registry key): P3
Display name: Intel PentiumIII Processor Driver
Image path: system32\DRIVERS\p3.sys
Image size: 42496
Image MD5: 3E16EFF2A6FED2D8D7F5A66DFE65D183
Start: 1
Type: 1
Error Control: 1

Service (registry key): Parport
Display name: Parallel port driver
Image path: system32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 29744EB4CE659DFE3B4122DEB45BC478
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 4
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Image path: system32\DRIVERS\pcmcia.sys
Image size: 119936
Image MD5: 82A087207DECEC8456FBE8537947D579
Start: 0
Type: 1
Error Control: 1

Service (registry key): pcouffin
Display name: VSO Software pcouffin
Image path: System32\Drivers\pcouffin.sys
Image size: 47360
Image MD5: 02AAAFB7BA137CE5DDABCDF8090954D9
Start: 3
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Image path: system32\DRIVERS\perc2.sys
Image size: 27296
Image MD5: 6C14B9C19BA84F73D3A86DBA11133101
Start: 0
Type: 1
Error Control: 1

Service (registry key): perc2hib
Image path: system32\DRIVERS\perc2hib.sys
Image size: 5504
Image MD5: F50F7C27F131AFE7BEBA13E14A3B9416
Start: 0
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1

Service (registry key): PrismXL
Display name: PrismXL
Object name: LocalSystem
Image path: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Image size: 172032
Image MD5: 33D7285F12D934268A34206DFC4AD1B3
Start: 2
Type: 272
Error Control: 0

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 46080
Image MD5: 0C8DA0A8B0D227319C285E0EAE65DEFD
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql1080
Image path: system32\DRIVERS\ql1080.sys
Image size: 40320
Image MD5: 0A63FB54039EB5662433CABA3B26DBA7
Start: 0
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Image path: system32\DRIVERS\ql10wnt.sys
Image size: 33152
Image MD5: 6503449E1D43A0FF0201AD5CB1B8C706
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql12160
Image path: system32\DRIVERS\ql12160.sys
Image size: 45312
Image MD5: 156ED0EF20C15114CA097A34A30D8A01
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql1240
Image path: system32\DRIVERS\ql1240.sys
Image size: 40448
Image MD5: 70F016BEBDE6D29E864C1230A07CC5E6
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql1280
Image path: system32\DRIVERS\ql1280.sys
Image size: 49024
Image MD5: 907F0AEEA6BC451011611E732BD31FCF
Start: 0
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

#10 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 12:39 PM

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): sdbus
Image path: system32\DRIVERS\sdbus.sys
Image size: 67584
Image MD5: 02FC71B020EC8700EE8A46C58BC6F276
Start: 3
Type: 1
Error Control: 1

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 27440
Image MD5: D26E26EA516450AF9D072635C60387F4
Start: 3
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15488
Image MD5: A2D868AEEFF612E70E213C451A70CAFB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 64896
Image MD5: CD9404D115A00D249F70A371B46D5A26
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt

Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): sisagp
Display name: SIS AGP Bus Filter
Image path: system32\DRIVERS\sisagp.sys
Image size: 41088
Image MD5: 732D859B286DA692119F286B21A2A114
Start: 0
Type: 1
Error Control: 1

Service (registry key): Sparrow
Image path: system32\DRIVERS\sparrow.sys
Image size: 19072
Image MD5: 83C0F71F86D3BDAF915685F3D568B20E
Start: 0
Type: 1
Error Control: 1

Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 0CE218578FFF5F4F7E4201539C45C78F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): sr
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Start: 0
Type: 2
Error Control: 1

Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 332928
Image MD5: EA554A3FFC3F536FE8320EB38F5E4843
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): SSI
Display name: SSI
Image path: system32\Drivers\SSI.SYS
Image size: 78336
Image MD5: 30FEE379FCE1A40CDBDE9343E7A583CA
Start: 0
Type: 1
Error Control: 1

Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): svcWRSSSDK
Display name: Webroot Spy Sweeper Engine
Description: Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function.
Object name: LocalSystem
Image path: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Image size: 2151936
Image MD5: 5718D799E0F4B1B53936E8239D30928A
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): swenum
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{63C33B1B-E9A2-4399-8C21-F59FA31488FA}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): symc810
Image path: system32\DRIVERS\symc810.sys
Image size: 16256
Image MD5: 1FF3217614018630D0A6758630FC698C
Start: 0
Type: 1
Error Control: 1

Service (registry key): symc8xx
Image path: system32\DRIVERS\symc8xx.sys
Image size: 32640
Image MD5: 070E001D95CF725186EF8B20335F933C
Start: 0
Type: 1
Error Control: 1

Service (registry key): sym_hi
Image path: system32\DRIVERS\sym_hi.sys
Image size: 28384
Image MD5: 80AC1C4ABBE2DF3B738BF15517A51F2C
Start: 0
Type: 1
Error Control: 1

Service (registry key): sym_u3
Image path: system32\DRIVERS\sym_u3.sys
Image size: 30688
Image MD5: BF4FAB949A382A8E105F46EBB4937058
Start: 0
Type: 1
Error Control: 1

Service (registry key): SynTP
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 185824
Image MD5: EB363DDFBE8B6D51003CCAB29D93D744
Start: 3
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 359808
Image MD5: 1DBF125862891817F374F407626967F4
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): tifm21
Image path: system32\drivers\tifm21.sys
Image size: 159488
Image MD5: A900F20AC0ED38223FBB87D2884CAFB9
Start: 3
Type: 1
Error Control: 1

Service (registry key): Tmfilter
Display name: Tmfilter
Image path: system32\drivers\TmXPFlt.sys
Image size: 183808
Image MD5: 7B6A9637905FAB070292D5A6AD5CF3AF
Start: 2
Type: 1
Error Control: 1
Depends On services: Vsapint,Tmpreflt

Service (registry key): Tmntsrv
Display name: Trend NT Realtime Service
Description: Enables scanning in real time.
Object name: LocalSystem
Image path: "C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe"
Start: 2
Type: 272
Error Control: 1

Service (registry key): Tmpreflt
Display name: Tmpreflt
Image path: system32\drivers\Tmpreflt.sys
Image size: 25088
Image MD5: CCD8B28C039302C367266BC3F641BC92
Start: 2
Type: 1
Error Control: 1

Service (registry key): tmproxy
Display name: Trend Micro Proxy Service
Description: Manages the Trend Micro tmtdi module.
Object name: LocalSystem
Image path: C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
Start: 2
Type: 272
Error Control: 1
Depends On services: tmtdi

Service (registry key): tmtdi
Display name: Trend Micro TDI Driver
Image path: \SystemRoot\System32\Drivers\tmtdi.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): TosIde
Image path: system32\DRIVERS\toside.sys
Image size: 4992
Image MD5: F2790F6AF01321B172AA62F8E1E187D9
Start: 0
Type: 1
Error Control: 1

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Image path: system32\DRIVERS\ultra.sys
Image size: 36736
Image MD5: 1B698A51CD528D8DA4FFAED66DFC51B9
Start: 0
Type: 1
Error Control: 1

Service (registry key): UMWdf
Display name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Object name: NT AUTHORITY\LocalService
Image path: C:\WINDOWS\system32\wdfmgr.exe
Image size: 38912
Image MD5: C81B8635DEE0D3EF5F64B3DD643023A5
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): Update
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 209408
Image MD5: AFF2E5045961BBC0A602BB6F95EB1345
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbccgp
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 31616
Image MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 26624
Image MD5: 15E993BA2F6946B2BFBBFCD30398621E
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 25856
Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 15104
Image MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 20480
Image MD5: F8FD1400092E23C8F2F31406EF06167B
Start: 3
Type: 1
Error Control: 1

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): viaagp
Display name: VIA AGP Bus Filter
Image path: system32\DRIVERS\viaagp.sys
Image size: 42240
Image MD5: D92E7C8A30CFD14D8E15B5F7F032151B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ViaIde
Image path: system32\DRIVERS\viaide.sys
Image size: 5376
Image MD5: 59CB1338AD3654417BEA49636457F65D
Start: 0
Type: 1
Error Control: 1

Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1

Service (registry key): Vsapint
Display name: Vsapint
Image path: system32\drivers\Vsapint.sys
Image size: 962672
Image MD5: 059F25954C02F134FE94E135F6B99910
Start: 2
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): wanatw
Display name: WAN Miniport (ATW)
Image path: system32\DRIVERS\wanatw4.sys
Image size: 33588
Image MD5: 0A716C08CB13C3A8F4F51E882DBF7416
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: EFD235CA22B57C81118C1AEB4798F1C1
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winachsf
Image path: system32\DRIVERS\HSF_CNXT.sys
Image size: 703232
Image MD5: 473EE64C368CE2EED110376C11960259
Start: 3
Type: 1
Error Control: 0

Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WS2IFSL
Start: 1
Type: 0
Error Control: 0

Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): {3497D4E6-36C6-4D1B-9586-D28D4AD48620}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {50EDBD88-DC17-491D-881B-8F9B812D4BB3}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {95E6656C-FD06-489D-8145-A77D109A263D}
Start: 0
Type: 0
Error Control: 0



THAT'S THE WHOLE LOG

#11 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 12:53 PM

here is the ad aware log. had a little trouble finding the application data but revealed the hidden folders and voila!

hope this all can help you help me. i really appreciate all the time i'm sure this is taking you


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, June 02, 2007 6:25:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R173 29.05.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Yazzle(TAC index:7):1 total references
MRU List(TAC index:0):2 total references
PurityScan(TAC index:6):2 total references
Softomate Toolbar(TAC index:9):98 total references
Targetsaver(TAC index:8):1 total references
Tracking Cookie(TAC index:3):2 total references
WebHancer(TAC index:9):1 total references
Win32.Trojan.Agent(TAC index:10):1 total references
Win32.Trojan.Downloader(TAC index:10):1 total references
Win32.TrojanDownloader.Agent(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-2-2007 6:25:44 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 432
ThreadCreationTime : 6-2-2007 9:54:44 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 6-2-2007 9:54:50 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 6-2-2007 9:54:51 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 6-2-2007 9:54:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 6-2-2007 9:54:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 6-2-2007 9:55:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1132
ThreadCreationTime : 6-2-2007 9:55:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1184
ThreadCreationTime : 6-2-2007 9:55:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1252
ThreadCreationTime : 6-2-2007 9:55:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1360
ThreadCreationTime : 6-2-2007 9:55:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1644
ThreadCreationTime : 6-2-2007 9:55:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1740
ThreadCreationTime : 6-2-2007 9:55:20 PM
BasePriority : Normal


#:13 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1772
ThreadCreationTime : 6-2-2007 9:55:21 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:14 [itmrtsvc.exe]
FilePath : C:\Program Files\CA\PPRT\bin\
ProcessID : 1940
ThreadCreationTime : 6-2-2007 9:55:32 PM
BasePriority : Normal
FileVersion : 1.1.0.24
ProductVersion : 1.1.0.24
ProductName : eTrust PestPatrol Realtime Protection
CompanyName : CA, Inc.
FileDescription : eTrust PestPatrol Real-time service
InternalName : ITMRTSVC.exe
LegalCopyright : Copyright © 2006 CA, Inc. All rights reserved.
OriginalFilename : ITMRTSVC.exe

#:15 [mpfservice.exe]
FilePath : C:\Program Files\mcafee.com\personal firewall\
ProcessID : 124
ThreadCreationTime : 6-2-2007 9:55:34 PM
BasePriority : Normal
FileVersion : 7.0.0.158
ProductVersion : 7.0.0.158
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:16 [prismxl.sys]
FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
ProcessID : 140
ThreadCreationTime : 6-2-2007 9:55:36 PM
BasePriority : Normal
FileVersion : 6.0.1.22
ProductVersion : 6.0.1.22
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : © 1997-2004 New Boundary Technologies
OriginalFilename : PrismXL.sys

#:17 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 188
ThreadCreationTime : 6-2-2007 9:55:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [wrsssdk.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 224
ThreadCreationTime : 6-2-2007 9:55:36 PM
BasePriority : Normal
FileVersion : 2,0,7,456
ProductVersion : 2, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper SDK
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1296
ThreadCreationTime : 6-2-2007 9:55:54 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1344
ThreadCreationTime : 6-2-2007 9:55:55 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 388
ThreadCreationTime : 6-2-2007 9:56:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1628
ThreadCreationTime : 6-2-2007 9:56:49 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:23 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1808
ThreadCreationTime : 6-2-2007 9:58:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:24 [tmoagent.exe]
FilePath : C:\Program Files\Trend Micro\Antivirus\
ProcessID : 1240
ThreadCreationTime : 6-2-2007 10:23:02 PM
BasePriority : Normal
FileVersion : 11.25.0.2004
ProductVersion : 11.25.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : TMOAgent.EXE

#:25 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 2336
ThreadCreationTime : 6-2-2007 10:23:10 PM
BasePriority : Normal
FileVersion : 4,5,7,656
ProductVersion : 4, 5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Client Executable
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
OriginalFilename : SpySweeper.exe

#:26 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2200
ThreadCreationTime : 6-2-2007 10:23:11 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:27 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2396
ThreadCreationTime : 6-2-2007 10:23:12 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:28 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2436
ThreadCreationTime : 6-2-2007 10:23:14 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2504
ThreadCreationTime : 6-2-2007 10:23:18 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:30 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2600
ThreadCreationTime : 6-2-2007 10:23:19 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:31 [winrar.exe]
FilePath : C:\Program Files\WinRAR\
ProcessID : 2684
ThreadCreationTime : 6-2-2007 10:23:20 PM
BasePriority : Normal


#:32 [mpftray.exe]
FilePath : C:\Program Files\mcafee.com\personal firewall\
ProcessID : 2884
ThreadCreationTime : 6-2-2007 10:23:27 PM
BasePriority : Normal
FileVersion : 7.0.0.158
ProductVersion : 7.0.0.158
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:33 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 3216
ThreadCreationTime : 6-2-2007 10:23:44 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:34 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_01\bin\
ProcessID : 3580
ThreadCreationTime : 6-2-2007 10:24:01 PM
BasePriority : Normal


#:35 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3780
ThreadCreationTime : 6-2-2007 10:24:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:36 [waol.exe]
FilePath : C:\PROGRA~1\AMERIC~1.0B\
ProcessID : 1856
ThreadCreationTime : 6-2-2007 10:24:53 PM
BasePriority : Idle


#:37 [kodak software updater.exe]
FilePath : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\
ProcessID : 572
ThreadCreationTime : 6-2-2007 10:25:04 PM
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Softomate Toolbar Object Recognized!
Type : File
Data : A0140649.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



PurityScan Object Recognized!
Type : File
Data : A0140650.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



WebHancer Object Recognized!
Type : File
Data : A0140651.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Targetsaver Object Recognized!
Type : File
Data : A0140652.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Adware.Yazzle Object Recognized!
Type : File
Data : A0140653.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140654.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140655.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140656.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140657.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140658.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140659.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140660.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140661.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140662.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140663.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140664.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140665.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140666.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140667.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140668.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140669.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140670.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140671.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140672.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140673.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140674.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140675.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140676.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140677.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140678.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140679.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140680.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140681.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140682.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140683.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140684.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140685.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140686.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140687.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140688.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140689.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140690.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140691.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140692.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140693.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140694.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140695.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140696.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140697.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140698.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140699.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140700.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140701.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140702.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140703.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140704.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140705.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140706.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140707.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140708.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140709.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140710.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140711.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140712.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140713.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140714.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140715.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140716.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140717.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140718.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140719.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140720.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140721.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140722.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140723.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140724.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140725.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140726.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140727.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140728.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140729.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140730.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140731.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140732.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140733.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140734.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140735.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140736.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140737.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140738.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140739.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140740.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140741.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140742.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140743.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140744.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140745.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140746.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140747.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140748.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140749.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Softomate Toolbar Object Recognized!
Type : File
Data : A0140750.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0140751.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Win32.TrojanDownloader.Agent Object Recognized!
Type : File
Data : A0140752.exe
TAC Rating : 10
Category : Virus
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Win32.Trojan.Agent Object Recognized!
Type : File
Data : A0140753.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



PurityScan Object Recognized!
Type : File
Data : A0140754.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP296\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 110


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 110


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
684 entries scanned.
New critical objects:0
Objects found so far: 110




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 110

7:00:58 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:35:13.699
Objects scanned:167045
Objects identified:108
Objects ignored:0
New critical objects:108

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:05 AM

Posted 04 June 2007 - 12:57 PM

Did you see my previous post about running ComboFix?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 01:01 PM

sorry must have missed that i'm going to do that now and will post as soon as it is finished.

#14 drozee78

drozee78
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2007 - 01:23 PM

here's the combo fix log
"Owner" - 2007-06-04 13:59:32 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Owner\Desktop\"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.log
C:\Program Files\Common Files\{289C0~1
C:\Program Files\Common Files\{289C0~2
C:\Program Files\Common Files\{289C0~3
C:\Program Files\Common Files\{289C0~4
C:\Program Files\Common Files\{389C0~1
C:\Program Files\Common Files\{389C0~1\toolbardll.lzma
C:\Program Files\Common Files\{389C0~1\UnInstall.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Temp\tn3
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\unsvchosts.lzma


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))


2007-06-04 14:04 <DIR> d-------- C:\TEMP\tn3
2007-06-04 11:14 2,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-04 11:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-04 11:13 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-04 11:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-03 05:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
2007-06-02 19:18 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-06-02 19:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Bitdefender
2007-06-02 19:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-06-02 18:27 <DIR> d-------- C:\Program Files\Viewpoint
2007-06-02 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-02 13:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-02 13:01 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-02 12:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-02 11:42 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
2007-06-02 11:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-25 10:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-05-25 10:06 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SlySoft
2007-05-25 10:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-05-25 09:59 <DIR> d-------- C:\Program Files\SlySoft
2007-05-25 09:47 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-05-25 08:56 81,920 --a------ C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-05-25 08:56 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-25 08:56 47,360 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-05-25 08:56 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-05-25 08:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-05-25 08:55 <DIR> d-------- C:\Program Files\CloneDVD
2007-05-25 08:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVDXStudio
2007-05-25 07:35 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-05-25 07:34 161,792 --a------ C:\WINDOWS\system32\CNMLM7W.DLL
2007-05-25 07:34 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-05-25 07:34 <DIR> d--h----- C:\Program Files\CanonBJ
2007-05-25 07:13 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-25 07:05 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-21 14:57 96,328 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-05-19 16:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-02 16:13:20 -------- d-----w C:\Program Files\Common Files\rmoq
2007-05-29 16:33:16 -------- d-----w C:\Program Files\Big Kahuna Reef
2007-05-11 05:05:03 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-05 00:28:44 -------- d-----w C:\Program Files\Jewel Quest
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-13 17:30:43 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-04-13 17:30:39 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" []
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" []
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 18:50]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-11-16 15:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"MPFEXE"="C:\Program Files\mcafee.com\personal firewall\MPFTray.exe" [2006-03-07 16:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [2005-07-25 23:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
backup=C:\WINDOWS\pss\palstart.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1127427244\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-02-06 20:21:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2005-11-25 09:02:02 C:\WINDOWS\tasks\ISP signup reminder 1.job
2005-11-25 09:02:03 C:\WINDOWS\tasks\ISP signup reminder 2.job
2005-11-25 09:02:04 C:\WINDOWS\tasks\ISP signup reminder 3.job
2007-06-04 18:09:03 C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-65CA6579F2-Owner).job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 14:09:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-04 14:14:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-04 14:12

--- E O F ---

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:05 AM

Posted 04 June 2007 - 01:40 PM

Hi drozee78,

Now run Spybot, and post the Spybot log. Good news is that you dont need to post the entire Spybot log, only post the top part begining with this:

--- Search result list ---
Smitfraud-C.CoreService: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

Smitfraud-C.CoreService: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core

Smitfraud-C.CoreService: Data (File, fixing failed)
C:\WINDOWS\system32\drivers\core.cache.dsk

Smitfraud-C.CoreService: System file (File, fixing failed)
C:\WINDOWS\system32\drivers\core.sys


I just need to see what it fixed (or didnt fix) and the locations.

More good news: You dont need to post the Adware SE log.
Everything Adaware SE found was in the System Restore folder and has been removed by your antimalware programs, so that is not a problem.
All removed malware is automaticly backed up in the System Restore folder.
We will be empying the System Restore folder later. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users