Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92232 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HJT Logfile


  • Please log in to reply
15 replies to this topic

#1 cgreger

cgreger

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 12 November 2005 - 05:03 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:18:23 PM, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\Program Files\SpyCatcher\DeleteSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\S3apphk.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\GhostSurf\GhostSurf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [aryx] C:\WINDOWS\aryx.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher\SpyCatcher.exe" reminder
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Owner\Desktop\HijackThis.exe /startupscan
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: GhostSurf.lnk = C:\Program Files\GhostSurf\GhostSurf.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...od/install.html
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\SpyCatcher\DeleteSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove


#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 November 2005 - 05:15 PM

Start Spybot at the top you will see mode make sure advanced mode is check.
Then on the left click tools > view report > place a check mark in the boxes shown.
In the body of the text right click > select all > and copy the report to your next post.

Posted Image

#3 cgreger

cgreger

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 12 November 2005 - 06:18 PM

Does this look like the right spybot report? Thanks for your help, btw. --- Report generated: 2005-11-12 16:15 --- --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-11-12 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2005-11-11 Includes\Cookies.sbi (*) 2005-11-11 Includes\Dialer.sbi (*) 2005-11-11 Includes\Hijackers.sbi (*) 2005-11-11 Includes\Keyloggers.sbi (*) 2004-04-21 Includes\LSP.sbi (*) 2005-11-11 Includes\Malware.sbi (*) 2005-11-11 Includes\PUPS.sbi (*) 2005-11-11 Includes\Revision.sbi (*) 2005-11-11 Includes\Security.sbi (*) 2005-11-11 Includes\Spybots.sbi (*) 2005-02-17 Includes\Tracks.uti 2005-11-11 Includes\Trojans.sbi (*)

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 November 2005 - 06:30 PM

After placing the check marks in the boxes. Click viewreport a log should be made right click in the body of the report >chose select all right click againg and chose copy the paste the report in this thread.

#5 cgreger

cgreger

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 12 November 2005 - 06:48 PM

--- Search result list ---
Winfixer: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


ValueClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Winfixer: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Winfixer: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


BFast: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Mozilla: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


ValueClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


WebTrends live: Tracking cookie (Mozilla: default) (Cookie, nothing done)


User abort!: Scan was not completed successfully. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-12 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-11 Includes\Cookies.sbi (*)
2005-11-11 Includes\Dialer.sbi (*)
2005-11-11 Includes\Hijackers.sbi (*)
2005-11-11 Includes\Keyloggers.sbi (*)
2004-04-21 Includes\LSP.sbi (*)
2005-11-11 Includes\Malware.sbi (*)
2005-11-11 Includes\PUPS.sbi (*)
2005-11-11 Includes\Revision.sbi (*)
2005-11-11 Includes\Security.sbi (*)
2005-11-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-11-11 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600)
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ MSXML4: Patch Available For XMLHTTP Vulnerability
/ Windows XP / SP1 / Q308387: Windows XP Hotfix (SP1) [See Q308387 for more information]
/ Windows XP / SP1 / Q308676: Windows XP Hotfix (SP1) [See Q308676 for more information]
/ Windows XP / SP1 / Q308677: Windows XP Hotfix (SP1) [See Q308677 for more information]
/ Windows XP / SP1 / Q309521: Windows XP Hotfix (SP1) [See Q309521 for more information]
/ Windows XP / SP1 / Q309691: Windows XP Hotfix (SP1) [See Q309691 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311842 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q312370 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810833
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]


--- Startup entries list ---
Located: HK_LM:Run, aryx
command: C:\WINDOWS\aryx.exe
file:

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 102455
MD5: 946bab1251f68c29d60162ad45121862

Located: HK_LM:Run, GhostSurfDelSatellite
command: "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
file: C:\Program Files\SpyCatcher\DeleteSatellite.exe
size: 61440
MD5: 27c474a23eab8513450c5331d46088c1

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 106496
MD5: 74179d8e919a5c009870328d6cafb19d

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
size: 188416
MD5: 2d9ce5dde52ceea539e0dd20735a0797

Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06a1ecb63df139ec639e084d4ab3c9d7

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 79a48b7837966db63911f8886e8b6aec

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, PreloadApp
command: c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
file: c:\hp\drivers\printers\photosmart\hphprld.exe
size: 36864
MD5: 18575be35bb3312614c035352496f841

Located: HK_LM:Run, PS2
command: C:\WINDOWS\system32\ps2.exe
file: C:\WINDOWS\system32\ps2.exe
size: 81920
MD5: e932857433c9cc5792e04ebfb96b2fff

Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file:

Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 212992
MD5: d892b4e7dec77e7087bcab3e6d673f4c

Located: HK_LM:Run, RegistryMechanic
command:
file:

Located: HK_LM:Run, S3apphk
command: S3apphk.exe
file: C:\WINDOWS\system32\S3apphk.exe
size: 28672
MD5: a75d413a3140203493d57c3273d56328

Located: HK_LM:Run, SpyCatcher Reminder
command: "C:\Program Files\SpyCatcher\SpyCatcher.exe" reminder
file: C:\Program Files\SpyCatcher\SpyCatcher.exe
size: 73845
MD5: da7edf8e483bf08feb7ce558f1679e5f

Located: HK_LM:Run, SSC_UserPrompt
command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: b96c81be7b8d11710496787e5859d768

Located: HK_LM:RunOnce, GhostSurfDelSatellite
command: "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
file: C:\Program Files\SpyCatcher\DeleteSatellite.exe
size: 61440
MD5: 27c474a23eab8513450c5331d46088c1

Located: HK_CU:Run, HijackThis startup scan
command: C:\Documents and Settings\Owner\Desktop\HijackThis.exe /startupscan
file:

Located: HK_CU:Run, Microsoft Works Update Detection
command: c:\Program Files\Microsoft Works\WkDetect.exe
file:

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1077277
MD5: 10a98fa310d1b6664f999378efd031ba

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), America Online 7.0 Tray Icon.lnk
command: C:\Program Files\America Online 7.0\aoltray.exe
file: C:\Program Files\America Online 7.0\aoltray.exe
size: 32839
MD5: 383f838bcc2b44152b5e2f5046d3108a

Located: Startup (common), APC UPS Status.lnk
command: C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
file: C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
size: 200833
MD5: 9b0fda0e7a7d7bff9ae8c4f1d74facb5

Located: Startup (common), EPSON Status Monitor 3 Environment Check 2.lnk
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
size: 127488
MD5: 480a4c03fef58af24d840851edd186f9

Located: Startup (common), Event Reminder.lnk
command: C:\Program Files\PrintMaster 16\pmremind.exe
file: C:\Program Files\PrintMaster 16\pmremind.exe
size: 339968
MD5: 69b1233e1bd8037bb0f1f1b99f78e21f

Located: Startup (common), GhostSurf.lnk
command: C:\Program Files\GhostSurf\GhostSurf.exe
file: C:\Program Files\GhostSurf\GhostSurf.exe
size: 86133
MD5: 5c5e4fc531f25aa89b66d8de7789e777

Located: Startup (common), hp center UI.lnk
command: C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
file: C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
size: 69632
MD5: 3dd1068f1db0bee2f9e27da69b1b43aa

Located: Startup (common), hp psc 1000 series.lnk
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
size: 147456
MD5: 5b5ba04f26e46adc57d6e1c8b138ec9d

Located: Startup (common), hpoddt01.exe.lnk
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 40960
MD5: 7d750887e39563620bc5f057295a501d

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: f2020569df0e5cdf0ccedb3406d15cb3

Located: Startup (user), Camio Viewer.lnk
command: C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
file: C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
size: 103424
MD5: 571a649c39236d0c7a6a2a1397977c80

Located: Startup (user), HotSync Manager.lnk
command: C:\Palm\HOTSYNC.EXE
file: C:\Palm\HOTSYNC.EXE
size: 299008
MD5: 7fb566c5816d8959c9f3ab918c00cd1f

Located: Startup (user), Scheduler.lnk
command: C:\Program Files\SpyCatcher\Scheduler daemon.exe
file: C:\Program Files\SpyCatcher\Scheduler daemon.exe
size: 86133
MD5: 6718f3c43fbd39d351a855341f8e096e

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, GoToMyPC
command: G2WinLogon.dll
file: G2WinLogon.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
BHO name:
CLSID name: SpywareBlock Class
Path: C:\Program Files\SpyCatcher\
Long name: SCActiveBlock.dll
Short name: SCACTI~1.DLL
Date (created): 1/2/2005 9:25:50 PM
Date (last access): 11/12/2005 4:00:58 PM
Date (last write): 1/2/2005 9:25:50 PM
Filesize: 124624
Attributes: archive
MD5: 33FE80D265536694D11464CEE35BAB68
CRC32: 83D3886F
Version: 1.0.0.1

{B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
BHO name:
CLSID name: PCTools Browser Monitor
Path: C:\PROGRA~1\SPYWAR~1\tools\
Long name: iesdpb.dll
Short name:
Date (created): 11/12/2005 3:10:48 PM
Date (last access): 11/12/2005 4:16:20 PM
Date (last write): 10/4/2005 10:43:08 AM
Filesize: 682296
Attributes: archive
MD5: B4D37DD94ED534852E7186DF06F245F7
CRC32: FB4D051F
Version: 3.0.0.265

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft...ney/default.asp
info source: TonyKlein
Path: c:\Program Files\Microsoft Money\System\
Long name: mnyviewer.dll
Short name: MNYVIE~1.DLL
Date (created): 7/25/2001 4:00:00 PM
Date (last access): 11/12/2005 4:01:34 PM
Date (last write): 7/25/2001 4:00:00 PM
Filesize: 143420
Attributes: archive
MD5: 25303746C4B0562D0C152DD414759C62
CRC32: 9CB9C6CC
Version: 10.0.0.809



--- ActiveX list ---
{03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class)
DPF name:
CLSID name: MetaStreamCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\MetaStream3.inf
Codebase: https://components.v...od/install.html
description:
classification: Open for discussion
known filename: AxMetaStream.dll
info link:
info source: Safer Networking Ltd.

{56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class)
DPF name:
CLSID name: RdxIE Class
Installer:
Codebase: http://software-dl.r...ip/RdxIE601.cab
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:
Path: C:\WINDOWS\Downloaded Program Files\
Long name: RdxIE.dll
Short name:
Date (created): 6/3/2004 9:04:04 AM
Date (last access): 11/12/2005 4:00:28 PM
Date (last write): 6/3/2004 9:04:04 AM
Filesize: 520349
Attributes: archive
MD5: 2DBB57FDB7D3BFF88B21924187B3EE02
CRC32: B04A8C78
Version: 6.0.0.11

{90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control)
DPF name:
CLSID name: Snapfish File Upload ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\SnapfishUpload1407.inf
Codebase: http://www.costcopho...ostcoUpload.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SnapfishUpload1407.ocx
Short name: SNAPFI~1.OCX
Date (created): 4/1/2005 3:46:06 PM
Date (last access): 11/6/2005 10:23:02 PM
Date (last write): 4/1/2005 3:46:06 PM
Filesize: 372736
Attributes: archive
MD5: 5B8D77ACB3D14EC96752D2A9592F91FF
CRC32: CBC6B97F
Version: 1.4.0.7

{9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control)
DPF name:
CLSID name: cpbrkpie Control
Installer: C:\WINDOWS\Downloaded Program Files\cpbrkpie.inf
Codebase: http://a19.g.akamai....02/cpbrkpie.cab
description:
classification: Open for discussion
known filename: cpbrkpie.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: cpbrkpie.ocx
Short name:
Date (created): 6/1/2005 10:25:56 AM
Date (last access): 11/12/2005 4:03:20 PM
Date (last write): 6/1/2005 10:25:56 AM
Filesize: 148584
Attributes: archive
MD5: 43A52F9D6736596331F93BF4C275A752
CRC32: 30CF1A6A
Version: 3.3.0.2



--- Process list ---
PID: 0 ( 0) [System]
PID: 452 ( 4) \SystemRoot\System32\smss.exe
PID: 600 ( 452) \??\C:\WINDOWS\system32\csrss.exe
PID: 628 ( 452) \??\C:\WINDOWS\system32\winlogon.exe
PID: 672 ( 628) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 684 ( 628) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: 8A590EA109B5E0C7629E022F8A6B17C5
PID: 888 ( 672) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 960 ( 672) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1120 ( 672) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1148 ( 672) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1256 ( 672) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1412 ( 672) C:\Program Files\Dantz\Client\Remotsvc.exe
size: 53248
MD5: 1B7D36A5943103204DE5706612470EC6
PID: 1432 ( 672) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1448 (1412) C:\Program Files\Dantz\Client\retroclient.exe
size: 241664
MD5: 897E29920C35848B2D345F2878BEB70D
PID: 1456 ( 672) C:\Program Files\SpyCatcher\DeleteSvc.exe
size: 126976
MD5: 7F1832115C44D44F7226929F055A36AA
PID: 1500 ( 672) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: EB9A99AB5D17B1727034FF191E6448D7
PID: 228 ( 208) C:\WINDOWS\Explorer.EXE
size: 1000960
MD5: 5A26FC6010886D25B3E412493DD95ED8
PID: 1040 ( 960) C:\WINDOWS\System32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 1968 ( 228) C:\WINDOWS\System32\S3apphk.exe
size: 28672
MD5: A75D413A3140203493D57C3273D56328
PID: 1300 ( 228) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
PID: 952 ( 228) C:\WINDOWS\system32\ps2.exe
size: 81920
MD5: E932857433C9CC5792E04EBFB96B2FFF
PID: 160 ( 228) C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 79A48B7837966DB63911F8886E8B6AEC
PID: 220 ( 228) C:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 236 ( 228) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
size: 188416
MD5: 2D9CE5DDE52CEEA539E0DD20735A0797
PID: 360 ( 228) C:\WINDOWS\System32\hkcmd.exe
size: 106496
MD5: 74179D8E919A5C009870328D6CAFB19D
PID: 356 ( 228) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 102455
MD5: 946BAB1251F68C29D60162AD45121862
PID: 2044 ( 228) C:\Program Files\SpyCatcher\DeleteSatellite.exe
size: 61440
MD5: 27C474A23EAB8513450C5331D46088C1
PID: 520 ( 228) C:\Program Files\America Online 7.0\aoltray.exe
size: 32839
MD5: 383F838BCC2B44152B5E2F5046D3108A
PID: 1808 ( 228) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
size: 147456
MD5: 5B5BA04F26E46ADC57D6E1C8B138EC9D
PID: 1672 ( 228) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 40960
MD5: 7D750887E39563620BC5F057295A501D
PID: 1428 ( 228) C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
size: 103424
MD5: 571A649C39236D0C7A6A2A1397977C80
PID: 2052 ( 228) C:\Palm\HOTSYNC.EXE
size: 299008
MD5: 7FB566C5816D8959C9F3AB918C00CD1F
PID: 2072 ( 228) C:\Program Files\SpyCatcher\Scheduler daemon.exe
size: 86133
MD5: 6718F3C43FBD39D351A855341F8E096E
PID: 2100 ( 888) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
size: 282624
MD5: A260ED56CECA7665E0526DF447C7CAC4
PID: 2332 (1476) C:\Program Files\Common Files\AOL\ACS\acsd.exe
size: 1388648
MD5: 7810FE98ADB56A4D908595926D75BC9A
PID: 496 ( 672) C:\Program Files\Spyware Doctor\sdhelp.exe
size: 700928
MD5: 1CE67C541CE77C0A23C0C5F8695103F0
PID: 944 (2412) C:\Program Files\Spyware Doctor\swdoctor.exe
size: 1695504
MD5: 79D12631200BB77849CF8F9089663723
PID: 3332 ( 228) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3296 (2592) C:\PROGRA~1\AMERIC~1.0\waol.exe
size: 233554
MD5: 0529AEB90E4216D4F7FD9A8966A629F9
PID: 2636 (3296) C:\PROGRA~1\AMERIC~1.0\shellmon.exe
size: 41050
MD5: 696E9CDFC8FB172DCFC3CF5AC3B9FFDA
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/12/2005 4:46:47 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: c:\hp\tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com...robat/main.html

Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

America Online (America Online us)
uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_us.exe

ArcSoft ShowBiz (ArcSoft ShowBiz)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Arcsoft\Showbiz\Uninst.isu"

ArcSoft Software Suite (ArcSoft Software Suite)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"

hp center (BackWeb-137903 Uninstaller)
uninstall cmd: C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(dlatray.exe)
uninstall cmd: c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

(Fontcore)

Free-Plan (Free-Plan)
uninstall cmd: C:\FREEPLAN\UNWISE.EXE C:\FREEPLAN\INSTALL.LOG

(GhostSurf_is1)
version (major): 3
version (minor): 3
install location: C:\Program Files\SpyCatcher

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Owner\Desktop\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp instant support 5.0.2.4.asst_classic.asst_install (HP Instant Support)
uninstall cmd: C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
publisher: Motive Communications, Inc.

HP Photo and Imaging 2.0 - hp psc 1200 series (HP PSC 1200 Series)
uninstall cmd: C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Inactive HP Printer Drivers (Remove only) (Inactive HP Printer Drivers (Remove only))
uninstall cmd: RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf

(InstallShield Uninstall Information)

Carleton H. Sheets Real Estate ToolKit version 7.0 7.0.0 (InstallShield_{C6A75800-03D3-4AC7-9563-A17B654F83B9})
version: 117440512
version (major): 7
estimated size: 42359
install date: 20050721
install source: E:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C6A75800-03D3-4AC7-9563-A17B654F83B9}
publisher: The Professional Education Institute
comments: The Real Estate ToolKit will check your system for required components. The Real Estate ToolKit will install the components as necessary. Based on your system configuration, you may be asked to restart your computer during the installation of individual components.
contact: Technical Support Hotline
help link: http://www.CarletonSheets.com
help telephone: 1-888-505-9443
readme: Readme.txt

Windows XP Hotfix - KB823559 20030701.220428 (KB823559)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=823559

Windows XP Hotfix - KB828741 20040305.180454 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=828741

Windows XP Hotfix - KB834707 20040929.115007 (KB834707-IE6-20040929.115007)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=834707

Windows XP Hotfix - KB835732 20040329.172537 (KB835732)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=835732

Windows XP Hotfix - KB842773 20040805.140010 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=842773

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(Microsoft NetShow Player 2.0)

Microsoft Midtown Madness 2 Trial (Midtown Madness 2.0 Trial)
uninstall cmd: "C:\Program Files\Microsoft Games\Midtown Madness 2 Trial\UNINSTAL.EXE" /runtemp /addremove

(MobileOptionPack)

(MPlayer2)

(MsJavaVM)

MUSICMATCH Jukebox (MUSICMATCH Jukebox)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll

(MyCD.exe)
uninstall cmd: c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}

MyPublisher BookMaker (MyPublisher BookMaker)
uninstall cmd: C:\WINDOWS\System32\MypubUninstaller.exe
publisher: MyPublisher, Inc.

(NetMeeting)

NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf

(OutlookExpress)

PC-Doctor for Windows (PCDoctor)
uninstall cmd: C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PS2 (PS2)
uninstall cmd: C:\WINDOWS\system32\ps2.exe uninstall

Python 1.5 combined Win32 extensions (Python 1.5 combined Win32 extensions)
uninstall cmd: C:\PROGRA~1\Python\UNWISE~1.EXE C:\PROGRA~1\Python\W32INST.LOG

Python 1.5.2 (final) (Python 1.5.2 (final))
uninstall cmd: C:\PROGRA~1\Python\UNWISE.EXE C:\PROGRA~1\Python\INSTALL.LOG

Windows XP Hotfix (SP1) [See Q308387 for more information] (Q308387)
uninstall cmd: C:\WINDOWS\$NtUninstallQ308387$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q308676 for more information] (Q308676)
uninstall cmd: C:\WINDOWS\$NtUninstallQ308676$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q308677 for more information] (Q308677)
uninstall cmd: C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q309521 for more information] (Q309521)
uninstall cmd: C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q309691 for more information] (Q309691)
uninstall cmd: C:\WINDOWS\$NtUninstallQ309691$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q311842 for more information] (Q311842)
uninstall cmd: C:\WINDOWS\$NtUninstallQ311842$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q311889 for more information] (Q311889)
uninstall cmd: C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q312370 for more information] (Q312370)
uninstall cmd: C:\WINDOWS\$NtUninstallQ312370$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q315000 for more information] (Q315000)
uninstall cmd: C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q315403 for more information] (Q315403)
uninstall cmd: C:\WINDOWS\$NtUninstallQ315403$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q329048 for more information] (Q329048)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) [See Q329115 for more information] (Q329115)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) Q329170 20030102.115458 (Q329170)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329170 at http://support.microsoft.com

Windows XP Hotfix (SP1) [See Q329390 for more information] (Q329390)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q329441 for more information] (Q329441)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
publisher: Microsoft Corporation

Windows XP Hotfix (SP1) [See Q329834 for more information] (Q329834)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) Q810577 20021118.133626 (Q810577)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810577 at http://support.microsoft.com

Windows XP Hotfix (SP1) Q810833 20021203.200852 (Q810833)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810833 at http://support.microsoft.com

Windows XP Hotfix (SP1) Q817606 20030331.103325 (Q817606)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=817606

Quicken Financial Center (Quicken Financial Center)
uninstall cmd: C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG

RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

Registry Mechanic 5.0 5.0 (Registry Mechanic_is1)
install location: C:\Program Files\Registry Mechanic\
uninstall cmd: "C:\Program Files\Registry Mechanic\unins000.exe"
publisher: PC Tools Pty. Ltd.
help link: http://www.pctools.c...chanic/support/

Select CashBack (s0hjrc7v)
uninstall cmd: C:\WINDOWS\s0hjrc7v.exe

(SchedulingAgent)

(Sevinst)

(SGTRAY.EXE)
uninstall cmd: c:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedi...player_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpyCatcher 3.52 (SpyCatcher_is1)
uninstall cmd: "C:\Program Files\SpyCatcher\unins000.exe"
publisher: Tenebril
help link: http://www.tenebril....port/index.html

Spyware Doctor 3.2 3.2 (Spyware Doctor_is1)
install location: C:\Program Files\Spyware Doctor\
uninstall cmd: "C:\Program Files\Spyware Doctor\unins000.exe"
publisher: PC Tools Research Pty. Ltd.
help link: http://www.pctools.c...doctor/support/

Tcl 8.0.5 for Windows (Tcl 8.0.5 for Windows)
uninstall cmd: C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG

Lernout & Hauspie TruVoice American English TTS Engine (tv_enua)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

WeatherBug v2.7 (WeatherBug)
uninstall cmd: C:\PROGRA~1\AWS\WEATHE~1\UNWISE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
publisher: AWS Convergence Technologies, Inc.
help link: http://www.weatherbug.com/help

Microsoft Web Publishing Wizard 1.52 (WebPost)
uninstall cmd: RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall

WildTangent Channel Manager (WildTangentDDC)
uninstall cmd: C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe

WordPerfect Office 2002 Try Before You Buy (WordPerfect Office 2002 Try Before You Buy)
uninstall cmd: C:\WINDOWS\Corel\uninst32.exe

Microsoft Works and Money 2002 Setup Launcher (Works2002Setup)
uninstall cmd: C:\Program Files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\
help link: http://support.micro...m/support/works

Microsoft Office 2000 Standard 9.00.2720 ({00020409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 122929
install date: 20050531
install source: E:\
uninstall cmd: MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

VERITAS StorageGuard 2.62.0 ({09DA4F91-2A09-4232-AB8C-6BC740096DE3})
version: 37617664
version (major): 2
version (minor): 62
estimated size: 2094
install date: 20020419
install source: c:\hp\tmp\src\
uninstall cmd: MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
publisher: VERITAS Software

Retrospect Client 6.5 ({0E3F7CA5-ED5A-4A74-B366-1CA2D49B4BC9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E3F7CA5-ED5A-4A74-B366-1CA2D49B4BC9}\setup.exe"

HP DLA 3.26 ({1206EF92-2E83-4859-ACCB-2048C3CB7DA6})
version: 52035584
version (major): 3
version (minor): 26
estimated size: 2339
install date: 20020419
install source: c:\hp\tmp\DLA\ENU\
uninstall cmd: MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
publisher: HP

Norton WMI Update 2005.1.2.20 ({1526D87C-A955-4FAB-BF18-697BA457E352})
version (major): 2005
version (minor): 1
estimated size: 2080
install date: 20050629
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.1_E\
uninstall cmd: MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
publisher: Symantec Corporation

Virtual Warfare ({17742642-7DCD-4020-9CAA-1645D178663F})
uninstall cmd: "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {17742642-7DCD-4020-9CAA-1645D178663F}

GemMaster 2 ({1E6ADBB1-4D4E-4A02-A269-75243222C467})
uninstall cmd: "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {1E6ADBB1-4D4E-4A02-A269-75243222C467}

Kublox ({20B16314-7A6A-4186-8F63-D648E234C0C6})
uninstall cmd: "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {20B16314-7A6A-4186-8F63-D648E234C0C6}

WordPerfect Office 2002 Try Before You Buy 10 ({29D88826-2AB9-11D5-8854-00902761A46D})
version: 167772160
version (major): 10
version (minor): 10
estimated size: 228700
install date: 20020419
install source: c:\hp\tmp\src\
uninstall cmd: MsiExec.exe /I{29D88826-2AB9-11D5-8854-00902761A46D}
publisher: Corel
help link: http://www.corel.com
help telephone: 555-555-1234

({33AE85D9-0386-41AD-BD99-FDF3ABC19DBB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33AE85D9-0386-41AD-BD99-FDF3ABC19DBB}\setup.exe" -l0x9 -L0x9anything

WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2524
install date: 20020419
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

MarketBrowser ({35845E72-E34A-11D4-817D-005004D0F1FA})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35845E72-E34A-11D4-817D-005004D0F1FA}\Setup.exe" -uninst

Microsoft XML Parser and SDK 4.10.9406.0 ({3E908702-AF35-4611-9518-955DA24B7E07})
version: 67773630
version (major): 4
version (minor): 10
estimated size: 4435
install date: 20050714
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
publisher: Microsoft Corporation
help link: http://www.msdn.microsoft.com/xml

Space Rocks ({419C98C4-D884-4174-B710-CBF3863767DA})
uninstall cmd: "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {419C98C4-D884-4174-B710-CBF3863767DA}

GoToMyPC ({58F4D4FD-1814-4068-B316-C28FC776C6DD})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F4D4FD-1814-4068-B316-C28FC776C6DD}\Setup.exe" -l0x9 AddRemovePrograms

PhotoStreamer ({66B0681E-2DFF-43C5-A68B-F0061AF137F9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66B0681E-2DFF-43C5-A68B-F0061AF137F9}\Setup.exe" -l0x9 Uninstall

HP Photo and Imaging 2.0 - All-in-One Drivers 1.00.0000 ({6ECB39BD-73C2-44DD-B1A0-898207C58D8B})
version: 16777216
version (major): 1
estimated size: 51265
install date: 20050615
install location: C:\Program Files\Hewlett-Packard\Digital Imaging\
install source: E:\
uninstall cmd: MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:

SabreWing 2 ({6F0DE0D5-2556-4A64-9892-07BAE121B7EC})
uninstall cmd: "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {6F0DE0D5-2556-4A64-9892-07BAE121B7EC}

PrintMaster 16 16.00.0000 ({78A974B6-F864-41AE-9F5A-0AAF7D40E884})
version: 268435456
version (major): 16
estimated size: 662592
install date: 20050523
install source: E:\Setup\
uninstall cmd: MsiExec.exe /I{78A974B6-F864-41AE-9F5A-0AAF7D40E884}
publisher: Broderbund Software
contact: Customer Support Department
help link: http://support.broderbund.com/
help telephone: 1-319-247-3325
readme: C:\Program Files\PrintMaster 16\Readme.htm

Palm VersaMail™ 2.61.1100 ({7B0ADD54-01D9-45E7-964A-B4A334F12034})
version: 37553228
version (major): 2
version (minor): 61
estimated size: 4115
install date: 20050518
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is35\
publisher: Palm, Inc.
comments: Palm VersaMail™ Setup
contact: Customer Support Department
help link: http://www.palm.com/support
help telephone: 1-847-262-7256
readme:

Sonic Foundry Super Duper Music Looper XPress 1.0.69 ({7B4BB888-B44E-4B91-BEE9-FE14B312B58C})
version: 16777285
version (major): 1
estimated size: 35752
install date: 20020419
install source: C:\Program Files\Sonic Foundry Setup\SDMLXPress\
uninstall cmd: MsiExec.exe /I{7B4BB888-B44E-4B91-BEE9-FE14B312B58C}
publisher: Sonic Foundry
help link: http://www.sonicfoundry.com/support

HP RecordNow 3.56 ({8214CC02-6271-4DC8-B8DD-779933450264})
version: 54001664
version (major): 3
version (minor): 56
estimated size: 8519
install date: 20020419
install source: c:\hp\tmp\src\
uninstall cmd: MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
publisher: HP

({854A5F01-D692-11D4-A984-009027EC0A9C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"

Intel® 845G Chipset Graphics Driver Software ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562

({945E2519-C2B9-11D3-9D56-0060B0A4823E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe"

Family Lawyer 2004 ({95C2FBF3-4462-41E3-89DC-0F784387BD53})
install location: C:\Program Files\Broderbund\Family Lawyer 2004\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95C2FBF3-4462-41E3-89DC-0F784387BD53}\setup.exe" -l0x9
publisher: Broderbund

HP Photo and Imaging 2.0 - All-in-One 1.00.0000 ({9867A917-5D17-40DE-83BA-BEA5293194B1})
version: 16777216
version (major): 1
estimated size: 544918
install date: 20050615
install location: C:\Program Files\Hewlett-Packard\Digital Imaging\
install source: E:\
uninstall cmd: MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:

Microsoft Works 6.0 06.00.0000 ({A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704})
version: 100663296
version (major): 6
install date: 20020419
uninstall cmd: MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
publisher: Microsoft Corporation
comments: Microsoft Works 6.0 installation.
help link: http://support.micro...m/support/works

Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 63195
install date: 20050912
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

PigPen ({B279B0DA-6F60-4FBD-9847-0C9AB79A3674})
uninstall cmd: "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {B279B0DA-6F60-4FBD-9847-0C9AB79A3674}

HP Memories Disc 1.0.4.805 ({B376402D-58EA-45EA-BD50-DD924EB67A70})
version: 16777220
version (major): 1
estimated size: 23752
install date: 20050615
install source: E:\setup\mm\
uninstall cmd: MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
publisher: Hewlett-Packard Company
comments: hp memories disc creator software
help link: http://www.hp.com
help telephone: (208) 323-2551

InterVideo WinDVD ({C1939820-A945-11D4-86F6-0001031E5712})
version (major): 3
version (minor): 2
install location: C:\Program Files\InterVideo\WinDVD
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
publisher: InterVideo Inc.

Carleton H. Sheets Real Estate ToolKit version 7.0 7.0.0 ({C6A75800-03D3-4AC7-9563-A17B654F83B9})
version: 117440512
version (major): 7
estimated size: 588503
install date: 20050721
install source: E:\
publisher: The Professional Education Institute
comments: The Real Estate ToolKit will check your system for required components. The Real Estate ToolKit will install the components as necessary. Based on your system configuration, you may be asked to restart your computer during the installation of individual components.
contact: Technical Support Hotline
help link: http://www.CarletonSheets.com
help telephone: 1-888-505-9443
readme: Readme.txt

hp psc 1200 series 1.00.0000 ({C900EF06-2E76-49C7-8DB0-41F629B21DC5})
version: 16777216
version (major): 1
estimated size: 6209
install date: 20050616
install source: C:\Program Files\Hewlett-Packard\Digital Imaging\product\
uninstall cmd: MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 37963
install date: 20050523
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\ISD4.tmp\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

({CD47EFC1-D692-11D4-A984-009027EC0A9C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"

Microsoft Money 2002 System Pack 10.0.80 ({CF5193F7-6B37-11D5-B7D2-00AA00A204F1})
version: 167772240
version (major): 10
install date: 20020419
uninstall cmd: MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
publisher: Microsoft
comments: Installs system components used by Microsoft Money 2002.
help link: http://support.microsoft.com
help telephone: (800) 936-5700

Speedway ({D6CAB2F4-26A4-48F4-A35D-CA83063E3928})
uninstall cmd: "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {D6CAB2F4-26A4-48F4-A35D-CA83063E3928}

Works Suite OS Pack 1.0.0.0000 ({DC19E750-988B-4005-A355-85EF66055EFE})
version: 16777216
version (major): 1
install date: 20020419
install source: E:\ospack\
publisher: Microsoft Corporation
help link: http://www.microsoft.com
help telephone:

Microsoft Money 2002 10.0.50 ({E7298FD5-1386-11D5-8D6C-0050DAD32D95})
version: 167772210
version (major): 10
install date: 20020419
uninstall cmd: MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money 2002
help link: http://support.microsoft.com
help telephone: (800) 936-5700

({E7E518B2-B174-11D3-9D4E-0060B0A4823E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"

Palm Desktop 4.1.0410 ({E89D78B8-28F7-412F-8B26-C684739CBBDC})
version: 67174810
version (major): 4
version (minor): 1
estimated size: 39303
install date: 20050518
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_isC0\
uninstall cmd: MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
publisher: Palm, Inc.
comments: For troubleshooting help try the Palm Knowledge Finder at www.palm.com/support.
contact: Palm Customer Support
help link: http://www.palm.com/support
help telephone: None
readme: Readme_eng.txt

SoundMAX ({F0A37341-D692-11D4-A984-009027EC0A9C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 179200
Image MD5: 45E0D94158CA0EC71FF12DBB81B39ED3
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1


#6 cgreger

cgreger

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 12 November 2005 - 06:50 PM

Here's the rest of the report - wouldn't all fit in first window. Service (registry key): MountMgr Start: 0 Type: 1 Error Control: 1 Service (registry key): mraid35x Start: 4 Type: 1 Error Control: 1 Service (registry key): MRxDAV Display name: WebDav Client Redirector Description: WebDav Client Redirector Image path: System32\DRIVERS\mrxdav.sys Image size: 172672 Image MD5: D30CBA20CC355D3648B9FED5BB55A9D5 Start: 3 Type: 2 Error Control: 1 Service (registry key): MRxSmb Display name: MRXSMB Description: MRXSMB Image path: System32\DRIVERS\mrxsmb.sys Image size: 391936 Image MD5: 852F6FCA866E68B3A4A78C2E86EFB874 Start: 1 Type: 2 Error Control: 1 Service (registry key): MSDTC Display name: Distributed Transaction Coordinator Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\msdtc.exe Image size: 6144 Image MD5: 073D2F5B53580583FEB704084CBA39CE Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS,SamSS Service (registry key): Msfs Start: 1 Type: 2 Error Control: 1 Service (registry key): MSIServer Display name: Windows Installer Description: Installs, repairs and removes software according to instructions contained in .MSI files. Object name: LocalSystem Image path: C:\WINDOWS\System32\msiexec.exe /V Image size: 63488 Image MD5: E7A49533944654EDD82D26338DF0FD05 Start: 3 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): MSKSSRV Display name: Microsoft Streaming Service Proxy Image path: system32\drivers\MSKSSRV.sys Image size: 6400 Image MD5: 73FF6DDEAC27839583FE6A2573EE60CA Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPCLOCK Display name: Microsoft Streaming Clock Proxy Image path: system32\drivers\MSPCLOCK.sys Image size: 5120 Image MD5: BD8A0DCF208C27E20416BF9E8AED9CF9 Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPQM Display name: Microsoft Streaming Quality Manager Proxy Image path: system32\drivers\MSPQM.sys Image size: 4608 Image MD5: F6A726B8832DB1F88326B8BE98B11981 Start: 3 Type: 1 Error Control: 1 Service (registry key): ms_mpu401 Display name: Microsoft MPU-401 MIDI UART Driver Image path: system32\drivers\msmpu401.sys Image size: 2944 Image MD5: CA3E22598F411199ADC2DFEE76CD0AE0 Start: 3 Type: 1 Error Control: 1 Service (registry key): Mup Display name: Mup Start: 0 Type: 2 Error Control: 1 Service (registry key): MxlW2k Display name: MxlW2k Start: 3 Type: 1 Error Control: 1 Service (registry key): NDIS Display name: NDIS System Driver Start: 0 Type: 1 Error Control: 1 Service (registry key): NdisTapi Display name: Remote Access NDIS TAPI Driver Description: Remote Access NDIS TAPI Driver Image path: System32\DRIVERS\ndistapi.sys Image size: 9600 Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C Start: 3 Type: 1 Error Control: 1 Service (registry key): Ndisuio Display name: NDIS Usermode I/O Protocol Description: NDIS Usermode I/O Protocol Image path: System32\DRIVERS\ndisuio.sys Image size: 12160 Image MD5: DA77857D9F9BC724D779DF64DA15164B Start: 3 Type: 1 Error Control: 1 Service (registry key): NdisWan Display name: Remote Access NDIS WAN Driver Description: Remote Access NDIS WAN Driver Image path: System32\DRIVERS\ndiswan.sys Image size: 88320 Image MD5: DF101384699C87C70E9BD71DDF0E8509 Start: 3 Type: 1 Error Control: 1 Service (registry key): NDProxy Start: 3 Type: 1 Error Control: 1 Service (registry key): NetBIOS Display name: NetBIOS Interface Description: NetBIOS Interface Image path: System32\DRIVERS\netbios.sys Image size: 33152 Image MD5: 9F880D46EF6DCC865B8EF5C5A4956E3B Start: 1 Type: 2 Error Control: 1 Service (registry key): NetBT Display name: NetBT Description: NetBios over Tcpip Image path: System32\DRIVERS\netbt.sys Image size: 150272 Image MD5: 58A5116194BC0AD86A6BBDBDFA5E1240 Start: 1 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): NetDDE Display name: Network DDE Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 105984 Image MD5: 8A45EC36DF58BF90816A14E9F21075DC Start: 3 Type: 32 Error Control: 1 Depends On services: NetDDEDSDM Service (registry key): NetDDEdsdm Display name: Network DDE DSDM Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 105984 Image MD5: 8A45EC36DF58BF90816A14E9F21075DC Start: 3 Type: 32 Error Control: 1 Service (registry key): Netlogon Display name: Net Logon Description: Supports pass-through authentication of account logon events for computers in a domain. Object name: LocalSystem Image path: %SystemRoot%\System32\lsass.exe Image size: 11776 Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5 Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): Netman Display name: Network Connections Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): NIC1394 Display name: 1394 Net Driver Image path: System32\DRIVERS\nic1394.sys Image size: 56960 Image MD5: 807E924D54EC8B3203430CA4D4C08314 Start: 3 Type: 1 Error Control: 1 Service (registry key): Nla Display name: Network Location Awareness (NLA) Description: Collects and stores network configuration and location information, and notifies applications when this information changes. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd Service (registry key): Npfs Start: 1 Type: 2 Error Control: 1 Service (registry key): Ntfs Start: 4 Type: 2 Error Control: 1 Service (registry key): NtLmSsp Display name: NT LM Security Support Provider Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Object name: LocalSystem Image path: %SystemRoot%\System32\lsass.exe Image size: 11776 Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5 Start: 3 Type: 32 Error Control: 1 Service (registry key): NtmsSvc Display name: Removable Storage Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Null Start: 1 Type: 1 Error Control: 1 Service (registry key): nv Image path: System32\DRIVERS\nv4_mini.sys Image size: 909501 Image MD5: AE292465AA6A7DBA375A5AFA949DA83A Start: 3 Type: 1 Error Control: 0 Service (registry key): nv4 Image path: System32\DRIVERS\nv4.sys Image size: 731648 Image MD5: 4D31783965B0B7CED7DB3F4EE14CF260 Start: 3 Type: 1 Error Control: 0 Service (registry key): NVSvc Display name: NVIDIA Driver Helper Service Object name: LocalSystem Image path: %SystemRoot%\System32\nvsvc32.exe Image size: 61440 Image MD5: 2B8FBD3E1E364871E06CD29C1424DDAD Start: 2 Type: 16 Error Control: 1 Service (registry key): nv_agp Display name: NVIDIA nForce AGP Bus Filter Image path: System32\DRIVERS\nv_agp.sys Image size: 13502 Image MD5: 97E6E7DC388AC4D0052EDC375B0E1A0C Start: 0 Type: 1 Error Control: 1 Service (registry key): NwlnkFlt Display name: IPX Traffic Filter Driver Description: IPX Traffic Filter Driver Image path: System32\DRIVERS\nwlnkflt.sys Image size: 12416 Image MD5: B305F3FAD35083837EF46A0BBCE2FC57 Start: 3 Type: 1 Error Control: 1 Depends On services: NwlnkFwd Service (registry key): NwlnkFwd Display name: IPX Traffic Forwarder Driver Description: IPX Traffic Forwarder Driver Image path: System32\DRIVERS\nwlnkfwd.sys Image size: 32512 Image MD5: C99B3415198D1AAB7227F2C88FD664B9 Start: 3 Type: 1 Error Control: 1 Service (registry key): ohci1394 Display name: OHCI Compliant IEEE 1394 Host Controller Image path: System32\DRIVERS\ohci1394.sys Image size: 55424 Image MD5: D72273FEFCC1FB32F214E344667C243F Start: 0 Type: 1 Error Control: 1 Service (registry key): PalmUSBD Image path: system32\drivers\PalmUSBD.sys Image size: 16509 Image MD5: 803CF09C795290825607505D37819135 Start: 3 Type: 1 Error Control: 1 Service (registry key): Parport Display name: Parallel port driver Image path: System32\DRIVERS\parport.sys Image size: 76160 Image MD5: 1424FFBF560627B07CCE5082FA837F5C Start: 3 Type: 1 Error Control: 1 Service (registry key): PartMgr Start: 0 Type: 1 Error Control: 1 Service (registry key): ParVdm Start: 2 Type: 1 Error Control: 0 Depends On services: Parport Depends On group: "Parallel arbitrator" Service (registry key): PCI Display name: PCI Bus Driver Image path: System32\DRIVERS\pci.sys Image size: 62464 Image MD5: 1F96EECDF5D1E3385AC44C6A457B381F Start: 0 Type: 1 Error Control: 3 Service (registry key): PCIDump Start: 1 Type: 1 Error Control: 0 Service (registry key): PCIIde Image path: System32\DRIVERS\pciide.sys Image size: 3328 Image MD5: CCF5F451BB1A5A2A522A76E670000FF0 Start: 0 Type: 1 Error Control: 1 Service (registry key): Pcmcia Start: 4 Type: 1 Error Control: 1 Service (registry key): PDCOMP Start: 3 Type: 1 Error Control: 0 Service (registry key): PDFRAME Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRELI Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRFRAME Start: 3 Type: 1 Error Control: 0 Service (registry key): perc2 Start: 4 Type: 1 Error Control: 1 Service (registry key): perc2hib Start: 4 Type: 1 Error Control: 1 Service (registry key): PerfDisk Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfNet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfOS Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfProc Start: 0 Type: 0 Error Control: 0 Service (registry key): pfc Display name: Padus ASPI Shell Image path: system32\drivers\pfc.sys Image size: 13780 Image MD5: C4AA89518E8A2934EAF503C9587FF157 Start: 3 Type: 1 Error Control: 1 Service (registry key): PlugPlay Display name: Plug and Play Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 101376 Image MD5: E3DF4A0252D287C44606EE55355E1623 Start: 2 Type: 32 Error Control: 1 Service (registry key): Pml Driver HPZ12 Display name: Pml Driver HPZ12 Object name: LocalSystem Image path: C:\WINDOWS\System32\HPZipm12.exe Image size: 65536 Image MD5: 364E30F27BE1E6DED83E81C4DE93E808 Start: 3 Type: 16 Error Control: 1 Service (registry key): PolicyAgent Display name: IPSEC Services Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Object name: LocalSystem Image path: %SystemRoot%\System32\lsass.exe Image size: 11776 Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS,Tcpip,IPSec Service (registry key): PptpMiniport Display name: WAN Miniport (PPTP) Description: WAN Miniport (PPTP) Image path: System32\DRIVERS\raspptp.sys Image size: 46208 Image MD5: E0A8E63E75333AB0D742F9DBFB1688BA Start: 3 Type: 1 Error Control: 1 Service (registry key): Processor Display name: Processor Driver Image path: System32\DRIVERS\processr.sys Image size: 30592 Image MD5: 72F923F0A0FDFBE3252579CA1D1D8948 Start: 1 Type: 1 Error Control: 1 Service (registry key): prodrv06 Display name: StarForce Protection Environment Driver v6 Image path: \SystemRoot\System32\drivers\prodrv06.sys Start: 1 Type: 1 Error Control: 1 Service (registry key): prohlp02 Display name: StarForce Protection Helper Driver v2 Image path: System32\drivers\prohlp02.sys Image size: 65504 Image MD5: C5F47B7EC2EC906847D5F80BA779A5BD Start: 0 Type: 1 Error Control: 1 Service (registry key): prosync1 Display name: StarForce Protection Synchronization Driver v1 Image path: System32\drivers\prosync1.sys Image size: 6944 Image MD5: F3471E7971EE62420451D958DA635064 Start: 0 Type: 1 Error Control: 1 Service (registry key): ProtectedStorage Display name: Protected Storage Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 11776 Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5 Start: 2 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): Ps2 Display name: PS2 Image path: System32\DRIVERS\PS2.sys Image size: 14112 Image MD5: BFFDB363485501A38F0BCA83AEC810DB Start: 3 Type: 1 Error Control: 1 Service (registry key): PSched Display name: QoS Packet Scheduler Description: QoS Packet Scheduler Image path: System32\DRIVERS\psched.sys Image size: 65920 Image MD5: 7FD061B0B0833D5106244B0CF2A1E68C Start: 3 Type: 1 Error Control: 1 Depends On services: Gpc Service (registry key): Ptilink Display name: Direct Parallel Link Driver Description: Direct Parallel Link Driver Image path: System32\DRIVERS\ptilink.sys Image size: 17792 Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD Start: 3 Type: 1 Error Control: 1 Service (registry key): PxHelp20 Image path: System32\DRIVERS\PxHelp20.sys Image size: 16288 Image MD5: 79E924E9126BC541D6E1C76E9B077BB7 Start: 0 Type: 1 Error Control: 1 Service (registry key): ql1080 Start: 4 Type: 1 Error Control: 1 Service (registry key): Ql10wnt Start: 4 Type: 1 Error Control: 1 Service (registry key): ql12160 Start: 4 Type: 1 Error Control: 1 Service (registry key): ql1240 Start: 4 Type: 1 Error Control: 1 Service (registry key): ql1280 Start: 4 Type: 1 Error Control: 1 Service (registry key): RasAcd Display name: Remote Access Auto Connection Driver Description: Remote Access Auto Connection Driver Image path: System32\DRIVERS\rasacd.sys Image size: 8832 Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C Start: 1 Type: 1 Error Control: 1 Service (registry key): RasAuto Display name: Remote Access Auto Connection Manager Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 4 Type: 32 Error Control: 1 Depends On services: RasMan,Tapisrv Service (registry key): Rasl2tp Display name: WAN Miniport (L2TP) Description: WAN Miniport (L2TP) Image path: System32\DRIVERS\rasl2tp.sys Image size: 48640 Image MD5: 01BD60CDE35D8B60F46EBDF5358D7127 Start: 3 Type: 1 Error Control: 1 Service (registry key): RasMan Display name: Remote Access Connection Manager Description: Creates a network connection. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 32 Error Control: 1 Depends On services: Tapisrv Service (registry key): RasPppoe Display name: Remote Access PPPOE Driver Description: Remote Access PPPOE Driver Image path: System32\DRIVERS\raspppoe.sys Image size: 38912 Image MD5: 888335B3BE346119CF7B4EFF3A3FCA7C Start: 3 Type: 1 Error Control: 1 Service (registry key): Raspti Display name: Direct Parallel Description: Direct Parallel Image path: System32\DRIVERS\raspti.sys Image size: 16512 Image MD5: FDBB1D60066FCFBB7452FD8F9829B242 Start: 3 Type: 1 Error Control: 1 Service (registry key): Rdbss Display name: Rdbss Description: Rdbss Image path: System32\DRIVERS\rdbss.sys Image size: 163840 Image MD5: DE300831C74CFF09091E954A1844BDBF Start: 1 Type: 2 Error Control: 1 Service (registry key): RDPCDD Image path: System32\DRIVERS\RDPCDD.sys Image size: 4224 Image MD5: 4912D5B403614CE99C28420F75353332 Start: 1 Type: 1 Error Control: 0 Service (registry key): RDPDD Start: 0 Type: 0 Error Control: 0 Service (registry key): RDPNP Start: 0 Type: 0 Error Control: 0 Service (registry key): RDPWD Start: 3 Type: 1 Error Control: 0 Service (registry key): RDSessMgr Display name: Remote Desktop Help Session Manager Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. Object name: LocalSystem Image path: C:\WINDOWS\system32\sessmgr.exe Image size: 130048 Image MD5: E6E3C190B143A6190C73F049EC39C37C Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): redbook Display name: Digital CD Audio Playback Filter Driver Image path: System32\DRIVERS\redbook.sys Image size: 55808 Image MD5: DD2183A5092FEEE8961A1E19ABD1A0FC Start: 1 Type: 1 Error Control: 1 Service (registry key): RemoteAccess Display name: Routing and Remote Access Description: Offers routing services to businesses in local area and wide area network environments. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 4 Type: 32 Error Control: 1 Depends On services: RpcSS Depends On group: NetBIOSGroup Service (registry key): Retrospect Client Display name: Retrospect Client Object name: LocalSystem Image path: C:\Program Files\Dantz\Client\Remotsvc.exe Image size: 53248 Image MD5: 1B7D36A5943103204DE5706612470EC6 Start: 2 Type: 272 Error Control: 1 Depends On services: Tcpip Service (registry key): RpcLocator Display name: Remote Procedure Call (RPC) Locator Description: Manages the RPC name service database. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\locator.exe Image size: 68608 Image MD5: 0ACFB0D8214501358FE501CF73425C52 Start: 3 Type: 16 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): RpcSs Display name: Remote Procedure Call (RPC) Description: Provides the endpoint mapper and other miscellaneous RPC services. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost -k rpcss Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Service (registry key): RSVP Display name: QoS RSVP Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. Object name: LocalSystem Image path: %SystemRoot%\System32\rsvp.exe Image size: 132608 Image MD5: 471B3F9741D762ABE75E9DEEA4787E47 Start: 3 Type: 16 Error Control: 1 Depends On services: TcpIp,Afd,RpcSs Service (registry key): rtl8139 Display name: Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver Image path: System32\DRIVERS\RTL8139.SYS Image size: 23070 Image MD5: 7A0DB9FC3DC3C620AEA30EA2A6557CAC Start: 3 Type: 1 Error Control: 1 Service (registry key): SamSs Display name: Security Accounts Manager Description: Stores security information for local user accounts. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 11776 Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): sbp2port Display name: SBP-2 Transport/Protocol Bus Driver Image path: System32\DRIVERS\sbp2port.sys Image size: 37504 Image MD5: 0D3830C0D64A2A9EC4238A758850AE39 Start: 0 Type: 1 Error Control: 1 Service (registry key): SCardDrv Display name: Smart Card Helper Description: Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\SCardSvr.exe Image size: 93184 Image MD5: A885D4EDE9852D81981B32FB0F134703 Start: 3 Type: 32 Error Control: 0 Depends On group: "Smart Card Reader" Service (registry key): SCardSvr Display name: Smart Card Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\SCardSvr.exe Image size: 93184 Image MD5: A885D4EDE9852D81981B32FB0F134703 Start: 3 Type: 32 Error Control: 0 Depends On services: PlugPlay Service (registry key): Schedule Display name: Task Scheduler Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): SDhelper Display name: PC Tools Spyware Doctor Object name: LocalSystem Image path: C:\Program Files\Spyware Doctor\sdhelp.exe Image size: 700928 Image MD5: 1CE67C541CE77C0A23C0C5F8695103F0 Start: 2 Type: 16 Error Control: 1 Service (registry key): Secdrv Display name: Secdrv Description: SafeDisc driver Image path: System32\DRIVERS\secdrv.sys Image size: 27440 Image MD5: D26E26EA516450AF9D072635C60387F4 Start: 3 Type: 1 Error Control: 1 Service (registry key): seclogon Display name: Secondary Logon Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 288 Error Control: 0 Service (registry key): SENS Display name: System Event Notification Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Depends On services: EventSystem Service (registry key): Serenum Display name: Serenum Filter Driver Image path: System32\DRIVERS\serenum.sys Image size: 14976 Image MD5: 65A7C4D86C153C82E33A552C217ABB29 Start: 3 Type: 1 Error Control: 1 Service (registry key): Serial Display name: Serial port driver Image path: System32\DRIVERS\serial.sys Image size: 62464 Image MD5: 1A315877D2EFCC2D0FF892D6BDB845B5 Start: 1 Type: 1 Error Control: 0 Service (registry key): sfhlp01 Display name: StarForce Protection Helper Driver Image path: System32\drivers\sfhlp01.sys Image size: 4832 Image MD5: 462AEE0EA0481EA8BD45CAC876A4CCC4 Start: 0 Type: 1 Error Control: 1 Service (registry key): Sfloppy Start: 1 Type: 1 Error Control: 0 Depends On group: "SCSI miniport" Service (registry key): SharedAccess Display name: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 32 Error Control: 1 Depends On services: Netman,NLA,RasMan,ALG Service (registry key): ShellHWDetection Display name: Shell Hardware Detection Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Simbad Start: 4 Type: 1 Error Control: 1 Service (registry key): SiS315 Image path: System32\DRIVERS\sisgrp.sys Image size: 187520 Image MD5: 47F18B4DF6097F30C54F51EA075D1017 Start: 3 Type: 1 Error Control: 0 Service (registry key): SISAGP Display name: SiS AGP Filter Image path: System32\DRIVERS\SISAGP.sys Image size: 27136 Image MD5: C729EB60DD40948E5EB3FB53DC9CAD44 Start: 0 Type: 1 Error Control: 1 Service (registry key): smwdm Image path: system32\drivers\smwdm.sys Image size: 459944 Image MD5: AAC8C0F579705A4EED71CDB6954481C7 Start: 3 Type: 1 Error Control: 1 Service (registry key): Sparrow Start: 4 Type: 1 Error Control: 1 Service (registry key): splitter Display name: Microsoft Kernel Audio Splitter Image path: system32\drivers\splitter.sys Image size: 5632 Image MD5: 2C55620B197ED2BA93126B76396BFF6E Start: 3 Type: 1 Error Control: 1 Service (registry key): Spooler Display name: Print Spooler Description: Loads files to memory for later printing. Object name: LocalSystem Image path: %SystemRoot%\system32\spoolsv.exe Image size: 51200 Image MD5: 9B4155BA58192D4073082B8FC5D42612 Start: 2 Type: 272 Error Control: 1 Depends On services: RPCSS Service (registry key): sr Display name: System Restore Filter Driver Image path: System32\DRIVERS\sr.sys Image size: 70400 Image MD5: F899A5D353DCBBA12EACB379E7ABFEEE Start: 0 Type: 2 Error Control: 1 Service (registry key): srservice Display name: System Restore Service Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Srv Display name: Srv Description: Srv Image path: System32\DRIVERS\srv.sys Image size: 322304 Image MD5: 9484B95298DD39700438E037CF829056 Start: 3 Type: 2 Error Control: 1 Service (registry key): sscdbhk5 Image path: system32\drivers\sscdbhk5.sys Image size: 5589 Image MD5: 4264EBE2EDB3CAE56D6EA734B0E0AC8E Start: 1 Type: 2 Error Control: 0 Service (registry key): SSDPSRV Display name: SSDP Discovery Service Description: Enables discovery of UPnP devices on your home network. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 32 Error Control: 1 Service (registry key): ssrtln Image path: system32\drivers\ssrtln.sys Image size: 22963 Image MD5: FDF219E0B6A5CBBA34424AC361030AED Start: 1 Type: 2 Error Control: 0 Service (registry key): StillCam Display name: Still Serial Digital Camera Driver Image path: System32\DRIVERS\serscan.sys Image size: 6784 Image MD5: A9573045BAA16EAB9B1085205B82F1ED Start: 3 Type: 1 Error Control: 1 Service (registry key): stisvc Display name: Windows Image Acquisition (WIA) Description: Provides image acquisition services for scanners and cameras. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k imgsvc Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): swenum Display name: Software Bus Driver Image path: System32\DRIVERS\swenum.sys Image size: 3840 Image MD5: 064740C5C02DE46723C4B8200EE876DF Start: 3 Type: 1 Error Control: 1 Service (registry key): swmidi Display name: Microsoft Kernel GS Wavetable Synthesizer Image path: system32\drivers\swmidi.sys Image size: 54272 Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D Start: 3 Type: 1 Error Control: 1 Service (registry key): SwPrv Display name: MS Software Shadow Copy Provider Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{470A45D0-6505-4C7F-99D9-F58D88878BB6} Image size: 4608 Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573 Start: 3 Type: 16 Error Control: 0 Depends On services: rpcss Service (registry key): symc810 Start: 4 Type: 1 Error Control: 1 Service (registry key): symc8xx Start: 4 Type: 1 Error Control: 1 Service (registry key): SymEvent Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS Image size: 82136 Image MD5: 05D9613EFE7809E384C10DA26958DFA4 Start: 3 Type: 1 Error Control: 1 Service (registry key): SymWSC Display name: SymWMI Service Description: Symantec WMI Service Object name: LocalSystem Image path: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Image size: 316544 Image MD5: 67C5AF84809468061121FBCBECB19285 Start: 2 Type: 16 Error Control: 0 Depends On services: winmgmt Service (registry key): sym_hi Start: 4 Type: 1 Error Control: 1 Service (registry key): sym_u3 Start: 4 Type: 1 Error Control: 1 Service (registry key): sysaudio Display name: Microsoft Kernel System Audio Device Image path: system32\drivers\sysaudio.sys Image size: 57472 Image MD5: D0459F71807CCE71FE26A52F2EDEBAD9 Start: 3 Type: 1 Error Control: 1 Service (registry key): SysmonLog Display name: Performance Logs and Alerts Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\smlogsvc.exe Image size: 86016 Image MD5: BB5F528DC9BA1F233730223385F3EFC2 Start: 3 Type: 16 Error Control: 1 Service (registry key): TapiSrv Display name: Telephony Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): Tcpip Display name: TCP/IP Protocol Driver Description: TCP/IP Protocol Driver Image path: System32\DRIVERS\tcpip.sys Image size: 327168 Image MD5: E7774698BB0D14B0710A9A31E209F9B6 Start: 1 Type: 1 Error Control: 1 Depends On services: IPSec Service (registry key): TDPIPE Start: 3 Type: 1 Error Control: 0 Service (registry key): TDTCP Start: 3 Type: 1 Error Control: 0 Service (registry key): TermDD Display name: Terminal Device Driver Image path: System32\DRIVERS\termdd.sys Image size: 37896 Image MD5: 68B71EB2E79F60640B4B3A1A714317E5 Start: 1 Type: 1 Error Control: 1 Service (registry key): TermService Display name: Terminal Services Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): tfsnboio Image path: system32\dla\tfsnboio.sys Image size: 23607 Image MD5: 7F975769AB303C2432B31BA55E4569C7 Start: 2 Type: 2 Error Control: 0 Service (registry key): tfsncofs Image path: system32\dla\tfsncofs.sys Image size: 34743 Image MD5: 986E35F51ED3A824C69F5BD10A793098 Start: 2 Type: 2 Error Control: 0 Service (registry key): tfsndrct Image path: system32\dla\tfsndrct.sys Image size: 4119 Image MD5: 012C7884B9D06D05A8143241A3D56D06 Start: 2 Type: 2 Error Control: 0 Service (registry key): tfsndres Image path: system32\dla\tfsndres.sys Image size: 2203 Image MD5: 42CA2C29A2ECD36B406C0E1D4DB4ED23 Start: 2 Type: 2 Error Control: 0 Service (registry key): tfsnifs Image path: system32\dla\tfsnifs.sys Image size: 52758 Image MD5: 4B1267F6AA34EC2FD7A9AE9ECB292494 Start: 2 Type: 2 Error Control: 0 Service (registry key): tfsnopio Image path: system32\dla\tfsnopio.sys Image size: 13847 Image MD5: 90CFD937019CF62C7E9C656C01E0E6AD Start: 2 Type: 2 Error Control: 0 Service (registry key): tfsnpool Image path: system32\dla\tfsnpool.sys Image size: 6327 Image MD5: 4474CB19867EA64AFF26D36BF35C5BC9 Start: 2 Type: 2 Error Control: 0 Service (registry key): tfsnudf Image path: system32\dla\tfsnudf.sys Image size: 88758 Image MD5: 1CB0DF2775BE778819E8B53CD71250C5 Start: 2 Type: 2 Error Control: 0 Service (registry key): tfsnudfa Image path: system32\dla\tfsnudfa.sys Image size: 94679 Image MD5: E091F8B100E2F2F05D24BD4E1A86996B Start: 2 Type: 2 Error Control: 0 Service (registry key): Themes Display name: Themes Description: Provides user experience theme management. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Service (registry key): TNBRLDS Display name: Tenebril antispyware satellite Description: Removes advanced spyware infections Object name: LocalSystem Image path: C:\Program Files\SpyCatcher\DeleteSvc.exe Image size: 126976 Image MD5: 7F1832115C44D44F7226929F055A36AA Start: 2 Type: 16 Error Control: 0 Service (registry key): TosIde Start: 4 Type: 1 Error Control: 1 Service (registry key): trid3d Image path: System32\DRIVERS\trid3dm.sys Image size: 144860 Image MD5: 77B27EE02E30B653CAFE68BD01E952D1 Start: 3 Type: 1 Error Control: 0 Service (registry key): TrkWks Display name: Distributed Link Tracking Client Description: Maintains links between NTFS files within a computer or across computers in a network domain. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): TSDDD Start: 0 Type: 0 Error Control: 0 Service (registry key): Udfs Start: 4 Type: 2 Error Control: 1 Service (registry key): ultra Start: 4 Type: 1 Error Control: 1 Service (registry key): Update Display name: Microcode Update Driver Image path: System32\DRIVERS\update.sys Image size: 137088 Image MD5: 164CFAE1D766905F56C432ACFC54F28C Start: 3 Type: 1 Error Control: 1 Service (registry key): uploadmgr Display name: Upload Manager Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): upnphost Display name: Universal Plug and Play Device Host Description: Provides support to host Universal Plug and Play devices. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 3 Type: 32 Error Control: 1 Depends On services: SSDPSRV Service (registry key): UPS Display name: Uninterruptible Power Supply Description: Manages an uninterruptible power supply (UPS) connected to the computer. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\ups.exe Image size: 16384 Image MD5: 3F324808E5C57399430E0C70AD565145 Start: 3 Type: 16 Error Control: 1 Service (registry key): usb Start: 0 Type: 0 Error Control: 0 Service (registry key): usbccgp Display name: Microsoft USB Generic Parent Driver Image path: System32\DRIVERS\usbccgp.sys Image size: 24960 Image MD5: 7F3366DE16A0E9390DA0ED32AB58D05D Start: 3 Type: 1 Error Control: 1 Service (registry key): usbehci Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver Image path: System32\DRIVERS\usbehci.sys Image size: 19072 Image MD5: CDAA3EF29EABAE9AE825BAF2B8E36735 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbhub Display name: Microsoft USB Standard Hub Driver Image path: System32\DRIVERS\usbhub.sys Image size: 51584 Image MD5: 6191C287442495D5F04AC300A4B15504 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbohci Display name: Microsoft USB Open Host Controller Miniport Driver Image path: System32\DRIVERS\usbohci.sys Image size: 15616 Image MD5: BA6B6215621255F0CD231F08B7D5D8CB Start: 3 Type: 1 Error Control: 1 Service (registry key): usbprint Display name: Microsoft USB PRINTER Class Image path: System32\DRIVERS\usbprint.sys Image size: 24832 Image MD5: 3768DF6B52CD1A25828157379800E14F Start: 3 Type: 1 Error Control: 1 Service (registry key): usbscan Display name: USB Scanner Driver Image path: System32\DRIVERS\usbscan.sys Image size: 13824 Image MD5: 96F74BD303006971DE644BCA1A7ED858 Start: 3 Type: 1 Error Control: 1 Service (registry key): USBSTOR Display name: USB Mass Storage Driver Image path: System32\DRIVERS\USBSTOR.SYS Image size: 21760 Image MD5: 694F2B90124EB086C38C18DA97A13E48 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbuhci Display name: Microsoft USB Universal Host Controller Miniport Driver Image path: System32\DRIVERS\usbuhci.sys Image size: 18944 Image MD5: B8F6119FD7DF389D823BA27A3023E150 Start: 3 Type: 1 Error Control: 1 Service (registry key): VgaSave Image path: \SystemRoot\System32\drivers\vga.sys Start: 1 Type: 1 Error Control: 0 Service (registry key): viaagp Display name: VIA AGP Bus Filter Image path: System32\DRIVERS\viaagp.sys Image size: 27392 Image MD5: CDB62AAA807C1A0A3A8449F83267E628 Start: 0 Type: 1 Error Control: 1 Service (registry key): ViaIde Image path: System32\DRIVERS\viaide.sys Image size: 4352 Image MD5: 1C0CBB4E50D37059CE41CD134F6B5AB7 Start: 0 Type: 1 Error Control: 1 Service (registry key): VolSnap Start: 0 Type: 1 Error Control: 1 Service (registry key): VSS Display name: Volume Shadow Copy Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\vssvc.exe Image size: 275456 Image MD5: F422CECCF4B02790F80176CF3F4759C0 Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): VXD Start: 0 Type: 0 Error Control: 0 Service (registry key): W32Time Display name: Windows Time Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Service (registry key): W3SVC Start: 0 Type: 0 Error Control: 0 Service (registry key): Wanarp Display name: Remote Access IP ARP Driver Description: Remote Access IP ARP Driver Image path: System32\DRIVERS\wanarp.sys Image size: 33280 Image MD5: 484AF08F15D1306FF2E8B64FE62A160C Start: 3 Type: 1 Error Control: 1 Service (registry key): wanatw Display name: WAN Miniport (ATW) Image path: System32\DRIVERS\wanatw4.sys Image size: 33588 Image MD5: 0A716C08CB13C3A8F4F51E882DBF7416 Start: 3 Type: 1 Error Control: 1 Service (registry key): WANMiniportService Display name: WAN Miniport (ATW) Service Object name: LocalSystem Image path: "C:\WINDOWS\wanmpsvc.exe" Image size: 65536 Image MD5: EB9A99AB5D17B1727034FF191E6448D7 Start: 2 Type: 16 Error Control: 0 Service (registry key): WDICA Start: 3 Type: 1 Error Control: 0 Service (registry key): wdmaud Display name: Microsoft WINMM WDM Audio Compatibility Driver Image path: system32\drivers\wdmaud.sys Image size: 79616 Image MD5: 1106767A0647BF3BE4535C91F74FE7DA Start: 3 Type: 1 Error Control: 1 Service (registry key): WebClient Display name: WebClient Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Depends On services: MRxDAV Service (registry key): WebPost Start: 0 Type: 0 Error Control: 0 Service (registry key): winmgmt Display name: Windows Management Instrumentation Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 0 Depends On services: RPCSS,Eventlog Service (registry key): Winsock Start: 3 Type: 4 Error Control: 1 Service (registry key): WinSock2 Start: 0 Type: 0 Error Control: 0 Service (registry key): WinTrust Start: 0 Type: 0 Error Control: 0 Service (registry key): WmdmPmSp Display name: Portable Media Serial Number Description: Retrieves the serial number of any portable music player connected to your computer Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Service (registry key): WmiApRpl Start: 0 Type: 0 Error Control: 0 Service (registry key): WmiApSrv Display name: WMI Performance Adapter Description: Provides performance library information from WMI HiPerf providers. Object name: LocalSystem Image path: C:\WINDOWS\System32\wbem\wmiapsrv.exe Image size: 117248 Image MD5: B7891998B0F21C8D1A928C0578B0368B Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): WS2IFSL Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment Image path: \SystemRoot\System32\drivers\ws2ifsl.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): wuauserv Display name: Automatic Updates Description: Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Service (registry key): WZCSVC Display name: Wireless Zero Configuration Description: Provides automatic configuration for the 802.11 adapters Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 0F7D9C87B0CE1FA520473119752C6F79 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,Ndisuio Service (registry key): {46711EF7-B4E9-448E-90ED-462CC432ECC5} Start: 0 Type: 0 Error Control: 0 Service (registry key): {6080A529-897E-4629-A488-ABA0C29B635E} Display name: Intel® Graphics Platform (SoftBIOS) Driver Image path: system32\drivers\ialmsbw.sys Image size: 87648 Image MD5: 231F08744F697B9732CCE7F5020819BB Start: 3 Type: 1 Error Control: 1 Service (registry key): {8C50E5FE-FB53-4E04-AFD5-73EC52EF67D0} Start: 0 Type: 0 Error Control: 0 Service (registry key): {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} Display name: Intel® Graphics Chipset (KCH) Driver Image path: system32\drivers\ialmkchw.sys Image size: 69472 Image MD5: 54419FC58E342205ADAB380E3F4975E7 Start: 3 Type: 1 Error Control: 1 :angry:

#7 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 November 2005 - 08:26 PM

I would like to see the file C:\WINDOWS\aryx.exe
You can upload it here

Close all programs leaving only HijackThis running. Place a check against each of the following,

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...od/install.html
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab


Click on Fix Checked when finished and exit HijackThis.
Post back a fresh HijackThis log and we will take another look.

#8 cgreger

cgreger

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 12 November 2005 - 09:58 PM

I was unable to find the file c:\Windows\aryx.exe I looked in windows folder and also did a search, no luck. Your suggestions? Meanwhile, I did do the fix checked on HJT. Thank you. Logfile of HijackThis v1.99.1 Scan saved at 6:50:16 PM, on 11/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dantz\Client\Remotsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dantz\Client\retroclient.exe C:\Program Files\SpyCatcher\DeleteSvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\S3apphk.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\System32\igfxtray.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\SpyCatcher\DeleteSatellite.exe C:\Program Files\America Online 7.0\aoltray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe

#9 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 November 2005 - 10:26 PM

Missing the bottom part of the log please repost it.

#10 cgreger

cgreger

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 12 November 2005 - 10:32 PM

Oh sorry - here is the whole 9 yards.

Logfile of HijackThis v1.99.1
Scan saved at 6:50:16 PM, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\Program Files\SpyCatcher\DeleteSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\S3apphk.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [aryx] C:\WINDOWS\aryx.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher\SpyCatcher.exe" reminder
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Owner\Desktop\HijackThis.exe /startupscan
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: GhostSurf.lnk = C:\Program Files\GhostSurf\GhostSurf.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\SpyCatcher\DeleteSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove


#11 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 13 November 2005 - 07:15 AM

Close all programs leaving only HijackThis running. Place a check against each of the following,

O4 - HKLM\..\Run: [aryx] C:\WINDOWS\aryx.exe
O4 - Startup: PowerReg Scheduler.exe


Click on Fix Checked when finished and exit HijackThis.


Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. paste
C:\WINDOWS\aryx.exe
the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; answer Yes.

Let the system reboot.
post another log.

#12 cgreger

cgreger

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 13 November 2005 - 02:56 PM

Hi - ran the killbox. Here's the latest log. Thank you again, btw.

Logfile of HijackThis v1.99.1
Scan saved at 12:52:35 PM, on 11/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\Program Files\SpyCatcher\DeleteSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\S3apphk.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\GhostSurf\GhostSurf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher\SpyCatcher.exe" reminder
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Owner\Desktop\HijackThis.exe /startupscan
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: GhostSurf.lnk = C:\Program Files\GhostSurf\GhostSurf.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\SpyCatcher\DeleteSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#13 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 13 November 2005 - 03:18 PM

Can you download and run Rootkit revealer.

http://www.sysintern...itRevealer.html

And post the results here.

#14 cgreger

cgreger

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 13 November 2005 - 07:28 PM

Ran Rootkit Revealer - but can't figure out how to copy results, so I'm gonna tell you what it says: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GFK117WT\Search[1].:| Note that the last symbol above is actually shorter and bolder, but I wasn't sure how to reproduce it. As for the "desription" part - it says "hidden from windows API" For D: and J: is simply said - "error mounting volume

#15 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 13 November 2005 - 09:26 PM

For some reason your windows has not updated.
Please try this link


Then go to windows update

Then click Review your Update History. See if any failed?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users