Hey
-
Hey
I Think i have a key logger in my computer but i don't know for sure because i think trend micro removed it. But im wondering what else i should do to see if theres any other stuff in this computer.
-
Welcome,
Go here http://www.d-a-l.com/help/showthread.php?t=32403
Do everything there and post a hijackthis log from the link provided. Thanks.
-
Im Waiting for some of this stuff to download,
While i was downloading i kept getting this pop up that said
MESSANGER SERVICE (Notice the spelling mistake)
And then it said i had 55 Critical errors and had to download RegFix or something like that (It claimed to be Microsoft).
Also should i scan all of my computer first and then post the hojack this log or hijackthis first then scan
-
Also this is my HiJackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 9:46:39 PM, on 12/25/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\Desktop\VIRUSS~1\AAWSE\Ad-Aware.exe
C:\Documents and Settings\Administrator\Desktop\Virus Stuff\SBSD\SpybotSD.exe
C:\Documents and Settings\Administrator\Desktop\Virus Stuff\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
-
This is my Ad-Ware SE Scan Log
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, December 25, 2006 9:49:32 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R140 18.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):1 total references
MRU List(TAC index:0):17 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R140 18.12.2006
Internal build : 176
File location : C:\Documents and Settings\Administrator\Desktop\Virus Stuff\AAWSE
\defs.ref
File size : 900556 Bytes
Total size : 2938809 Bytes
Signature data size : 2889075 Bytes
Reference data size : 49222 Bytes
Signatures total : 78386
CSI Fingerprints total : 4901
CSI data size : 219293 Bytes
Target categories : 15
Target families : 1010
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:60 %
Total physical memory:523764 kb
Available physical memory:310648 kb
Total page file size:1280544 kb
Available on page file:1142428 kb
Total virtual memory:2097024 kb
Available virtual memory:2038852 kb
OS:Microsoft Windows XP Professional (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : Use permanent archive caching
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Reanalyze results after scanning before displaying results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include alternate data stream details in log file
Set : Snap windows to desktop borders
Set : Use gridlines in results lists
Set : Create and save WebUpdate log file
Set : Dump details about unhandled exceptions to disk
Set : Play sound at scan completion if scan locates critical objects
12-25-2006 9:49:32 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 588
ThreadCreationTime : 12-26-2006 5:05:21 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 636
ThreadCreationTime : 12-26-2006 5:05:21 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 660
ThreadCreationTime : 12-26-2006 5:05:23 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 704
ThreadCreationTime : 12-26-2006 5:05:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 724
ThreadCreationTime : 12-26-2006 5:05:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 892
ThreadCreationTime : 12-26-2006 5:05:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 992
ThreadCreationTime : 12-26-2006 5:05:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1088
ThreadCreationTime : 12-26-2006 5:05:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1156
ThreadCreationTime : 12-26-2006 5:05:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1328
ThreadCreationTime : 12-26-2006 5:05:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1604
ThreadCreationTime : 12-26-2006 5:05:30 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RunDll32.exe
Command Line : "C:\WINDOWS\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd
ProcessID : 1736
ThreadCreationTime : 12-26-2006 5:05:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:13 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
ProcessID : 1760
ThreadCreationTime : 12-26-2006 5:05:31 AM
BasePriority : Normal
#:14 [backweb-8876480.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
ProcessID : 1784
ThreadCreationTime : 12-26-2006 5:05:31 AM
BasePriority : Normal
FileVersion : 1.4.50
ProductVersion : 1.4.50
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : Logitech BackWeb Runner
LegalCopyright : Copyright (C) Logitech 2000-2004. All rights reserved
OriginalFilename : backweb-8876480.exe
Comments : www.logitech.com/ldm
#:15 [cmdagent.exe]
ModuleName : C:\Program Files\Comodo\Firewall\cmdagent.exe
Command Line : "C:\Program Files\Comodo\Firewall\cmdagent.exe"
ProcessID : 196
ThreadCreationTime : 12-26-2006 5:05:35 AM
BasePriority : Normal
FileVersion : 2.3.6.19
ProductVersion : 2.3.6.0
ProductName : Comodo Firewall
CompanyName : COMODO
FileDescription : Comodo Agent Service
InternalName : cmdagent
LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved
LegalTrademarks : Copyright © 2005-2006 COMODO ®. All rights reserved
OriginalFilename : cmdagent.exe
#:16 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 284
ThreadCreationTime : 12-26-2006 5:05:35 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:17 [spybotsd.exe]
ModuleName : C:\Documents and Settings\Administrator\Desktop\Virus Stuff\SBSD\SpybotSD.exe
Command Line : "C:\Documents and Settings\Administrator\Desktop\Virus Stuff\SBSD\SpybotSD.exe"
ProcessID : 1224
ThreadCreationTime : 12-26-2006 5:47:21 AM
BasePriority : Normal
FileVersion : 1.4.0.3
ProductVersion : 1, 4, 0, 3
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.
#:18 [ad-aware.exe]
ModuleName : C:\Documents and Settings\Administrator\Desktop\Virus Stuff\AAWSE\Ad-Aware.exe
Command Line : "C:\Documents and Settings\Administrator\Desktop\Virus Stuff\AAWSE\Ad-Aware.exe"
ProcessID : 452
ThreadCreationTime : 12-26-2006 5:49:03 AM
BasePriority : Realtime
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\direct3d\mostrecentapplicat ion
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\direct3d\mostrecentapplicat ion
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplicatio n
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\directinput\mostrecentappli cation
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\directinput\mostrecentappli cation
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preference s
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\windows\currentversion\expl orer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\windows\currentversion\expl orer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\windows\currentversion\expl orer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-1450960922-839522115-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 18
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18
9:52:32 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:00.16
Objects scanned:99347
Objects identified:1
Objects ignored:0
New critical objects:1
Reanalyzing scan result
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
No objects have been removed from the result list.
-
These are my Spybot Search & Destroy results
--- Search result list ---
Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2006-12-25 spybotsd14.exe (0.0.0.0)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-12-25 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-22 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2006-12-22 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-22 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-12-22 Includes\Malware.sbi (*)
2006-12-22 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-22 Includes\PUPSC.sbi (*)
2006-12-22 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-12-22 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-22 Includes\SpybotsC.sbi (*)
2005-02-16 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2006-12-22 Includes\TrojansC.sbi (*)
--- System information ---
Windows XP (Build: 2600)
--- Startup entries list ---
Located: HK_LM:Run, Cmaudio
command: RunDll32 cmicnfg.cpl,CMICtrlWnd
file:
Located: HK_LM:Run, Comodo Firewall
command: "C:\Program Files\Comodo\Firewall\CPF.exe" /background
file: C:\Program Files\Comodo\Firewall\CPF.exe
size: 993360
MD5: 06c20feba831d73e9644be473f47413f
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 30208
MD5: 2904b939f139b2e72da23f36f5038088
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
size: 49263
MD5: 3aa5d60b77ce19b1f2521f532ab986e7
Located: HK_LM:Run, WinampAgent
command: C:\Program Files\Winamp\winampa.exe
file: C:\Program Files\Winamp\winampa.exe
size: 35328
MD5: e728754acc86d1462b09b4c831aee8c8
Located: HK_CU:Run, LDM
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
size: 20480
MD5: b9b7084f7db3d1b036c0b9178472e96a
Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (common), Logitech Desktop Messenger.lnk
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 450560
MD5: a5e4cd281c93e174181c5873fafd4f16
Located: Startup (common), Logitech SetPoint.lnk
command: C:\Program Files\Logitech\SetPoint\KEM.exe
file: C:\Program Files\Logitech\SetPoint\KEM.exe
size: 581632
MD5: 6860718fa794f913f3f1bdf3ce0a9171
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
--- ActiveX list ---
{215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6)
DPF name:
CLSID name: Trend Micro ActiveX Scan Agent 6.6
Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 10/25/2006 12:18:06 PM
Date (last access): 12/25/2006 9:26:08 PM
Date (last write): 10/25/2006 12:18:06 PM
Filesize: 385536
Attributes: archive
MD5: 3EBA1F8FA899A08811B05F9D9D957C7B
CRC32: 83530E1E
Version: 6.51.0.1016
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/9/2006 3:07:34 PM
Date (last access): 12/25/2006 7:51:30 PM
Date (last write): 11/9/2006 3
54 PM
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3
--- Process list ---
PID: 0 ( 0) [System]
PID: 588 ( 4) \SystemRoot\System32\smss.exe
PID: 636 ( 588) \??\C:\WINDOWS\system32\csrss.exe
PID: 660 ( 588) \??\C:\WINDOWS\system32\winlogon.exe
PID: 704 ( 660) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 724 ( 660) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: 8A590EA109B5E0C7629E022F8A6B17C5
PID: 892 ( 704) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 992 ( 704) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1088 ( 704) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1156 ( 704) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1328 ( 704) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1604 (1524) C:\WINDOWS\Explorer.EXE
size: 1000960
MD5: 5A26FC6010886D25B3E412493DD95ED8
PID: 1736 (1604) C:\WINDOWS\System32\RunDll32.exe
size: 31744
MD5: 0FB22DD37C17F80AD71316049F725170
PID: 1760 (1604) C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
size: 49263
MD5: 3AA5D60B77CE19B1F2521F532AB986E7
PID: 1784 (1604) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
size: 20480
MD5: B9B7084F7DB3D1B036C0B9178472E96A
PID: 196 ( 704) C:\Program Files\Comodo\Firewall\cmdagent.exe
size: 565840
MD5: 61C39FE2750499D02B8A923890E09498
PID: 284 ( 704) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 1224 ( 216) C:\Documents and Settings\Administrator\Desktop\Virus Stuff\SBSD\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1464 (1612) C:\Documents and Settings\Administrator\Desktop\Virus Stuff\RegSupremePro.exe
size: 493056
MD5: 3CD9777C01D9BCDAE8F5C2DB0BC1A3DD
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/25/2006 10:04:23 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\DOCUME~1\ADMINI~1\Desktop\VIRUSS~1\AAWSE\UNWISE .EXE C:\DOCUME~1\ADMINI~1\Desktop\VIRUSS~1\AAWSE\INSTAL L.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave
(Branding)
C-Media 3D Audio (C-Media Audio)
uninstall cmd: C:\WINDOWS\CMIUnInstall.exe
CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
Comodo Firewall 2.3.6.81 (Comodo Firewall)
uninstall cmd: C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
publisher: COMODO
comments: A product from COMODO.
contact: personalfirewall@comodo.com
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(Fontcore)
Guild Wars (Guild Wars)
uninstall cmd: "C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Administrator\Desktop\Virus Stuff\HiJackThis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
kewlpAd 1.1 (kewlpAd_is1)
uninstall cmd: "C:\Program Files\kewlpAd\unins000.exe"
publisher: Elad Rosenheim & Daniel Jacoby
help link: http://www.veoweb.com/users/kewlpad
LimeWire PRO 4.12.3 4.12.3 (LimeWire)
uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
Mozilla Firefox (2.0.0.1) 2.0.0.1 (en-US) (Mozilla Firefox (2.0.0.1))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
publisher: Mozilla
comments: Mozilla Firefox
(MPlayer2)
(NetMeeting)
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
RegSupreme Pro 1.4 (RegSupreme Pro_is1)
uninstall cmd: "C:\Documents and Settings\Administrator\Desktop\Virus Stuff\unins000.exe"
(SchedulingAgent)
(Shockwave)
Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Documents and Settings\Administrator\Desktop\Virus Stuff\SBSD\
uninstall cmd: "C:\Documents and Settings\Administrator\Desktop\Virus Stuff\SBSD\unins000.exe"
publisher: Safer Networking Limited
Steam (Steam)
uninstall cmd: C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
publisher: Valve
help link: http://support.steampowered.com
VIA Rhine Family Fast Ethernet Adapter (VUInstRhine)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex Rhine
Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) (Xfire)
uninstall cmd: "C:\Program Files\Xfire\uninst.exe"
Logitech SetPoint 2.12 ({2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3})
version: 34340864
install location: C:\Program Files\Logitech\SetPoint
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 10 1.5.0.100 ({3248F0A8-6813-11D6-A77B-00B0D0150100})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 123021
install date: 20061225
install source: http://javadl.sun.com/webapps/downlo...windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_10\README.txt
WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 1940
install date: 20061219
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Ventrilo Client 2.3.0 ({789289CA-F73A-4A16-A331-54D498CE069F})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 2420
install date: 20061225
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
publisher: Flagship Industries, Inc.
help link: http://www.ventrilo.com
Logitech Desktop Messenger 1.0.42 ({900B1197-53F5-4F46-A882-2CFFFE2EEDCB})
version: 16777258
install location: C:\Program Files\Logitech\Desktop Messenger
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files\Adobe\Photoshop CS
install source: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for Adobe PhotoShop CS 8 (serial+activation included).zip\Adobe Photoshop CS 8.0\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
publisher: Adobe Systems, Inc.
--- System Services ---
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 179200
Image MD5: 45E0D94158CA0EC71FF12DBB81B39ED3
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1
Service (registry key): Adobe LM Service
Display name: Adobe LM Service
Description: Adobe LM Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
Image size: 68096
Image MD5: 5DDC0A8D2CD60BDA593DDAF45821CE08
Start: 3
Type: 16
Error Control: 1
Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 122472
Image MD5: B45A744CA0A15A59D8B0307CE9741E92
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Display name: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1
Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 40960
Image MD5: C23EB4661BF60C77280F8A3620D43B8E
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1
Service (registry key): Aoks40knt
Image path: C:\WINDOWS\System32\drivers\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 3
Type: 8
Error Control: 1
Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1
Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 13568
Image MD5: 03F403B07A884FC2AA54A0916C410931
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 86656
Image MD5: A64013E98426E1877CB653685C5C0009
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57216
Image MD5: 8D735CA1CBDB0081B0E3B9FF0EB222D0
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1
Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Uses idle network bandwidth to transfer data.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,RpcSs
Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 47488
Image MD5: CB762E814F602229A574F4D78D3D6A30
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0
Service (registry key): cisvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\cisvc.exe
Image size: 5120
Image MD5: 325F1D50AFD0D6CE830938262AC2AE14
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 30720
Image MD5: 08EBC742345AB7EF2EC29BC92D6D33DD
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE
Service (registry key): CmdAgent
Display name: Comodo Application Agent
Description: Comodo Firewall Application Agent
Object name: LocalSystem
Image path: C:\Program Files\Comodo\Firewall\cmdagent.exe
Image size: 565840
Image MD5: 61C39FE2750499D02B8A923890E09498
Start: 2
Type: 272
Error Control: 1
Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): CmdMon
Display name: Comodo Application Engine
Description: Comodo Firewall Application Engine
Image path: System32\DRIVERS\cmdmon.sys
Image size: 61056
Image MD5: 4066B5E7AB07146277666A9881BD26AF
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): cmuda
Display name: C-Media WDM Audio Interface
Image path: system32\drivers\cmuda.sys
Image size: 818496
Image MD5: 5A2004F687D4E55914E6E8898FB51C9D
Start: 3
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 4608
Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0
Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0
Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1
Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0
Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1
Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT
Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 33664
Image MD5: 43A10CD19D648E57ED039A6CAA667A56
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 204800
Image MD5: 67648497FDC9A9235A2642950E326756
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer
Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 780928
Image MD5: E18132D39407AADCA6B1D19ADF408A8A
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 146304
Image MD5: ACA44E9A8E2FF7C833664263C8478629
Start: 0
Type: 1
Error Control: 1
Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 0
Type: 1
Error Control: 1
Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 50048
Image MD5: EF05974D47D56FA8387F170F05BAE5E7
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip
Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1
Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2816
Image MD5: AA94E0CBD79DB63100D0EAE061EB69BC
Start: 3
Type: 1
Error Control: 1
Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 101376
Image MD5: E3DF4A0252D287C44606EE55355E1623
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1
Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService
Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 26240
Image MD5: 19C5C7EAC0190A42522290BF002F64EA
Start: 3
Type: 1
Error Control: 1
Service (registry key): FETNDIS
Display name: VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver
Image path: System32\DRIVERS\fetnd5.sys
Image size: 27165
Image MD5: E9648254056BCE81A85380C0C3647DC4
Start: 3
Type: 1
Error Control: 1
Service (registry key): FETNDISB
Display name: VIA Rhine Family Fast Ethernet Adapter Driver Service
Image path: System32\DRIVERS\fetnd5b.sys
Image size: 42496
Image MD5: B0F11E97B051E7DCCA40B0453F985636
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1
Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: System32\DRIVERS\flpydisk.sys
Image size: 19712
Image MD5: 21E41E89B9B191B685F99B7A8885310B
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0
Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1
Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 33792
Image MD5: 13591E0A02E85DE2A388F3EC4BD206DF
Start: 3
Type: 1
Error Control: 1
Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): HidUsb
Display name: Microsoft HID Class Driver
Image path: System32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0
Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1
Service (registry key): hpt3xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1
Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1
Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 50944
Image MD5: 54AE656490B33F84B4417194AA127B25
Start: 1
Type: 1
Error Control: 1
Service (registry key): Imapi
Start: 1
Type: 1
Error Control: 0
Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\imapi.exe
Image size: 118784
Image MD5: F6069827B0A39DC75D251CFB37C4E9C9
Start: 3
Type: 16
Error Control: 1
Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0
Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1
Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0
Service (registry key): Inspect
Display name: Comodo Network Engine
Description: Comodo Firewall Network Engine
Image path: System32\DRIVERS\inspect.sys
Image size: 69120
Image MD5: 666DD8BA74CB98DB5DEFFB690B430B7B
Start: 0
Type: 1
Error Control: 1
Depends On services: NDIS
Depends On group: "NDIS Wrapper"
Service (registry key): IntelIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 19584
Image MD5: F56DD863BA732A4E8EE58D486C31250F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 76288
Image MD5: 561E2AEDE82CAE972D572C60D4E090BF
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 56064
Image MD5: 87AD207BC4437F215508024559D72F30
Start: 1
Type: 1
Error Control: 1
Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 10496
Image MD5: B43201394646B7E98C89056EDDA686B5
Start: 3
Type: 1
Error Control: 1
Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0
Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3
Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 23424
Image MD5: 9C30CD464D87102497FD7C32910E6253
Start: 1
Type: 1
Error Control: 1
Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 159232
Image MD5: ECD42891ECC1CA80FCB849511D3DF186
Start: 3
Type: 1
Error Control: 1
Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1
Service (registry key): L8042Kbd
Display name: Logitech SetPoint Keyboard Driver
Image path: System32\DRIVERS\L8042Kbd.sys
Image size: 13105
Image MD5: 032B0247CABF54094CA7819D14E8036D
Start: 3
Type: 1
Error Control: 0
Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0
Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0
Service (registry key): LHidKe
Start: 0
Type: 0
Error Control: 0
Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0
Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS
Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0
Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mnmsrvc.exe
Image size: 32768
Image MD5: 743AEA1D5DB177ED3F1A0A25B3F5D6A6
Start: 3
Type: 272
Error Control: 1
Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0
Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 22016
Image MD5: E534CCBA5714E8BFFF4FB97D6453898F
Start: 1
Type: 1
Error Control: 1
Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: System32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0
Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1
Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: System32\DRIVERS\mrxdav.sys
Image size: 172672
Image MD5: D30CBA20CC355D3648B9FED5BB55A9D5
Start: 3
Type: 2
Error Control: 1
Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 407680
Image MD5: A3AD34D36242E92C86B0C1BFBD131255
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\System32\msdtc.exe
Image size: 6144
Image MD5: 073D2F5B53580583FEB704084CBA39CE
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSIServer
Display name: Windows Installer
Description: Installs, repairs and removes software according to instructions contained in .MSI files.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\msiexec.exe /V
Image size: 63488
Image MD5: E7A49533944654EDD82D26338DF0FD05
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7424
Image MD5: 85736F804191CB420A31ACA2A7F0674F
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5248
Image MD5: E943ADB93D83C5CBC0CA3F53F53B48CC
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4608
Image MD5: F6A726B8832DB1F88326B8BE98B11981
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1
Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 12160
Image MD5: DA77857D9F9BC724D779DF64DA15164B
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 88320
Image MD5: DF101384699C87C70E9BD71DDF0E8509
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 33152
Image MD5: 9F880D46EF6DCC865B8EF5C5A4956E3B
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 150272
Image MD5: 58A5116194BC0AD86A6BBDBDFA5E1240
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 105984
Image MD5: 8A45EC36DF58BF90816A14E9F21075DC
Start: 3
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM
Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 105984
Image MD5: 8A45EC36DF58BF90816A14E9F21075DC
Start: 3
Type: 32
Error Control: 1
Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd
Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 3
Type: 32
Error Control: 1
Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): NTSIM
Display name: NTSIM
Image path: \??\C:\WINDOWS\System32\ntsim.sys
Image size: 7040
Image MD5: A568B9A9FFE2D9387222A5C90F86D731
Start: 3
Type: 1
Error Control: 1
Service (registry key): Null
Start: 1
Type: 1
Error Control: 1
Service (registry key): nv4
Image path: System32\DRIVERS\nv4.sys
Image size: 731648
Image MD5: 4D31783965B0B7CED7DB3F4EE14CF260
Start: 3
Type: 1
Error Control: 0
Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd
Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1
Service (registry key): Parport
Display name: Parallel port driver
Image path: System32\DRIVERS\parport.sys
Image size: 76160
Image MD5: 1424FFBF560627B07CCE5082FA837F5C
Start: 3
Type: 1
Error Control: 1
Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1
Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"
Service (registry key): PCI
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 62464
Image MD5: 1F96EECDF5D1E3385AC44C6A457B381F
Start: 0
Type: 1
Error Control: 1
Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0
Service (registry key): PCIIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1
Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1
Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0
Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 101376
Image MD5: E3DF4A0252D287C44606EE55355E1623
Start: 2
Type: 32
Error Control: 1
Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec
Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: System32\DRIVERS\raspptp.sys
Image size: 46464
Image MD5: 5849957DC3F7CAE702E03B69744B9BFE
Start: 3
Type: 1
Error Control: 1
Service (registry key): Processor
Display name: Processor Driver
Image path: System32\DRIVERS\processr.sys
Image size: 30592
Image MD5: 72F923F0A0FDFBE3252579CA1D1D8948
Start: 1
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: System32\DRIVERS\psched.sys
Image size: 65920
Image MD5: 7FD061B0B0833D5106244B0CF2A1E68C
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc
Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1
Service (registry key): PxHelp20
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 36528
Image MD5: 81088114178112618B1C414A65E50F7C
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1
Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1
Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1
Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv
Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 48640
Image MD5: 01BD60CDE35D8B60F46EBDF5358D7127
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv
Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: System32\DRIVERS\raspppoe.sys
Image size: 38912
Image MD5: 888335B3BE346119CF7B4EFF3A3FCA7C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1
Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 163840
Image MD5: DE300831C74CFF09091E954A1844BDBF
Start: 1
Type: 2
Error Control: 1
Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: System32\DRIVERS\rdpdr.sys
Image size: 181632
Image MD5: 57F34F83E278DD804BA4A0593D789312
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0
Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 130048
Image MD5: E6E3C190B143A6190C73F049EC39C37C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 55808
Image MD5: DD2183A5092FEEE8961A1E19ABD1A0FC
Start: 1
Type: 1
Error Control: 1
Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup
Service (registry key): RemoteRegistry
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\locator.exe
Image size: 68096
Image MD5: 0C17B00F9ACC99139780C0E931C11F16
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\System32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs
Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 11776
Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): SCardDrv
Display name: Smart Card Helper
Description: Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 93184
Image MD5: A885D4EDE9852D81981B32FB0F134703
Start: 3
Type: 32
Error Control: 0
Depends On group: "Smart Card Reader"
Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 93184
Image MD5: A885D4EDE9852D81981B32FB0F134703
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay
Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: System32\DRIVERS\secdrv.sys
Image size: 27440
Image MD5: D26E26EA516450AF9D072635C60387F4
Start: 3
Type: 1
Error Control: 1
Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 288
Error Control: 0
Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: System32\DRIVERS\serenum.sys
Image size: 14976
Image MD5: 65A7C4D86C153C82E33A552C217ABB29
Start: 3
Type: 1
Error Control: 1
Service (registry key): Serial
Display name: Serial port driver
Image path: System32\DRIVERS\serial.sys
Image size: 62464
Image MD5: 1A315877D2EFCC2D0FF892D6BDB845B5
Start: 1
Type: 1
Error Control: 0
Service (registry key): SetupNT
Display name: SetupNT
Image path: \SystemRoot\system32\SetupNT.sys
Start: 2
Type: 1
Error Control: 1
Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"
Service (registry key): SharedAccess
Display name: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Netman,NLA,RasMan,ALG
Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1
Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1
Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 5632
Image MD5: 2C55620B197ED2BA93126B76396BFF6E
Start: 3
Type: 1
Error Control: 1
Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 51200
Image MD5: 9B4155BA58192D4073082B8FC5D42612
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): sr
Display name: System Restore Filter Driver
Image path: System32\DRIVERS\sr.sys
Image size: 70400
Image MD5: F899A5D353DCBBA12EACB379E7ABFEEE
Start: 0
Type: 2
Error Control: 1
Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: System32\DRIVERS\srv.sys
Image size: 330368
Image MD5: 94619EB663216F9BF12F9B950FCAB3C0
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k imgsvc
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): swenum
Display name: Software Bus Driver
Image path: System32\DRIVERS\swenum.sys
Image size: 4096
Image MD5: 616A013D3EA068B6DEE83D905E92EE9F
Start: 3
Type: 1
Error Control: 1
Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1
Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{3D8EF758-5D7B-49BA-835D-3D9B7DCEFB3C}
Image size: 4608
Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1
Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1
Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 57472
Image MD5: D0459F71807CCE71FE26A52F2EDEBAD9
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 86016
Image MD5: BB5F528DC9BA1F233730223385F3EFC2
Start: 3
Type: 16
Error Control: 1
Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: System32\DRIVERS\tcpip.sys
Image size: 327168
Image MD5: E7774698BB0D14B0710A9A31E209F9B6
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec
Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0
Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0
Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: System32\DRIVERS\termdd.sys
Image size: 37896
Image MD5: 68B71EB2E79F60640B4B3A1A714317E5
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Service (registry key): TlntSvr
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\tlntsvr.exe
Image size: 60928
Image MD5: 0A69B1943DBC28DAED192CF646D1B0EE
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP
Service (registry key): tmcomm
Display name: tmcomm
Image path: \??\C:\WINDOWS\System32\drivers\tmcomm.sys
Image size: 76560
Image MD5: 4DC436421C9D745D7E8C37F956701C78
Start: 2
Type: 1
Error Control: 1
Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1
Service (registry key): UMWdf
Display name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Object name: NT AUTHORITY\LocalService
Image path: C:\WINDOWS\System32\wdfmgr.exe
Image size: 38912
Image MD5: AB0A7CA90D9E3D6A193905DC1715DED0
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): Update
Display name: Microcode Update Driver
Image path: System32\DRIVERS\update.sys
Image size: 137088
Image MD5: 164CFAE1D766905F56C432ACFC54F28C
Start: 3
Type: 1
Error Control: 1
Service (registry key): uploadmgr
Display name: Upload Manager
Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV
Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 16384
Image MD5: 3F324808E5C57399430E0C70AD565145
Start: 3
Type: 16
Error Control: 1
Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: System32\DRIVERS\usbhub.sys
Image size: 50688
Image MD5: 1766FAA3A5079D0DB3EFB331DAC587ED
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: System32\DRIVERS\USBSTOR.SYS
Image size: 21760
Image MD5: 694F2B90124EB086C38C18DA97A13E48
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: System32\DRIVERS\usbuhci.sys
Image size: 18944
Image MD5: B8F6119FD7DF389D823BA27A3023E150
Start: 3
Type: 1
Error Control: 1
Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0
Service (registry key): viaagp1
Display name: VIA AGP Filter
Image path: System32\DRIVERS\viaagp1.sys
Image size: 27904
Image MD5: 4B039BBD037B01F5DB5A144C837F283A
Start: 0
Type: 1
Error Control: 1
Service (registry key): ViaIde
Image path: System32\DRIVERS\viaidexp.sys
Image size: 6144
Image MD5: A5D8B6C8D43786D4215C1DF6FAB0AAE0
Start: 0
Type: 1
Error Control: 1
Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1
Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 275456
Image MD5: F422CECCF4B02790F80176CF3F4759C0
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0
Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: System32\DRIVERS\wanarp.sys
Image size: 33280
Image MD5: 484AF08F15D1306FF2E8B64FE62A160C
Start: 3
Type: 1
Error Control: 1
Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0
Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 79616
Image MD5: 1106767A0647BF3BE4535C91F74FE7DA
Start: 3
Type: 1
Error Control: 1
Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV
Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS,Eventlog
Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Image size: 117248
Image MD5: B7891998B0F21C8D1A928C0578B0368B
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio
Service (registry key): {2E534238-9A69-47A8-97FB-B47C43479D5A}
Start: 0
Type: 0
Error Control: 0
-
Now that all of this is done should i restart my computer or is there more to be done.?
-
Go here and get Service Pack 1a or we can't help you as you will continually be infected.
http://www.microsoft.com/windowsxp/d...1/default.mspx
Do not get service pack 2 on an infected machine.
Thanks.
Then post a new hijackthis log.
-
Neal my Mom who's a Security Expert for Has helped me, I now have everything removed and proper Anti-Virus Installed (AVG Expired), So i purchased it. Now all I'm doing in Tweaking my Registry :P
Last edited by jephree; 03-03-2009 at 09:29 AM.
Reason: removed commercial linkage
-
good luck and happy holidays
Junior Member
