Dismiss Notice
Guest, I have a big favor to ask you. We've been working very hard to establish ourselves on social media. If you like/follow our pages it would be a HUGE help to us. SoSH on Facebook and Inside the Pylon Thanks! Nip

Spyware 201

Discussion in 'BYTE ME: Technology discussion' started by Blacken, Jul 12, 2008.

  1. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    A pretty entertaining video from Defcon 15, presented by CSC's Johnny Long. Parts of it have much more to do with physical security and good policies at larger companies (by way of showing how he's subverted them), but there's a lot of good advice about safe use of your computer that has nothing to do with the programs you run or the sites you visit.

    http://video.google.com/videoplay?docid=-2...24376898701015#
     
  2. mabrowndog

    mabrowndog Ask me about total zone...or paint Lifetime Member SoSH Member

    Messages:
    39,676
    QUOTE (Blacken @ Jan 15 2010, 05:01 PM)
    A pretty entertaining video from Defcon 15, presented by CSC's Johnny Long.

    Great video. This guy is pretty awesome, and I love his dry humor. The reveals on lax airport security were both scary and amazing in their simplicity, from the readily identifiable "undercover" air marshall to the pilot's keypad entry to the TSA uniforms.

    When I was flying extensively for business, I had a polarizing screen cover that I bought as an anti-glare screen. As a side benefit, it also functioned as a privacy guard, where you could only view content with your head directly in front of it. Viewing from anything more than, say, a 10% angle in any direction would yield nothing but blackness.

    In airport gate areas, I wouldn't use my laptop unless I was seated with my back to a wall. Not because I'm arrogant enough to believe I might be a hacking or spying target (I was in plastics, for Chrissakes...) but I've always been inherently wary of prying eyes that way.
     
  3. JimD

    JimD Member SoSH Member

    Messages:
    6,538
    I have the McAfee Internet Security package on my home PC. I was lazy last year and renewed it, but after everything I’ve read I want to upgrade this year. I’m considering going to the Avast antivirus program at minimum, but I’ve also seen Kaspersky programs on sale recently.

    My big question is, how easy is it to shut down and (hopefully) delete the McAfee program on my PC once the new packages are up and running? I’m worried about McAfee crap being left behind and screwing up my new security programs. Is there a specific process or order of actions I should take?
     
  4. DrBlinky

    DrBlinky Member SoSH Member

    Messages:
    713
    QUOTE (JimD @ Jan 18 2010, 10:31 AM)
    I have the McAfee Internet Security package on my home PC. I was lazy last year and renewed it, but after everything I’ve read I want to upgrade this year. I’m considering going to the Avast antivirus program at minimum, but I’ve also seen Kaspersky programs on sale recently.

    My big question is, how easy is it to shut down and (hopefully) delete the McAfee program on my PC once the new packages are up and running? I’m worried about McAfee crap being left behind and screwing up my new security programs. Is there a specific process or order of actions I should take?

    Check out the McAfee Consumer Products Removal tool (MCPR.exe) found here.
     
  5. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,646
  6. DannyHeep

    DannyHeep well trained post artisan Lifetime Member SoSH Member

    Messages:
    17,398
    My mother-in-law has "personal security" on her computer. It is obviously malware.

    Can someone point me in the right direction on how I should get it removed? It doesn't let me even connect to the internet so I can download something to remove it.
     
  7. SoxScout

    SoxScout Well-Known Member Lifetime Member SoSH Member

    Messages:
    30,142
  8. DannyHeep

    DannyHeep well trained post artisan Lifetime Member SoSH Member

    Messages:
    17,398
    QUOTE (SoxScout @ Jan 31 2010, 04:19 PM)
    Maybe here: http://www.spywareremove.com/removePersonalSecurity.html

    Basically searching for and deleting "psecurity" and "PersonalSec" is a good place to start.


    My wife gave it a bid, and this didn't work. Does she need to start the computer in safe mode? Any other thoughts?
     
  9. AnkleStigmata

    AnkleStigmata Well-Known Member Lifetime Member SoSH Member

    Messages:
    1,148
    I just want to say I hate computers, the Internet, and human beings with the current exception of Blacken. Great OP dude.

    Yep, there's gonna be a big ol' reformattin' and reinstallin' hootenanny on my wife's laptop Saturday. Hosed by one or more of those fake AV things. Spent the better part of the day trying to clean it up and now know to give up. Among many other problems, there's a lot of horrifying shit in the registry.
     
  10. Yaz4Ever

    Yaz4Ever stumps for Trump Lifetime Member SoSH Member

    Messages:
    10,119
    WTF is this?? Virtumonde with two different extensions (.prx and .atr) and I'm getting a shit ton of popups, which I never got before. Plus, Ad-Aware keeps giving me a bubble message from the icon in the systray saying "Ad-Watch Live! detected that a malicious process is running and started a scan in the background mode. You will be able to clean any infections safely after the scan is finished." Ad-Aware gives this a TAI of 7. Everything else I've ever seen is a 3. I've let it finish the scan, chose remove, rebooted the computer, and guess what...it's back again. The following is from Spybot S&D:


    --- Search result list ---
    Virtumonde.atr: [SBI $ADF6CE3E] Configuration file (File, nothing done)
    C:\Windows\Tasks\kzwqkryd.job
    Properties.size=306
    Properties.md5=D426607C3FA468827DCBCCFF4BD4FC45
    Properties.filedate=1265719005
    Properties.filedatetext=2010-02-09 07:36:45

    Virtumonde.prx: [SBI $1FB893A0] Autorun settings (hehagemik) (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1723326366-2321168841-1007424184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hehagemik

    Virtumonde.prx: [SBI $1FB893A0] Program file (File, nothing done)
    c:\PROGRA~2\seyugogi\seyugogi.dll
    Properties.size=93184
    Properties.md5=0EFF1A428BA27A4D8F3ED9CE081BC969

    Virtumonde.prx: [SBI $1FB893A0] Autorun settings (gukotumeke) (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1723326366-2321168841-1007424184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gukotumeke

    Virtumonde.prx: [SBI $1FB893A0] Program file (File, nothing done)
    C:\ProgramData\fuzosoni\fuzosoni.dll
    Properties.size=53248
    Properties.md5=224FD11E0A3ECAC34AD731FB8664D3C9


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2007-08-14 unins000.exe (51.41.0.0)
    2009-11-27 unins001.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2009-10-08 Includes\Adware.sbi (*)
    2010-02-02 Includes\AdwareC.sbi (*)
    2010-01-25 Includes\Cookies.sbi (*)
    2009-11-03 Includes\Dialer.sbi (*)
    2010-02-02 Includes\DialerC.sbi (*)
    2010-01-25 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2010-02-02 Includes\HijackersC.sbi (*)
    2010-01-20 Includes\Keyloggers.sbi (*)
    2010-02-02 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2010-01-26 Includes\Malware.sbi (*)
    2010-02-02 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2010-01-26 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2010-02-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-11-03 Includes\Spyware.sbi (*)
    2010-02-02 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-12-08 Includes\Trojans.sbi (*)
    2010-02-02 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)


    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Ad-Watch
    command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    size: 788880
    MD5: 17B7EE982055EE0660A3C512D07E5111

    Located: HK_LM:Run, AVG9_TRAY
    command: C:\PROGRA~1\AVG\AVG9\avgtray.exe
    file: C:\PROGRA~1\AVG\AVG9\avgtray.exe
    size: 2033432
    MD5: 72A7A352072EB6EC4953F9F580463B0D

    Located: HK_LM:Run, HP Software Update
    command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    size: 49152
    MD5: B93C4070F24E46B0097648C276B5039E

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 305440
    MD5: D1458A77A6E15462CB96D34089549BAC

    Located: HK_LM:Run, LogitechQuickCamRibbon
    command: "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    file: C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    size: 2793304
    MD5: 2589FFE360BED8F824CBC6171CB5B874

    Located: HK_LM:Run, Media Codec Update Service
    command: C:\Program Files\Essentials Codec Pack\update.exe -silent
    file: C:\Program Files\Essentials Codec Pack\update.exe
    size: 303104
    MD5: 441C75BC99638C9CB7A47EE79B17D2CF

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    file: C:\Windows\system32\NvCpl.dll
    size: 13687328
    MD5: 3FE65648FFD5DC96CB41BC528E427FE9

    Located: HK_LM:Run, NvMediaCenter
    command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    file: C:\Windows\system32\NvMcTray.dll
    size: 92704
    MD5: 42BF3C7DEF9553F5860266EFABAF158E

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 413696
    MD5: 9C9B6807425CEF840C117654D8B033D1

    Located: HK_LM:Run, SigmatelSysTrayApp
    command: sttray.exe
    file: C:\Windows\sttray.exe
    size: 303104
    MD5: 733DA847D5C3E32C40BA831BEAA8DC93

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre6\bin\jusched.exe"
    file: C:\Program Files\Java\jre6\bin\jusched.exe
    size: 149280
    MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0

    Located: HK_LM:Run, Windows Defender
    command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    file: C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

    Located: HK_CU:Run, 08884a0868e9c2b19880c2a2677229e7
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: C:\Users\Michael\DOWNLO~1\CRUISE~1.EXE /r
    file: C:\Users\Michael\DOWNLO~1\CRUISE~1.EXE
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ehTray.exe
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: C:\Windows\ehome\ehTray.exe
    file: C:\Windows\ehome\ehTray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C

    Located: HK_CU:Run, Google Update
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    file: C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
    size: 135664
    MD5: 8F0DE4FEF8201E306F9938B0905AC96A

    Located: HK_CU:Run, gukotumeke
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: Rundll32.exe "C:\ProgramData\fuzosoni\fuzosoni.dll",s
    file: C:\ProgramData\fuzosoni\fuzosoni.dll
    size: 53248
    MD5: 224FD11E0A3ECAC34AD731FB8664D3C9

    Located: HK_CU:Run, hehagemik
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: Rundll32.exe "c:\PROGRA~2\seyugogi\seyugogi.dll",a
    file: c:\PROGRA~2\seyugogi\seyugogi.dll
    size: 93184
    MD5: 0EFF1A428BA27A4D8F3ED9CE081BC969

    Located: HK_CU:Run, Logitech Vid
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
    file: C:\Program Files\Logitech\Logitech Vid\Vid.exe
    size: 5458704
    MD5: E1473471169EC64C57B49F9C984DFB1A

    Located: HK_CU:Run, Picasa Media Detector
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
    file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
    size: 443968
    MD5: 03463803AE9386EB095FFFD8DD26B85B

    Located: HK_CU:Run, PlayOn
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: C:\Program Files\MediaMall\PlayOn.exe
    file: C:\Program Files\MediaMall\PlayOn.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, Simplify Media
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: "C:\Program Files\Simplify Media\SimplifyMedia.exe"
    file: C:\Program Files\Simplify Media\SimplifyMedia.exe
    size: 21752328
    MD5: BAD5AC14FBDBA054E1D235D3050A7E8F

    Located: HK_CU:Run, Skype
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    file: C:\Program Files\Skype\Phone\Skype.exe
    size: 25623336
    MD5: BF9EAB227D409CE1E75C23BB10CF5DBC

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

    Located: HK_CU:Run, WMPNSCFG
    where: S-1-5-21-1723326366-2321168841-1007424184-1000...
    command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    size: 202240
    MD5: 35937EAD711207544E219C2A19A78A7D

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: DFCB9ADE94A4F8A7C42EEF41101A30AD

    Located: Startup (common), HP Digital Imaging Monitor.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    size: 214360
    MD5: CF03C8F6F6B0D71F6E5BCE167FCF7CA6

    Located: Startup (user), Dropbox.lnk
    where: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    file: C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    size: 21968784
    MD5: 0BFDAEC7BA4CCA24950CCFF19647DCDA

    Located: Startup (user), Logitech . Product Registration.lnk
    where: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
    file: C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
    size: 517384
    MD5: FBBF2B2A5F257AA4B597F77D65155EDF

    Located: Startup (user), OpenOffice.org 3.1.lnk
    where: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    file: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    size: 384000
    MD5: C047C9C6CD8E134AFDFDB374E80547E5



    --- Browser helper object list ---
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: WormRadar.com IESiteBlocker.NavFilter
    CLSID name: AVG Safe Search
    Path: C:\Program Files\AVG\AVG9\
    Long name: avgssie.dll
    Short name:
    Date (created): 2/1/2010 7:06:00 PM
    Date (last access): 2/1/2010 7:06:00 PM
    Date (last write): 2/1/2010 7:06:00 PM
    Filesize: 1484056
    Attributes: archive
    MD5: F7CC657F40C56C9BA7C189066D259F9E
    CRC32: DBEFFA87
    Version: 9.0.0.713

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 1/22/2009 2:41:30 PM
    Date (last access): 8/19/2009 4:14:34 PM
    Date (last write): 1/22/2009 2:41:30 PM
    Filesize: 408448
    Attributes: archive
    MD5: B7899C3E21B299D7A3C0DA96CAE340BD
    CRC32: 288935F8
    Version: 5.0.818.5

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java™ Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 12/5/2009 6:48:30 PM
    Date (last access): 10/11/2009 4:18:20 AM
    Date (last write): 10/11/2009 4:17:30 AM
    Filesize: 41760
    Attributes: archive
    MD5: C9EDE29F223A27873E187D9FB6045EA6
    CRC32: 5951C3E0
    Version: 6.0.170.4



    --- ActiveX list ---
    {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class)
    DPF name:
    CLSID name: SentinelVE3D Class
    Installer: C:\Windows\Downloaded Program Files\VE3DInstall.inf
    Codebase: http://download.microsoft.com/download/7/0...tualEarth3D.cab

    {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class)
    DPF name:
    CLSID name: WMI Class
    Installer: C:\Windows\Downloaded Program Files\syspro.inf
    Codebase: http://support.dell.com/systemprofiler/SysProExe.CAB

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_17
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 12/5/2009 6:48:30 PM
    Date (last access): 10/11/2073 4:18:18 AM
    Date (last write): 10/11/2009 4:17:30 AM
    Filesize: 100128
    Attributes: archive
    MD5: 048369C957BCE15E4628FDEB65820BE8
    CRC32: C8C19051
    Version: 6.0.170.4

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi160.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 12/5/2009 6:48:30 PM
    Date (last access): 10/11/2073 4:18:18 AM
    Date (last write): 10/11/2009 4:17:30 AM
    Filesize: 100128
    Attributes: archive
    MD5: 048369C957BCE15E4628FDEB65820BE8
    CRC32: C8C19051
    Version: 6.0.170.4

    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_17
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 12/5/2009 6:48:30 PM
    Date (last access): 10/11/2073 4:18:18 AM
    Date (last write): 10/11/2009 4:17:30 AM
    Filesize: 100128
    Attributes: archive
    MD5: 048369C957BCE15E4628FDEB65820BE8
    CRC32: C8C19051
    Version: 6.0.170.4

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_17
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_17.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10/11/2009 2:14:36 AM
    Date (last access): 10/11/2073 4:18:30 AM
    Date (last write): 10/11/2009 4:17:30 AM
    Filesize: 136992
    Attributes: archive
    MD5: 3D58770680F268A23A8CE1F14B49AA2F
    CRC32: 6091A816
    Version: 6.0.170.4

    {CB50428B-657F-47DF-9B32-671F82AA73F7} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\pxplay.inf
    Codebase: http://www.photodex.com/pxplay.cab
    description:
    classification: Open for discussion
    known filename: pxplay.ocx
    info link:
    info source: Safer Networking Ltd.



    --- Process list ---
    PID: 3836 (3300) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    size: 788880
    MD5: 17B7EE982055EE0660A3C512D07E5111
    PID: 3896 (3300) C:\Program Files\Java\jre6\bin\jusched.exe
    size: 149280
    MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
    PID: 3968 (3300) C:\Program Files\Picasa2\PicasaMediaDetector.exe
    size: 443968
    MD5: 03463803AE9386EB095FFFD8DD26B85B
    PID: 3076 (2672) C:\Users\Michael\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    size: 136176
    MD5: 975A3190EB50EAC7AA89488233E18294
    PID: 1540 ( 824) C:\Windows\system32\wbem\unsecapp.exe
    size: 37888
    MD5: 25873356E52849C3F5B3F1B02317E8C8
    PID: 5736 (1348) C:\Windows\system32\wuauclt.exe
    size: 53472
    MD5: 62BB79160F86CD962F312C68C6239BFD
    PID: 6292 ( 876) C:\Windows\explorer.exe
    size: 2927104
    MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
    PID: 3132 (1332) C:\Windows\system32\Dwm.exe
    size: 81920
    MD5: 59903071D7ACE6A02093C47E9E38AF97
    PID: 7476 (6292) C:\Program Files\Windows Media Player\wmpnscfg.exe
    size: 202240
    MD5: 35937EAD711207544E219C2A19A78A7D
    PID: 3824 (1348) C:\Windows\system32\taskeng.exe
    size: 169472
    MD5: 5F109032CE46B7184ED9E50F9FE8489E
    PID: 5896 (6292) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 412 ( 4) smss.exe
    size: 64000
    PID: 504 ( 492) csrss.exe
    size: 6144
    PID: 544 ( 492) wininit.exe
    size: 96768
    PID: 564 ( 552) csrss.exe
    size: 6144
    PID: 572 ( 544) avgchsvx.exe
    PID: 580 ( 544) avgrsx.exe
    PID: 644 ( 544) services.exe
    size: 279040
    PID: 656 ( 544) lsass.exe
    size: 9728
    PID: 664 ( 544) lsm.exe
    size: 229888
    PID: 696 ( 580) avgcsrvx.exe
    PID: 824 ( 644) svchost.exe
    size: 21504
    PID: 876 ( 552) winlogon.exe
    size: 314880
    PID: 1108 ( 644) nvvsvc.exe
    size: 207392
    PID: 1156 ( 644) svchost.exe
    size: 21504
    PID: 1308 ( 644) svchost.exe
    size: 21504
    PID: 1332 ( 644) svchost.exe
    size: 21504
    PID: 1348 ( 644) svchost.exe
    size: 21504
    PID: 1460 (1308) audiodg.exe
    size: 88064
    PID: 1504 ( 644) svchost.exe
    size: 21504
    PID: 1524 ( 644) SLsvc.exe
    size: 2623488
    PID: 1560 ( 644) svchost.exe
    size: 21504
    PID: 1668 ( 644) svchost.exe
    size: 21504
    PID: 1776 (1108) rundll32.exe
    size: 44544
    PID: 1800 ( 644) AAWService.exe
    PID: 1948 ( 644) spoolsv.exe
    size: 125952
    PID: 1976 ( 644) svchost.exe
    size: 21504
    PID: 628 ( 644) AppleMobileDeviceService.exe
    PID: 1204 ( 644) avgwdsvc.exe
    PID: 1380 ( 644) mDNSResponder.exe
    PID: 1568 ( 644) svchost.exe
    size: 21504
    PID: 316 ( 644) svchost.exe
    size: 21504
    PID: 660 ( 644) svchost.exe
    size: 21504
    PID: 464 ( 644) svchost.exe
    size: 21504
    PID: 476 ( 644) RoxWatch9.exe
    PID: 2240 (1204) avgnsx.exe
    PID: 2288 ( 644) svchost.exe
    size: 21504
    PID: 2340 ( 644) svchost.exe
    size: 21504
    PID: 2400 ( 644) SearchIndexer.exe
    size: 439808
    PID: 2420 ( 644) avgemc.exe
    PID: 2520 ( 644) SDWinSec.exe
    size: 1153368
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 2644 (2420) avgcsrvx.exe
    PID: 2952 (1348) taskeng.exe
    size: 169472
    PID: 3276 (1348) taskeng.exe
    size: 169472
    PID: 3352 (3276) OrbTray.exe
    PID: 4000 (3352) Orb.exe
    PID: 4108 ( 824) unsecapp.exe
    PID: 4148 ( 644) svchost.exe
    size: 21504
    PID: 4196 ( 644) wmpnetwk.exe
    PID: 4232 ( 824) WmiPrvSE.exe
    PID: 5888 ( 644) iPodService.exe
    PID: 3324 ( 644) VSSVC.exe
    size: 1054720
    PID: 2904 ( 644) svchost.exe
    size: 21504
    PID: 6236 ( 644) LVPrcSrv.exe
    PID: 6892 (3140) Vid.exe
    PID: 8144 (4000) xmltv.exe
    PID: 6612 (8144) xmltv.exe


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 2/9/2010 11:05:51 AM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.google.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0070525
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://www.google.com/search?q=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896


    --- Winsock Layered Service Provider list ---
    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:



    --- Uninstall list ---


    --- System Services ---
    Service (registry key): .NET CLR Data
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET CLR Networking
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET Data Provider for Oracle
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET Data Provider for SqlServer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NETFramework
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): 61883
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: 61883 Unit Device
    Image path: system32\DRIVERS\61883.sys
    Image size: 45696
    Image MD5: 585E64BB6DFBC0A2F1F0B554DED012DF
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ACPI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft ACPI Driver
    Image path: system32\drivers\acpi.sys
    Image size: 266808
    Image MD5: FCB8C7210F0135E24C6580F7F649C73C
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): adp94xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adp94xx.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpahci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpahci.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpu160m.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu320
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpu320.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adsi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): AeLookupSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
    Description: @%SystemRoot%\system32\aelupsvc.dll,-2
    Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): AFD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Ancilliary Function Driver for Winsock
    Description: Ancilliary Function Driver for Winsock
    Image path: \SystemRoot\system32\drivers\afd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): agp440
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel AGP Bus Filter
    Image path: \SystemRoot\system32\drivers\agp440.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\djsvs.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ALG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\Alg.exe,-112
    Description: @%SystemRoot%\system32\Alg.exe,-113
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 59392
    Image MD5: A1545B731579895D8CC44FC0481C1192
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): aliide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\aliide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): amdagp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD AGP Bus Filter Driver
    Image path: \SystemRoot\system32\drivers\amdagp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): amdide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\amdide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): AmdK7
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD K7 Processor Driver
    Image path: \SystemRoot\system32\drivers\amdk7.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AmdK8
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD K8 Processor Driver
    Image path: system32\DRIVERS\amdk8.sys
    Image size: 44032
    Image MD5: 93AE7F7DD54AB986A6F1A1B37BE7442D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Appinfo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\appinfo.dll,-100
    Description: @%systemroot%\system32\appinfo.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,ProfSvc

    Service (registry key): Apple Mobile Device
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Apple Mobile Device
    Description: Provides the interface to Apple mobile devices.
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
    Image size: 144712
    Image MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): arc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\arc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): arcsas
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\arcsas.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aswTdi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): AsyncMac
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: RAS Asynchronous Media Driver
    Description: RAS Asynchronous Media Driver
    Image path: system32\DRIVERS\asyncmac.sys
    Image size: 17408
    Image MD5: 53B202ABEE6455406254444303E87BE1
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IDE Channel
    Image path: \SystemRoot\system32\drivers\atapi.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): AudioEndpointBuilder
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\audiosrv.dll,-204
    Description: @%SystemRoot%\System32\audiosrv.dll,-205
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay

    Service (registry key): Audiosrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\audiosrv.dll,-200
    Description: @%SystemRoot%\System32\audiosrv.dll,-201
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

    Service (registry key): Avc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVC Device
    Image path: system32\DRIVERS\avc.sys
    Image size: 40448
    Image MD5: F4B56425A00BEB32F5FA6603FF7B0EA2
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AVG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): avg9emc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG E-mail Scanner
    Object name: LocalSystem
    Image path: "C:\Program Files\AVG\AVG9\avgemc.exe"
    Image size: 906520
    Image MD5: C34AB3B34ACC0260EBFEAB2827D99C45
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RPCSS,avg9wd

    Service (registry key): avg9wd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG WatchDog
    Object name: LocalSystem
    Image path: "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
    Image size: 285392
    Image MD5: 7E7B5FA964F578ACD655E8BEEAE2A5CA
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): AvgLdx86
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG Free AVI Loader Driver x86
    Image path: \SystemRoot\System32\Drivers\avgldx86.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): AvgMfx86
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG Free On-access Scanner Minifilter Driver x86
    Image path: \SystemRoot\System32\Drivers\avgmfx86.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): AvgTdiX
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG Free8 Network Redirector
    Image path: \SystemRoot\System32\Drivers\avgtdix.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BattC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): bcm4sbxp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Broadcom 440x 10/100 Integrated Controller XP Driver
    Image path: system32\DRIVERS\bcm4sbxp.sys
    Image size: 45568
    Image MD5: CD4646067CC7DCBA1907FA0ACF7E3966
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Beep
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Beep
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BFE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\bfe.dll,-1001
    Description: @%SystemRoot%\system32\bfe.dll,-1002
    Object name: NT AUTHORITY\LocalService
    Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): BITS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\qmgr.dll,-1000
    Description: @%SystemRoot%\system32\qmgr.dll,-1001
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,EventSystem

    Service (registry key): blbdrive
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\blbdrive.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Bonjour Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Bonjour Service
    Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
    Object name: LocalSystem
    Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
    Image size: 238888
    Image MD5: 3F56903E124E820AEECE6D471583C6C1
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): bowser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Bowser
    Description: Implements the datagram receiver for the computer browser browser service.
    Image path: system32\DRIVERS\bowser.sys
    Image size: 69632
    Image MD5: 74B442B2BE1260B7588C136177CEAC66
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): BrFiltLo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother USB Mass-Storage Lower Filter Driver
    Image path: \SystemRoot\system32\drivers\brfiltlo.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): BrFiltUp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother USB Mass-Storage Upper Filter Driver
    Image path: \SystemRoot\system32\drivers\brfiltup.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Browser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\browser.dll,-100
    Description: @%systemroot%\system32\browser.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): Brserid
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC Serial Port Interface Driver (WDM)
    Image path: \SystemRoot\system32\drivers\brserid.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrSerWdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother WDM Serial driver
    Image path: \SystemRoot\system32\drivers\brserwdm.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrUsbMdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC USB Fax Only Modem
    Image path: \SystemRoot\system32\drivers\brusbmdm.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrUsbSer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC USB Serial WDM Driver
    Image path: \SystemRoot\system32\drivers\brusbser.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): BTHMODEM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Bluetooth Serial Communications Driver
    Image path: \SystemRoot\system32\drivers\bthmodem.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): cdfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: CD/DVD File System Reader
    Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
    Image path: system32\DRIVERS\cdfs.sys
    Image size: 70144
    Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): cdrbsdrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): cdrom
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: CD-ROM Driver
    Image path: system32\DRIVERS\cdrom.sys
    Image size: 67072
    Image MD5: 1EC25CEA0DE6AC4718BF89F9E1778B57
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): CertPropSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\certprop.dll,-11
    Description: @%SystemRoot%\System32\certprop.dll,-12
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): circlass
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Consumer IR Devices
    Image path: \SystemRoot\system32\drivers\circlass.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CLFS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Common Log (CLFS)
    Description: Common Log (CLFS)
    Image path: System32\CLFS.sys
    Image size: 247352
    Image MD5: 465745561C832B29F7C48B488AAB3842
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): clr_optimization_v2.0.50727_32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
    Description: Microsoft .NET Framework NGEN
    Object name: LocalSystem
    Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Image size: 69632
    Image MD5: D87ACAED61E417BBA546CED5E7E36D9C
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0

    Service (registry key): cmdide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\cmdide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): Compbatt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Composite Battery Driver
    Image path: \SystemRoot\system32\drivers\compbatt.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): COMSysApp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @comres.dll,-947
    Description: @comres.dll,-948
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 7168
    Image MD5: BE01E566D1F569AAB32D0335613E1EEA
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RpcSs,EventSystem,SENS

    Service (registry key): crcdisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Crcdisk Filter Driver
    Image path: system32\drivers\crcdisk.sys
    Image size: 22632
    Image MD5: 2A213AE086BBEC5E937553C7D9A2B22C
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Crusoe
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Transmeta Crusoe Processor Driver
    Image path: \SystemRoot\system32\drivers\crusoe.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): crypt32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): CryptSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
    Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
    Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): DCLocator
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): DcomLaunch
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @oleres.dll,-5012
    Description: @oleres.dll,-5013
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): DfsC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
    Description: @%systemroot%\system32\drivers\dfsc.sys,-102
    Image path: System32\Drivers\dfsc.sys
    Image size: 75264
    Image MD5: 9E635AE5E8AD93E2B5989E2E23679F97
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1
    Depends On services: Mup

    Service (registry key): DFSR
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @dfsrres.dll,-101
    Description: @dfsrres.dll,-102
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\DFSR.exe
    Image size: 2091520
    Image MD5: FA3463F25F9CC9C3BCF1E7912FEFF099
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RpcSs,EventSystem

    Service (registry key): Dhcp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
    Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
    Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: NSI,Tdx,Afd

    Service (registry key): disk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Disk Driver
    Image path: system32\drivers\disk.sys
    Image size: 55352
    Image MD5: 64109E623ABD6955C8FB110B592E68B7
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): DLABMFSM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DLA\DLABMFSM.SYS
    Image size: 35096
    Image MD5: A53723176D0002FEB486EFF8E17812F2
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): DLABOIOM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DLA\DLABOIOM.SYS
    Image size: 32472
    Image MD5: D4587063ACEA776699251E177D719586
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): DLACDBHM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\DLACDBHM.SYS
    Image size: 12856
    Image MD5: 5230CDB7E715F3A3B4A882E254CDD35D
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 0

    Service (registry key): DLADResM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DLA\DLADResM.SYS
    Image size: 9400
    Image MD5: C950C2E7B9ED1A4FC4A2AC7EC044F1D6
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): DLAIFS_M
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DLA\DLAIFS_M.SYS
    Image size: 104536
    Image MD5: 24400137E387A24410C52A591F3CFB4D
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): DLAOPIOM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DLA\DLAOPIOM.SYS
    Image size: 26296
    Image MD5: 29A303FECEB28641ECEBDAE89EB71C63
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): DLAPoolM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DLA\DLAPoolM.SYS
    Image size: 14520
    Image MD5: C93E33A22A1AE0C5508F3FB1F6D0A50C
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): DLARTL_M
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\DLARTL_M.SYS
    Image size: 28120
    Image MD5: 77FE51F0F8D86804CB81F6EF6BFB86DD
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 0

    Service (registry key): DLAUDFAM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DLA\DLAUDFAM.SYS
    Image size: 94648
    Image MD5: B953498C35A31E5AC98F49ADBCF3E627
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): DLAUDF_M
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DLA\DLAUDF_M.SYS
    Image size: 97848
    Image MD5: 4897704C093C1F59CE58FC65E1E1EF1E
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): Dnscache
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\dnsapi.dll,-101
    Description: @%SystemRoot%\System32\dnsapi.dll,-102
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tdx

    Service (registry key): DockingGroup
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: LeapFrog WDM USB Device Driver
    Image path: System32\Drivers\MS20022K.sys
    Image size: 14781
    Image MD5: A84BC91FAFF024F7694701077071A6CE
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): dot3svc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\dot3svc.dll,-1102
    Description: @%systemroot%\system32\dot3svc.dll,-1103
    Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,Ndisuio,Eaphost

    Service (registry key): Dot4
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: MS IEEE-1284.4 Driver
    Image path: system32\DRIVERS\Dot4.sys
    Image size: 131584
    Image MD5: 4F59C172C094E1A1D46463A8DC061CBD
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Dot4Print
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Print Class Driver for IEEE-1284.4
    Image path: system32\DRIVERS\Dot4Prt.sys
    Image size: 16384
    Image MD5: 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): dot4usb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: MS Dot4USB Filter Dot4USB Filter
    Image path: system32\DRIVERS\dot4usb.sys
    Image size: 36864
    Image MD5: C55004CA6B419B6695970DFE849B122F
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): DPS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\dps.dll,-500
    Description: @%systemroot%\system32\dps.dll,-501
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): drmkaud
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Kernel DRM Audio Descrambler
    Image path: system32\drivers\drmkaud.sys
    Image size: 5632
    Image MD5: 97FEF831AB90BEE128C9AF390E243F80
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): DRVMCDB
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\DRVMCDB.SYS
    Image size: 99176
    Image MD5: C00440385CF9F3D142917C63F989E244
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 0

    Service (registry key): DRVNDDM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\DRVNDDM.SYS
    Image size: 51768
    Image MD5: FFC371525AA55D1BAE18715EBCB8797C
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 0

    Service (registry key): DXGKrnl
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: LDDM Graphics Subsystem
    Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
    Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): e1express
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel® PRO/1000 PCI Express Network Connection Driver
    Image path: system32\DRIVERS\e1e6032.sys
    Image size: 200704
    Image MD5: 7505290504C8E2D172FA378CC0497BCC
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): E1G60
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel® PRO/1000 NDIS 6 Adapter Driver
    Image path: system32\DRIVERS\E1G60I32.sys
    Image size: 117760
    Image MD5: F88FB26547FD2CE6D0A5AF2985892C48
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): EapHost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\eapsvc.dll,-1
    Description: @%systemroot%\system32\eapsvc.dll,-2
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,KeyIso

    Service (registry key): Ecache
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ReadyBoost Caching Driver
    Description: ReadyBoost Caching Driver
    Image path: System32\drivers\ecache.sys
    Image size: 143416
    Image MD5: DD2CD259D83D8B72C02C5F2331FF9D68
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): ehRecvr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
    Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
    Object name: NT AUTHORITY\networkService
    Image path: %systemroot%\ehome\ehRecvr.exe
    Image size: 292352
    Image MD5: 9BE3744D295A7701EB425332014F0797
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0
    Depends On services: RPCSS

    Service (registry key): ehSched
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\ehome\ehsched.exe,-101
    Description: @%SystemRoot%\ehome\ehsched.exe,-102
    Object name: NT AUTHORITY\networkService
    Image path: %systemroot%\ehome\ehsched.exe
    Image size: 131072
    Image MD5: AD1870C8E5D6DD340C829E6074BF3C3F
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0
    Depends On services: RPCSS

    Service (registry key): ehstart
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\ehome\ehstart.dll,-101
    Description: @%SystemRoot%\ehome\ehstart.dll,-102
    Object name: NT AUTHORITY\LocalService
    Image path: %windir%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RPCSS

    Service (registry key): elxstor
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\elxstor.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): EmdCache
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): EMDMgmt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\emdmgmt.dll,-1000
    Description: @%SystemRoot%\system32\emdmgmt.dll,-1001
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 0
    Depends On services: rpcss,ecache,slsvc,fileinfo

    Service (registry key): ESENT
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Eventlog
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
    Description: @%SystemRoot%\system32\wevtsvc.dll,-201
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): EventSystem
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @comres.dll,-2450
    Description: @comres.dll,-2451
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): exfat
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: exFAT File System Driver
    Description: exFAT File System Driver
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): fastfat
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: FAT12/16/32 File System Driver
    Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): fdc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Floppy Disk Controller Driver
    Image path: system32\DRIVERS\fdc.sys
    Image size: 25088
    Image MD5: 63BDADA84951B9C03E641800E176898A
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): fdPHost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\fdPHost.dll,-100
    Description: @%systemroot%\system32\fdPHost.dll,-101
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,http

    Service (registry key): FDResPub
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\fdrespub.dll,-100
    Description: @%systemroot%\system32\fdrespub.dll,-101
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,http

    Service (registry key): FileInfo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: File Information FS MiniFilter
    Description: Collects information about files in memory to be consumed by other system services.
    Image path: system32\drivers\fileinfo.sys
    Image size: 58936
    Image MD5: A8C0139A884861E3AAE9CFE73B208A9F
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 1
    Depends On services: fltmgr

    Service (registry key): Filetrace
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: FileTrace
    Description: ETW File Trace Filter
    Image path: system32\drivers\filetrace.sys
    Image size: 27648
    Image MD5: 0AE429A696AECBC5970E3CF2C62635AE
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1
    Depends On services: FltMgr

    Service (registry key): FLEXnet Licensing Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: FLEXnet Licensing Service
    Description: This service performs licensing functions on behalf of FLEXnet enabled products.
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
    Image size: 654848
    Image MD5: 227846995AFEEFA70D328BF5334A86A5
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): flpydisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Floppy Disk Driver
    Image path: system32\DRIVERS\flpydisk.sys
    Image size: 20480
    Image MD5: 6603957EFF5EC62D25075EA8AC27DE68
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): FltMgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: FltMgr
    Description: File System Filter Manager Driver
    Image path: system32\drivers\fltmgr.sys
    Image size: 192056
    Image MD5: 05EA53AFE985443011E36DAB07343B46
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 3

    Service (registry key): FontCache3.0.0.0
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
    Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
    Object name: NT Authority\LocalService
    Image path: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    Image size: 46104
    Image MD5: C9BE08664611DDAF98E2331E9288B00B
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): fssfltr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: FssFltr
    Image path: system32\DRIVERS\fssfltr.sys
    Image size: 54632
    Image MD5: B74B0578FD1D3F897E95F2A2B69EA051
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: tcpip

    Service (registry key): fsssvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Windows Live Family Safety Service
    Description: This service enables Family Safety on the computer. If this service is not running, Family Safety will not work.
    Object name: LocalSystem
    Image path: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
    Image size: 704864
    Image MD5: 206AD9A89BF05DFA1621F1FC7B82592D
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): Fs_Rec
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 8
    Error Control: 0

    Service (registry key): gagp30kx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
    Image path: \SystemRoot\system32\drivers\gagp30kx.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): GEARAspiWDM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: GEAR ASPI Filter Driver
    Image path: System32\Drivers\GEARAspiWDM.sys
    Image size: 26600
    Image MD5: 8182FF89C65E4D38B2DE4BB0FB18564E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): gpsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @gpapi.dll,-112
    Description: @gpapi.dll,-113
    Object name: LocalSystem
    Image path: %windir%\system32\svchost.exe -k GPSvcGroup
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RPCSS,Mup

    Service (registry key): gusvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Google Updater Service
    Object name: LocalSystem
    Image path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    Image size: 136120
    Image MD5: C1B577B2169900F4CF7190C39F085794
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0
    Depends On services: RPCSS

    Service (registry key): hcw89
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): HdAudAddService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft 1.1 UAA Function Driver for High Definition Audio Service
    Image path: system32\drivers\HdAudio.sys
    Image size: 235520
    Image MD5: CB04C744BE0A61B1D648FAED182C3B59
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): HDAudBus
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft UAA Bus Driver for High Definition Audio
    Image path: system32\DRIVERS\HDAudBus.sys
    Image size: 53760
    Image MD5: C87B1EE051C0464491C1A7B03FA0BC99
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): HidBth
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Bluetooth HID Miniport
    Image path: \SystemRoot\system32\drivers\hidbth.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): HidIr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Infrared HID Driver
    Image path: \SystemRoot\system32\drivers\hidir.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): hidserv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\hidserv.dll,-101
    Description: @%SystemRoot%\System32\hidserv.dll,-102
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): HidUsb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft HID Class Driver
    Image path: system32\DRIVERS\hidusb.sys
    Image size: 12288
    Image MD5: 854CA287AB7FAF949617A788306D967E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): hkmsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\kmsvc.dll,-6
    Description: @%SystemRoot%\system32\kmsvc.dll,-7
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): HpCISSs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\hpcisss.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): hpqcxs08
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: hpqcxs08
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): hpqddsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: HP CUE DeviceDiscovery Service
    Description: This service detects and monitors CUE devices on the system.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): HPSLPSVC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: HP Network Devices Support
    Description: Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k HPService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): HTTP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: HTTP
    Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
    Image path: system32\drivers\HTTP.sys
    Image size: 411136
    Image MD5: E046FBC483B041A41B1E922C97CFCC0D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): i2omp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\i2omp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): i8042prt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: i8042 Keyboard and PS/2 Mouse Port Driver
    Image path: system32\DRIVERS\i8042prt.sys
    Image size: 54784
    Image MD5: 22D56C8184586B7A1F6FA60BE5F5A2BD
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): iaStorV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel RAID Controller Vista
    Image path: \SystemRoot\system32\drivers\iastorv.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): IDriverT
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: InstallDriver Table Manager
    Description: Provides support for the Running Object Table for InstallShield Drivers
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    Image size: 69632
    Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0

    Service (registry key): idsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
    Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
    Object name: LocalSystem
    Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
    Image size: 881664
    Image MD5: 7B630ACAED64FEF0C3E1CF255CB56686
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): iirsp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\iirsp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): IKEEXT
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\ikeext.dll,-501
    Description: @%SystemRoot%\system32\ikeext.dll,-502
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: BFE

    Service (registry key): inetaccs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): intelide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\intelide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): intelppm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel Processor Driver
    Image path: system32\DRIVERS\intelppm.sys
    Image size: 39424
    Image MD5: CE44CC04262F28216DD4341E9E36A16F
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): IPBusEnum
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\IPBusEnum.dll,-102
    Description: @%systemroot%\system32\IPBusEnum.dll,-103
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,fdPHost

    Service (registry key): IpFilterDriver
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\rascfg.dll,-32013
    Description: @%systemroot%\system32\rascfg.dll,-32013
    Image path: system32\DRIVERS\ipfltdrv.sys
    Image size: 47616
    Image MD5: 62C265C38769B864CB25B4BCF62DF6C3
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): iphlpsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\iphlpsvc.dll,-200
    Description: @%SystemRoot%\system32\iphlpsvc.dll,-201
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

    Service (registry key): IpInIp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IP in IP Tunnel Driver
    Description: IP in IP Tunnel Driver
    Image path: system32\DRIVERS\ipinip.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): IPMIDRV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\ipmidrv.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): IPNAT
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IP Network Address Translator
    Description: IP Network Address Translator
    Image path: system32\DRIVERS\ipnat.sys
    Image size: 100864
    Image MD5: 8793643A67B42CEC66490B2A0CF92D68
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): iPod Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: iPod Service
    Description: iPod hardware management services
    Object name: LocalSystem
    Image path: "C:\Program Files\iPod\bin\iPodService.exe"
    Image size: 545568
    Image MD5: 6E0FAEA90E71C5F1B9F3BC71B4CCA2FA
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): IRENUM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IR Bus Enumerator
    Description: IR Bus Enumerator
    Image path: system32\drivers\irenum.sys
    Image size: 13312
    Image MD5: 109C0DFB82C3632FBD11949B73AEEAC9
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): isapnp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: PnP ISA/EISA Bus Driver
    Image path: \SystemRoot\system32\drivers\isapnp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): iScsiPrt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: iScsiPort Driver
    Image path: system32\DRIVERS\msiscsi.sys
    Image size: 181304
    Image MD5: F247EEC28317F6C739C16DE420097301
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): iteatapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ITEATAPI_Service_Install
    Image path: \SystemRoot\system32\drivers\iteatapi.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): iteraid
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ITERAID_Service_Install
    Image path: \SystemRoot\system32\drivers\iteraid.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): kbdclass
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Keyboard Class Driver
    Image path: system32\DRIVERS\kbdclass.sys
    Image size: 35384
    Image MD5: 37605E0A8CF00CBBA538E753E4344C6E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): kbdhid
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Keyboard HID Driver
    Image path: system32\DRIVERS\kbdhid.sys
    Image size: 15872
    Image MD5: 18247836959BA67E3511B62846B9C2E0
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): KeyIso
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @keyiso.dll,-100
    Description: @keyiso.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 9728
    Image MD5: A911ECAC81F94ADEAFBE8E3F7873EDB0
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): KSecDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\ksecdd.sys
    Image size: 439896
    Image MD5: 7A0CF7908B6824D6A2A1D313E5AE3DCA
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): KtmRm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @comres.dll,-2946
    Description: @comres.dll,-2947
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,SamSS

    Service (registry key): LanmanServer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\srvsvc.dll,-100
    Description: @%systemroot%\system32\srvsvc.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: SamSS,Srv

    Service (registry key): LanmanWorkstation
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\wkssvc.dll,-100
    Description: @%systemroot%\system32\wkssvc.dll,-101
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

    Service (registry key): Lavasoft Ad-Aware Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Lavasoft Ad-Aware Service
    Description: Ad-Aware Service
    Object name: LocalSystem
    Image path: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
    Image size: 1181328
    Image MD5: 1A383F027D4F282E954C5AE30E5BCE50
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1
    Depends On services: RpcSS

    Service (registry key): Lbd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Lbd
    Description: Ad-Aware mini-filter driver
    Image path: system32\DRIVERS\Lbd.sys
    Image size: 64288
    Image MD5: 713CD5267ABFB86FE90A72E384E82A38
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 1
    Depends On services: FltMgr

    Service (registry key): ldap
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): lltdio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Link-Layer Topology Discovery Mapper I/O Driver
    Image path: system32\DRIVERS\lltdio.sys
    Image size: 47104
    Image MD5: D1C5883087A0C3F1344D9D55A44901F6
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): lltdsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\lltdres.dll,-1
    Description: @%SystemRoot%\system32\lltdres.dll,-2
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: rpcss,lltdio

    Service (registry key): lmhosts
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
    Description: @%SystemRoot%\system32\lmhsvc.dll,-102
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: NetBT,Afd

    Service (registry key): Lsa
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): LSI_FC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\lsi_fc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): LSI_SAS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\lsi_sas.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): LSI_SCSI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\lsi_scsi.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): luafv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: UAC File Virtualization
    Description: Virtualizes file write failures to per-user locations.
    Image path: \SystemRoot\system32\drivers\luafv.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 1
    Depends On services: FltMgr

    Service (registry key): lvpopflt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Logitech POP Suppression Filter
    Image path: system32\DRIVERS\lvpopflt.sys
    Image size: 114712
    Image MD5: 01F0E010ACB61472163E9D02D3FF531A
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): LVPr2Mon
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: LVPr2Mon Driver
    Image path: system32\Drivers\LVPr2Mon.sys
    Image size: 25752
    Image MD5: 1A7DB7A00A4B0D8DA24CD691A4547291
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): LVPrcSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Process Monitor
    Description: Injector service
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
    Image size: 154136
    Image MD5: 0DDFDCAA92C7F553328DB06BA599BEA9
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): LVRS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Logitech RightSound Filter Driver
    Image path: system32\DRIVERS\lvrs.sys
    Image size: 265496
    Image MD5: 87ECCE893D8AEC5A9337B917742D339C
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): LVUVC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Logitech Webcam 250(UVC)
    Image path: system32\DRIVERS\lvuvc.sys
    Image size: 6756632
    Image MD5: A240E42A7402E927A71B6E8AA4629B13
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Mcx2Svc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\ehome\ehres.dll,-15501
    Description: @%SystemRoot%\ehome\ehres.dll,-15502
    Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

    Service (registry key): megasas
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\megasas.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): mfeavfk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: McAfee Inc. mfeavfk
    Image path: system32\drivers\mfeavfk.sys
    Image size: 79304
    Image MD5: 2A5C22D126E1E806D6779F05C2AA8C2F
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): mfebopk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: McAfee Inc. mfebopk
    Image path: system32\drivers\mfebopk.sys
    Image size: 35272
    Image MD5: 8E79451E5144669C1ED9C437E1162373
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): mfehidk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: McAfee Inc. mfehidk
    Image path: system32\drivers\mfehidk.sys
    Image size: 213640
    Image MD5: 1377B0BB5E6FBE8475BE0ED6EDFBFBCE
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): mferkdk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: McAfee Inc. mferkdk
    Image path: system32\drivers\mferkdk.sys
    Image size: 34216
    Image MD5: E30E485DF0BF5DF334EE93B0455D726F
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): mfesmfk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: McAfee Inc. mfesmfk
    Image path: system32\drivers\mfesmfk.sys
    Image size: 40552
    Image MD5: EA76FCF9AA1B1C44F12A0C26F17D4C37
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MMCSS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\mmcss.dll,-100
    Description: @%systemroot%\system32\mmcss.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): Modem
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\modem.sys
    Image size: 31744
    Image MD5: E13B5EA0F51BA5B1512EC671393D09BA
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): monitor
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Monitor Class Function Driver Service
    Image path: system32\DRIVERS\monitor.sys
    Image size: 41984
    Image MD5: 0A9BB33B56E294F686ABB7C1E4E2D8A8
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): motmodem
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Motorola USB CDC ACM Driver
    Image path: system32\DRIVERS\motmodem.sys
    Image size: 23680
    Image MD5: FE80C18BA448DDD76B7BEAD9EB203D37
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): mouclass
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Mouse Class Driver
    Image path: system32\DRIVERS\mouclass.sys
    Image size: 34360
    Image MD5: 5BF6A1326A335C5298477754A506D263
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): mouhid
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Mouse HID Driver
    Image path: system32\DRIVERS\mouhid.sys
    Image size: 15872
    Image MD5: 93B8D4869E12CFBE663915502900876F
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): MountMgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Mount Point Manager
    Description: Driver responsible with maintaining persistent drive letters and names for volumes
    Image path: System32\drivers\mountmgr.sys
    Image size: 57400
    Image MD5: BDAFC88AA6B92F7842416EA6A48E1600
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): mpio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Multi-Path Bus Driver
    Image path: \SystemRoot\system32\drivers\mpio.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): mpsdrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
    Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
    Image path: System32\drivers\mpsdrv.sys
    Image size: 64000
    Image MD5: 22241FEBA9B2DEFA669C8CB0A8DD7D2E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MpsSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
    Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
    Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: mpsdrv,bfe

    Service (registry key): Mraid35x
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\mraid35x.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): MRxDAV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WebDav Client Redirector Driver
    Description: WebDav Client Redirector Driver
    Image path: \SystemRoot\system32\drivers\mrxdav.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1
    Depends On services: rdbss

    Service (registry key): mrxsmb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SMB MiniRedirector Wrapper and Engine
    Description: Implements the framework for the SMB filesystem redirector
    Image path: system32\DRIVERS\mrxsmb.sys
    Image size: 105472
    Image MD5: C4AD205530888404E2B5FC8D9319B119
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1
    Depends On services: rdbss

    Service (registry key): mrxsmb10
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SMB 1.x MiniRedirector
    Description: Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers
    Image path: system32\DRIVERS\mrxsmb10.sys
    Image size: 212480
    Image MD5: 0A986B34F1678A2697574D7B1664E2DD
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1
    Depends On services: mrxsmb

    Service (registry key): mrxsmb20
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SMB 2.0 MiniRedirector
    Description: Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers
    Image path: system32\DRIVERS\mrxsmb20.sys
    Image size: 78848
    Image MD5: 3268B8C3FA92BFC086355C39B45E9CC9
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1
    Depends On services: mrxsmb

    Service (registry key): msahci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\msahci.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): msdsm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Multi-Path Device Specific Module
    Image path: \SystemRoot\system32\drivers\msdsm.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): MSDTC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @comres.dll,-2797
    Description: @comres.dll,-2798
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\msdtc.exe
    Image size: 105984
    Image MD5: FD7520CC3A80C5FC8C48852BB24C6DED
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS,SamSS

    Service (registry key): MSDTC Bridge 3.0.0.0
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): MSDV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft DV Camera and VCR
    Image path: system32\DRIVERS\msdv.sys
    Image size: 52608
    Image MD5: 343291A4DFD7C923C3F71F550830EC1C
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Msfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): msisadrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ISA/EISA Class Driver
    Image path: system32\drivers\msisadrv.sys
    Image size: 16440
    Image MD5: 0F400E306F385C56317357D6DEA56F62
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): MSiSCSI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
    Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): msiserver
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\msimsg.dll,-27
    Description: @%SystemRoot%\system32\msimsg.dll,-32
    Object name: LocalSystem
    Image path: %systemroot%\system32\msiexec /V
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): MSKSSRV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Streaming Service Proxy
    Image path: system32\drivers\MSKSSRV.sys
    Image size: 8192
    Image MD5: D8C63D34D9C9E56C059E24EC7185CC07
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSPCLOCK
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Streaming Clock Proxy
    Image path: system32\drivers\MSPCLOCK.sys
    Image size: 5888
    Image MD5: 1D373C90D62DDB641D50E55B9E78D65E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSPQM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Streaming Quality Manager Proxy
    Image path: system32\drivers\MSPQM.sys
    Image size: 5504
    Image MD5: B572DA05BF4E098D4BBA3A4734FB505B
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MsRPC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSSCNTRS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): mssmbios
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft System Management BIOS Driver
    Image path: system32\DRIVERS\mssmbios.sys
    Image size: 31288
    Image MD5: E384487CB84BE41D09711C30CA79646C
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSTEE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
    Image path: system32\drivers\MSTEE.sys
    Image size: 6016
    Image MD5: 7199C1EEC1E4993CAF96B8C0A26BD58A
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Mup
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Mup
    Description: Multiple UNC Provider
    Image path: System32\Drivers\mup.sys
    Image size: 49720
    Image MD5: 6DFD1D322DE55B0B7DB7D21B90BEC49C
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): napagent
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\qagentrt.dll,-6
    Description: @%SystemRoot%\system32\qagentrt.dll,-7
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): NativeWifiP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NativeWiFi Filter
    Image path: system32\DRIVERS\nwifi.sys
    Image size: 148480
    Image MD5: 3C21CE48FF529BB73DADB98770B54025
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NDIS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NDIS System Driver
    Description: NDIS System Driver
    Image path: system32\drivers\ndis.sys
    Image size: 529464
    Image MD5: 9BDC71790FA08F0A0B5F10462B1BD0B1
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): NdisTapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\rascfg.dll,-32001
    Description: @%systemroot%\system32\rascfg.dll,-32001
    Image path: system32\DRIVERS\ndistapi.sys
    Image size: 20992
    Image MD5: 0E186E90404980569FB449BA7519AE61
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Ndisuio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NDIS Usermode I/O Protocol
    Image path: system32\DRIVERS\ndisuio.sys
    Image size: 16896
    Image MD5: D6973AA34C4D5D76C0430B181C3CD389
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NdisWan
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\rascfg.dll,-32002
    Description: @%systemroot%\system32\rascfg.dll,-32002
    Image path: system32\DRIVERS\ndiswan.sys
    Image size: 121344
    Image MD5: 3D14C3B3496F88890D431E8AA022A411
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NDProxy
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Net Driver HPZ12
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k HPZ12
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): NetBIOS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NetBIOS Interface
    Description: NetBIOS Interface
    Image path: system32\DRIVERS\netbios.sys
    Image size: 35840
    Image MD5: BCD093A5A6777CF626434568DC7DBA78
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): netbt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NETBT
    Description: This service implements NetBios over TCP/IP.
    Image path: System32\DRIVERS\netbt.sys
    Image size: 184320
    Image MD5: 7C5FEE5B1C5728507CD96FB4A13E7A02
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: Tdx,tcpip

    Service (registry key): Netlogon
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\netlogon.dll,-102
    Description: @%SystemRoot%\System32\netlogon.dll,-103
    Object name: LocalSystem
    Image path: %systemroot%\system32\lsass.exe
    Image size: 9728
    Image MD5: A911ECAC81F94ADEAFBE8E3F7873EDB0
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): Netman
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\netman.dll,-109
    Description: @%SystemRoot%\system32\netman.dll,-110
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,nsi

    Service (registry key): netprofm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\netprof.dll,-246
    Description: @%SystemRoot%\system32\netprof.dll,-247
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,nlasvc

    Service (registry key): NetTcpPortSharing
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
    Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
    Object name: NT AUTHORITY\LocalService
    Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
    Image size: 132096
    Image MD5: 0AD5876EF4E9EB77C8F93EB5B2FFF386
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): nfrd960
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\nfrd960.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): NlaSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\nlasvc.dll,-1
    Description: @%SystemRoot%\System32\nlasvc.dll,-2
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: NSI,RpcSs,TcpIp

    Service (registry key): NMIndexingService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NMIndexingService
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): Npfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): nsi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\nsisvc.dll,-200
    Description: @%SystemRoot%\system32\nsisvc.dll,-201
    Object name: NT Authority\LocalService
    Image path: %systemroot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: nsiproxy

    Service (registry key): nsiproxy
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NSI proxy service
    Description: NSI proxy service
    Image path: system32\drivers\nsiproxy.sys
    Image size: 16384
    Image MD5: 609773E344A97410CE4EBF74A8914FCF
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): NTDS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Ntfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): ntrigdigi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: N-trig HID Tablet Driver
    Image path: \SystemRoot\system32\drivers\ntrigdigi.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Null
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): nvlddmkm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\nvlddmkm.sys
    Image size: 7766464
    Image MD5: 204A01F718EA2349204AC353F525E7CC
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): nvraid
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\nvraid.sys
    Image size: 88680
    Image MD5: E69E946F80C1C31C53003BFBF50CBB7C
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): nvrd32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NVIDIA nForce RAID Driver
    Image path: \SystemRoot\system32\drivers\nvrd32.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): nvstor
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\nvstor.sys
    Image size: 35920
    Image MD5: 4A5FCAB82D9BF6AF8A023A66802FE9E9
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): nvstor32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\nvstor32.sys
    Image size: 110624
    Image MD5: DC5F166422BEEBF195E3E4BB8AB4EE22
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): nvsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NVIDIA Display Driver Service
    Description: Provides system and desktop level support to the NVIDIA display driver
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\nvvsvc.exe
    Image size: 207392
    Image MD5: D4F13A2A83C7FFDE44C939208408D3C4
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: nvlddmkm

    Service (registry key): nv_agp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: NVIDIA nForce AGP Bus Filter
    Image path: \SystemRoot\system32\drivers\nv_agp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NwlnkFlt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IPX Traffic Filter Driver
    Description: IPX Traffic Filter Driver
    Image path: system32\DRIVERS\nwlnkflt.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: NwlnkFwd

    Service (registry key): NwlnkFwd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: IPX Traffic Forwarder Driver
    Description: IPX Traffic Forwarder Driver
    Image path: system32\DRIVERS\nwlnkfwd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): odserv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Office Diagnostics Service
    Description: Run portions of Microsoft Office Diagnostics.
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
    Image size: 441712
    Image MD5: 1F0E05DFF4F5A833168E49BE1256F002
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): ohci1394
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AGERE OHCI Compliant IEEE 1394 Host Controller
    Image path: system32\DRIVERS\ohci1394.sys
    Image size: 61952
    Image MD5: 790E27C3DB53410B40FF9EF2FD10A1D9
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ose
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Office Source Engine
    Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    Image size: 145184
    Image MD5: 5A432A042DAE460ABE7199B758E8606C
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): p2pimsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\p2psvc.dll,-8004
    Description: @%SystemRoot%\system32\p2psvc.dll,-8005
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): p2psvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
    Description: @%SystemRoot%\system32\p2psvc.dll,-8007
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: p2pimsvc,PNRPSvc

    Service (registry key): Parport
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Parallel port driver
    Image path: \SystemRoot\system32\drivers\parport.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): partmgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Partition Manager
    Description: Disk class filter driver that auctions out partitions to volume managers
    Image path: System32\drivers\partmgr.sys
    Image size: 56376
    Image MD5: 3B38467E7C3DAED009DFE359E17F139F
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): Parvdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\parvdm.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 0
    Depends On services: Parport
    Depends On group: "Parallel arbitrator"

    Service (registry key): PcaSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\pcasvc.dll,-1
    Description: @%SystemRoot%\system32\pcasvc.dll,-2
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): pci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: PCI Bus Driver
    Image path: system32\drivers\pci.sys
    Image size: 151096
    Image MD5: 01B94418DEB235DFF777CC80076354B4
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): pciide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\pciide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): pcmcia
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\pcmcia.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): pcouffin
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: VSO Software pcouffin
    Image path: System32\Drivers\pcouffin.sys
    Image size: 47360
    Image MD5: 5B6C11DE7E839C05248CED8825470FEF
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): PEAUTH
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: PEAUTH
    Image path: system32\drivers\peauth.sys
    Image size: 878080
    Image MD5: 6349F6ED9C623B44B52EA3C63C831A92
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): PerfDisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfNet
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfOS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfProc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): pla
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\pla.dll,-500
    Description: @%systemroot%\system32\pla.dll,-501
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): PlugPlay
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
    Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): Pml Driver HPZ12
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k HPZ12
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): PNRPAutoReg
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\p2psvc.dll,-8002
    Description: @%SystemRoot%\system32\p2psvc.dll,-8003
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: pnrpsvc

    Service (registry key): PNRPsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\p2psvc.dll,-8000
    Description: @%SystemRoot%\system32\p2psvc.dll,-8001
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: p2pimsvc

    Service (registry key): PolicyAgent
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\polstore.dll,-5010
    Description: @%SystemRoot%\system32\polstore.dll,-5011
    Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip,bfe

    Service (registry key): PortProxy
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PptpMiniport
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WAN Miniport (PPTP)
    Description: WAN Miniport (PPTP)
    Image path: system32\DRIVERS\raspptp.sys
    Image size: 62976
    Image MD5: ECFFFAEC0C1ECD8DBC77F39070EA1DB1
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Processor
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Processor Driver
    Image path: \SystemRoot\system32\drivers\processr.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ProfSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\profsvc.dll,-300
    Description: @%systemroot%\system32\profsvc.dll,-301
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): ProtectedStorage
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\psbase.dll,-300
    Description: @%systemroot%\system32\psbase.dll,-301
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 9728
    Image MD5: A911ECAC81F94ADEAFBE8E3F7873EDB0
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): PSched
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
    Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
    Image path: system32\DRIVERS\pacer.sys
    Image size: 72192
    Image MD5: BFEF604508A0ED1EAE2A73E872555FFB
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): PxHelp20
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: PxHelp20
    Image path: System32\Drivers\PxHelp20.sys
    Image size: 43872
    Image MD5: 49452BFCEC22F36A7A9B9C2181BC3042
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ql2300
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: QLogic Fibre Channel Miniport Driver
    Image path: \SystemRoot\system32\drivers\ql2300.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ql40xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: QLogic iSCSI Miniport Driver
    Image path: \SystemRoot\system32\drivers\ql40xx.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): QWAVE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\qwave.dll,-1
    Description: @%SystemRoot%\system32\qwave.dll,-2
    Object name: NT AUTHORITY\LocalService
    Image path: %windir%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

    Service (registry key): QWAVEdrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
    Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
    Image path: \SystemRoot\system32\drivers\qwavedrv.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): R300
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\atikmdag.sys
    Image size: 2028032
    Image MD5: E642B131FB74CAF4BB8A014F31113142
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): RasAcd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access Auto Connection Driver
    Description: Remote Access Auto Connection Driver
    Image path: System32\DRIVERS\rasacd.sys
    Image size: 11776
    Image MD5: 147D7F9C556D259924351FEB0DE606C3
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): RasAuto
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%Systemroot%\system32\rasauto.dll,-200
    Description: @%Systemroot%\system32\rasauto.dll,-201
    Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RasMan,Tapisrv

    Service (registry key): Rasl2tp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WAN Miniport (L2TP)
    Description: WAN Miniport (L2TP)
    Image path: system32\DRIVERS\rasl2tp.sys
    Image size: 76288
    Image MD5: A214ADBAF4CB47DD2728859EF31F26B0
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): RasMan
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%Systemroot%\system32\rasmans.dll,-200
    Description: @%Systemroot%\system32\rasmans.dll,-201
    Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Tapisrv,SstpSvc

    Service (registry key): RasPppoe
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\rascfg.dll,-32007
    Description: @%systemroot%\system32\rascfg.dll,-32007
    Image path: system32\DRIVERS\raspppoe.sys
    Image size: 41472
    Image MD5: 3E9D9B048107B40D87B97DF2E48E0744
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): RasSstp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\sstpsvc.dll,-202
    Description: @%systemroot%\system32\sstpsvc.dll,-202
    Image path: system32\DRIVERS\rassstp.sys
    Image size: 69120
    Image MD5: A7D141684E9500AC928A772ED8E6B671
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): rdbss
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Redirected Buffering Sub Sysytem
    Description: Provides the framework for network mini-redirectors
    Image path: system32\DRIVERS\rdbss.sys
    Image size: 224768
    Image MD5: 6E1C5D0457622F9EE35F683110E93D14
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1
    Depends On services: Mup

    Service (registry key): RDPCDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: RDPCDD
    Description: RDPDD Chained DD
    Image path: System32\DRIVERS\RDPCDD.sys
    Image size: 6144
    Image MD5: 89E59BE9A564262A3FB6C4F4F1CD9899
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): RDPDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): rdpdr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Terminal Server Device Redirector Driver
    Image path: \SystemRoot\system32\drivers\rdpdr.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): RDPENCDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: RDP Encoder Mirror Driver
    Description: RDP Encoder Mirror Driver
    Image path: system32\drivers\rdpencdd.sys
    Image size: 6144
    Image MD5: 9D91FE5286F748862ECFFA05F8A0710C
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): RDPNP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\drprov.dll,-100
    Description: @%systemroot%\system32\drprov.dll,-101
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): RDPWD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: RDP Winstation Driver
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): RemoteAccess
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%Systemroot%\system32\mprdim.dll,-200
    Description: @%Systemroot%\system32\mprdim.dll,-201
    Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSS,RasMan,bfe
    Depends On group: NetBIOSGroup

    Service (registry key): RemoteRegistry
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @regsvc.dll,-1
    Description: @regsvc.dll,-2
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k regsvc
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): RoxMediaDB9
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: RoxMediaDB9
    Description: Roxio RoxMediaDB9 Service
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
    Image size: 880640
    Image MD5: EBCDE8B48FADC6479D96A56D0A432160
    Control Set: CurrentControlSet
    Start: 3
    Type: 272
    Error Control: 0

    Service (registry key): RoxWatch9
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Roxio Hard Drive Watcher 9
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
    Image size: 159744
    Image MD5: AB2B1DE1C8F31EFCE2384B14B3DC4260
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 0

    Service (registry key): RpcLocator
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\Locator.exe,-2
    Description: @%systemroot%\system32\Locator.exe,-3
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\locator.exe
    Image size: 7680
    Image MD5: 5123F83CBC4349D065534EEB6BBDC42B
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): RpcSs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @oleres.dll,-5010
    Description: @oleres.dll,-5011
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k rpcss
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: DcomLaunch

    Service (registry key): rspndr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Link-Layer Topology Discovery Responder
    Image path: system32\DRIVERS\rspndr.sys
    Image size: 60416
    Image MD5: 9C508F4074A39E8B4B31D27198146FAD
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): SamSs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\samsrv.dll,-1
    Description: @%SystemRoot%\system32\samsrv.dll,-2
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 9728
    Image MD5: A911ECAC81F94ADEAFBE8E3F7873EDB0
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): sbp2port
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SBP-2 Transport/Protocol Bus Driver
    Image path: \SystemRoot\system32\drivers\sbp2port.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): SBSDWSCService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SBSD Security Center Service
    Object name: LocalSystem
    Image path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    Image size: 1153368
    Image MD5: 794D4B48DFB6E999537C7C3947863463
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: wscsvc

    Service (registry key): SCardSvr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
    Description: @%SystemRoot%\System32\SCardSvr.dll,-5
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay

    Service (registry key): Schedule
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\schedsvc.dll,-100
    Description: @%SystemRoot%\system32\schedsvc.dll,-101
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,EventLog

    Service (registry key): SCPolicySvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\certprop.dll,-13
    Description: @%SystemRoot%\System32\certprop.dll,-14
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): SDRSVC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
    Description: @%SystemRoot%\system32\sdrsvc.dll,-102
    Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): secdrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Security Driver
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): seclogon
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\seclogon.dll,-7001
    Description: @%SystemRoot%\system32\seclogon.dll,-7000
    Object name: LocalSystem
    Image path: %windir%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): SENS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\Sens.dll,-200
    Description: @%SystemRoot%\system32\Sens.dll,-201
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: EventSystem

    Service (registry key): Serenum
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Serenum Filter Driver
    Image path: \SystemRoot\system32\drivers\serenum.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Serial
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Serial Port Driver
    Image path: \SystemRoot\system32\drivers\serial.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): sermouse
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Serial Mouse Driver
    Image path: \SystemRoot\system32\drivers\sermouse.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ServiceModelEndpoint 3.0.0.0
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ServiceModelOperation 3.0.0.0
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ServiceModelService 3.0.0.0
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): SessionEnv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
    Description: @%SystemRoot%\System32\SessEnv.dll,-1027
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,LanmanWorkstation

    Service (registry key): sffdisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SFF Storage Class Driver
    Image path: \SystemRoot\system32\drivers\sffdisk.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): sffp_mmc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SFF Storage Protocol Driver for MMC
    Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): sffp_sd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SFF Storage Protocol Driver for SDBus
    Image path: \SystemRoot\system32\drivers\sffp_sd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): sfloppy
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: High-Capacity Floppy Disk Drive
    Image path: \SystemRoot\system32\drivers\sfloppy.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): SharedAccess
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
    Description: @%SystemRoot%\system32\ipnathlp.dll,-107
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: Netman,WinMgmt,RasMan,BFE

    Service (registry key): ShellHWDetection
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
    Description: @%SystemRoot%\System32\shsvcs.dll,-12289
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RpcSs

    Service (registry key): sisagp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SIS AGP Bus Filter
    Image path: \SystemRoot\system32\drivers\sisagp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SiSRaid2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\sisraid2.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): SiSRaid4
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\sisraid4.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): slsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\SLsvc.exe,-101
    Description: @%SystemRoot%\system32\SLsvc.exe,-100
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\SLsvc.exe
    Image size: 2623488
    Image MD5: 0BA91E1358AD25236863039BB2609A2E
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): SLUINotify
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\SLUINotify.dll,-103
    Description: @%SystemRoot%\system32\SLUINotify.dll,-102
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: SLSvc,netprofm,EventSystem

    Service (registry key): Smb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
    Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
    Image path: system32\DRIVERS\smb.sys
    Image size: 66560
    Image MD5: 031E6BCD53C9B2B9ACE111EAFEC347B6
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): SMSvcHost 3.0.0.0
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): SNMPTRAP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\snmptrap.exe,-3
    Description: @%SystemRoot%\system32\snmptrap.exe,-4
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\snmptrap.exe
    Image size: 12800
    Image MD5: 2A146A055B4401C16EE62D18B8E2A032
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): spldr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Security Processor Loader Driver
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): Spooler
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\spoolsv.exe,-1
    Description: @%systemroot%\system32\spoolsv.exe,-2
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\spoolsv.exe
    Image size: 125952
    Image MD5: 846CDF9A3CF4DA9B306ADFB7D55EE4C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1
    Depends On services: RPCSS,http

    Service (registry key): srv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DRIVERS\srv.sys
    Image size: 288768
    Image MD5: 73DDDBEEC61E78568082916A27AADAEE
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1
    Depends On services: srv2

    Service (registry key): srv2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: srv2
    Description: Default SDDL for Windows Resource Protected file
    Image path: System32\DRIVERS\srv2.sys
    Image size: 144896
    Image MD5: 4CEEB95E0B79E48B81F2DA0A6C24C64B
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1
    Depends On services: srvnet

    Service (registry key): srvnet
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DRIVERS\srvnet.sys
    Image size: 98304
    Image MD5: F63A0A58AAFE34D7A1A0A74ABCCDD9C0
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): SSDPSRV
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\ssdpsrv.dll,-100
    Description: @%systemroot%\system32\ssdpsrv.dll,-101
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: HTTP

    Service (registry key): SstpSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
    Description: @%SystemRoot%\system32\sstpsvc.dll,-201
    Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): STHDA
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SigmaTel High Definition Audio CODEC
    Image path: system32\drivers\stwrt.sys
    Image size: 647680
    Image MD5: 9CEA131B5EB0EA653F6B3EA80B54956D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): StillCam
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Still Serial Digital Camera Driver
    Image path: system32\DRIVERS\serscan.sys
    Image size: 9216
    Image MD5: EF70B3D22B4BFFDA6EA851ECB063EFAA
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): stisvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\wiaservc.dll,-9
    Description: @%SystemRoot%\system32\wiaservc.dll,-10
    Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RpcSs,ShellHWDetection

    Service (registry key): stllssvr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: stllssvr
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
    Image size: 73728
    Image MD5: 51778FD315C9882F1CBD932743E62A72
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0

    Service (registry key): SupportSoft RemoteAssist
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: SupportSoft RemoteAssist
    Object name: LocalSystem
    Image path: C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    Image size: 394608
    Image MD5: 2E5586392CDFBD1D73BADB20E9ED6386
    Control Set: CurrentControlSet
    Start: 3
    Type: 272
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): swenum
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Software Bus Driver
    Image path: system32\DRIVERS\swenum.sys
    Image size: 15288
    Image MD5: 7BA58ECF0C0A9A69D44B3DCA62BECF56
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): swprv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\swprv.dll,-103
    Description: @%SystemRoot%\System32\swprv.dll,-102
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k swprv
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): Symc8xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\symc8xx.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Sym_hi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\sym_hi.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Sym_u3
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\sym_u3.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): SysMain
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\sysmain.dll,-1000
    Description: @%SystemRoot%\system32\sysmain.dll,-1001
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: rpcss,fileinfo

    Service (registry key): TabletInputService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\TabSvc.dll,-100
    Description: @%SystemRoot%\system32\TabSvc.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): TapiSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
    Description: @%SystemRoot%\system32\tapisrv.dll,-10101
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): TBS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\tbssvc.dll,-100
    Description: @%SystemRoot%\system32\tbssvc.dll,-101
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): Tcpip
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
    Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
    Image path: System32\drivers\tcpip.sys
    Image size: 897608
    Image MD5: 8A7AD2A214233F684242F289ED83EBC3
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Tcpip6
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft IPv6 Protocol Driver
    Description: Microsoft IPv6 Protocol Driver
    Image path: system32\DRIVERS\tcpip.sys
    Image size: 897608
    Image MD5: 8A7AD2A214233F684242F289ED83EBC3
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): tcpipreg
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: TCP/IP Registry Compatibility
    Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
    Image path: System32\drivers\tcpipreg.sys
    Image size: 30208
    Image MD5: D4A2E4A4B011F3A883AF77315A5AE76B
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1
    Depends On services: tcpip

    Service (registry key): TDPIPE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: TDPIPE
    Image path: system32\drivers\tdpipe.sys
    Image size: 17920
    Image MD5: 5DCF5E267BE67A1AE926F2DF77FBCC56
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): TDTCP
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: TDTCP
    Image path: system32\drivers\tdtcp.sys
    Image size: 29184
    Image MD5: 389C63E32B3CEFED425B61ED92D3F021
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): tdx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
    Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
    Image path: system32\DRIVERS\tdx.sys
    Image size: 71680
    Image MD5: D09276B1FAB033CE1D40DCBDF303D10F
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): TermDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Terminal Device Driver
    Image path: system32\DRIVERS\termdd.sys
    Image size: 54328
    Image MD5: A048056F5E1A96A9BF3071B91741A5AA
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): TermService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\termsrv.dll,-268
    Description: @%SystemRoot%\System32\termsrv.dll,-267
    Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,TermDD

    Service (registry key): Themes
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\shsvcs.dll,-8192
    Description: @%SystemRoot%\System32\shsvcs.dll,-8193
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): THREADORDER
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\mmcss.dll,-102
    Description: @%systemroot%\system32\mmcss.dll,-103
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): TrkWks
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\trkwks.dll,-1
    Description: @%SystemRoot%\system32\trkwks.dll,-2
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): TrustedInstaller
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
    Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
    Object name: localSystem
    Image path: %SystemRoot%\servicing\TrustedInstaller.exe
    Image size: 39424
    Image MD5: 16613A1BAD034D4ECF957AF18B7C2FF5
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): TSDDD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): tssecsrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Terminal Services Security Filter Driver
    Description: Terminal Services Security Filter Driver
    Image path: System32\DRIVERS\tssecsrv.sys
    Image size: 23552
    Image MD5: DCF0F056A2E4F52287264F5AB29CF206
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): tunmp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Tun Miniport Adapter Driver
    Image path: system32\DRIVERS\tunmp.sys
    Image size: 15360
    Image MD5: CAECC0120AC49E3D2F758B9169872D38
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): tunnel
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft IPv6 Tunnel Miniport Adapter Driver
    Image path: system32\DRIVERS\tunnel.sys
    Image size: 23040
    Image MD5: 119B8184E106BAEDC83FCE5DDF3950DA
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): uagp35
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft AGPv3.5 Filter
    Image path: \SystemRoot\system32\drivers\uagp35.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): udfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: udfs
    Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
    Image path: system32\DRIVERS\udfs.sys
    Image size: 226816
    Image MD5: 8B5088058FA1D1CD897A2113CCFF6C58
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): UGatherer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): UGTHRSVC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): UI0Detect
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\ui0detect.exe,-101
    Description: @%SystemRoot%\system32\ui0detect.exe,-102
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\UI0Detect.exe
    Image size: 35840
    Image MD5: ECEF404F62863755951E09C802C94AD5
    Control Set: CurrentControlSet
    Start: 3
    Type: 272
    Error Control: 1

    Service (registry key): uliagpkx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Uli AGP Bus Filter
    Image path: \SystemRoot\system32\drivers\uliagpkx.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): uliahci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\uliahci.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): UlSata
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\ulsata.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ulsata2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\ulsata2.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): umbus
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: UMBus Enumerator Driver
    Image path: system32\DRIVERS\umbus.sys
    Image size: 34816
    Image MD5: 32CFF9F809AE9AED85464492BF3E32D2
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): upnphost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\upnphost.dll,-213
    Description: @%systemroot%\system32\upnphost.dll,-214
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: SSDPSRV,HTTP

    Service (registry key): usb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): USBAAPL
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Apple Mobile USB Driver
    Image path: System32\Drivers\usbaapl.sys
    Image size: 40448
    Image MD5: 1DF89C499BF45D878B87EBD4421D462D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbaudio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: USB Audio Driver (WDM)
    Image path: system32\drivers\usbaudio.sys
    Image size: 73088
    Image MD5: 292A25BB75A568AE2C67169BA2C6365A
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbccgp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft USB Generic Parent Driver
    Image path: system32\DRIVERS\usbccgp.sys
    Image size: 73216
    Image MD5: CAF811AE4C147FFCD5B51750C7F09142
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbcir
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: eHome Infrared Receiver (USBCIR)
    Image path: \SystemRoot\system32\drivers\usbcir.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): usbehci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
    Image path: system32\DRIVERS\usbehci.sys
    Image size: 39424
    Image MD5: CEBE90821810E76320155BEBA722FCF9
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbhub
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft USB Standard Hub Driver
    Image path: system32\DRIVERS\usbhub.sys
    Image size: 194560
    Image MD5: CC6B28E4CE39951357963119CE47B143
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbohci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft USB Open Host Controller Miniport Driver
    Image path: system32\DRIVERS\usbohci.sys
    Image size: 19456
    Image MD5: 7BDB7B0E7D45AC0402D78B90789EF47C
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbprint
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft USB PRINTER Class
    Image path: system32\DRIVERS\usbprint.sys
    Image size: 18944
    Image MD5: E75C4B5269091D15A2E7DC0B6D35F2F5
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbscan
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: USB Scanner Driver
    Image path: system32\DRIVERS\usbscan.sys
    Image size: 35328
    Image MD5: A508C9BD8724980512136B039BBA65E9
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): USBSTOR
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: USB Mass Storage Driver
    Image path: system32\DRIVERS\USBSTOR.SYS
    Image size: 55296
    Image MD5: 87BA6B83C5D19B69160968D07D6E2982
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbuhci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft USB Universal Host Controller Miniport Driver
    Image path: system32\DRIVERS\usbuhci.sys
    Image size: 22528
    Image MD5: 325DBBACB8A36AF9988CCF40EAC228CC
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): usbvideo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: USB Video Device (WDM)
    Image path: System32\Drivers\usbvideo.sys
    Image size: 134016
    Image MD5: E67998E8F14CB0627A769F6530BCB352
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): UxSms
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\dwm.exe,-2000
    Description: @%SystemRoot%\system32\dwm.exe,-2001
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): vds
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\vds.exe,-100
    Description: @%SystemRoot%\system32\vds.exe,-112
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\vds.exe
    Image size: 382976
    Image MD5: B13BC395B9D6116628F5AF47E0802AC4
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RpcSs,PlugPlay

    Service (registry key): vga
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\vgapnp.sys
    Image size: 26112
    Image MD5: 7D92BE0028ECDEDEC74617009084B5EF
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): VgaSave
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\System32\drivers\vga.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): viaagp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: VIA AGP Bus Filter
    Image path: \SystemRoot\system32\drivers\viaagp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ViaC7
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: VIA C7 Processor Driver
    Image path: \SystemRoot\system32\drivers\viac7.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): viaide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\viaide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): volmgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Volume Manager Driver
    Image path: system32\drivers\volmgr.sys
    Image size: 52792
    Image MD5: 69503668AC66C77C6CD7AF86FBDF8C43
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): volmgrx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Dynamic Volume Manager
    Description: Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks
    Image path: System32\drivers\volmgrx.sys
    Image size: 294456
    Image MD5: 98F5FFE6316BD74E9E2C97206C190196
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): volsnap
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Storage volumes
    Image path: system32\drivers\volsnap.sys
    Image size: 227896
    Image MD5: D8B4A53DD2769F226B3EB374374987C9
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): vsmraid
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\vsmraid.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): VSS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\vssvc.exe,-102
    Description: @%systemroot%\system32\vssvc.exe,-101
    Object name: LocalSystem
    Image path: %systemroot%\system32\vssvc.exe
    Image size: 1054720
    Image MD5: D5FB73D19C46ADE183F968E13F186B23
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): W32Time
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\w32time.dll,-200
    Description: @%SystemRoot%\system32\w32time.dll,-201
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): W3SVC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): WacomPen
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Wacom Serial Pen HID Driver
    Image path: \SystemRoot\system32\drivers\wacompen.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Wanarp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access IP ARP Driver
    Description: Remote Access IP ARP Driver
    Image path: system32\DRIVERS\wanarp.sys
    Image size: 62464
    Image MD5: 55201897378CCA7AF8B5EFD874374A26
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Wanarpv6
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Remote Access IPv6 ARP Driver
    Description: Remote Access IPv6 ARP Driver
    Image path: system32\DRIVERS\wanarp.sys
    Image size: 62464
    Image MD5: 55201897378CCA7AF8B5EFD874374A26
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): wcncsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
    Description: @%SystemRoot%\system32\wcncsvc.dll,-4
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): WcsPlugInService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
    Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Wd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Watchdog Timer Driver
    Image path: \SystemRoot\system32\drivers\wd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Wdf01000
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Kernel Mode Driver Frameworks service
    Image path: system32\drivers\Wdf01000.sys
    Image size: 503864
    Image MD5: B6F0A7AD6D4BD325FBCD8BAC96CD8D96
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): WdiServiceHost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\wdi.dll,-502
    Description: @%systemroot%\system32\wdi.dll,-503
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k wdisvc
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): WdiSystemHost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\wdi.dll,-500
    Description: @%systemroot%\system32\wdi.dll,-501
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): WebClient
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\webclnt.dll,-100
    Description: @%systemroot%\system32\webclnt.dll,-101
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: MRxDAV

    Service (registry key): Wecsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\wecsvc.dll,-200
    Description: @%SystemRoot%\system32\wecsvc.dll,-201
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: HTTP,Eventlog,mpssvc

    Service (registry key): wercplsupport
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
    Description: @%SystemRoot%\System32\wercplsupport.dll,-100
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): WerSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\wersvc.dll,-100
    Description: @%SystemRoot%\System32\wersvc.dll,-101
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 0

    Service (registry key): WinDefend
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
    Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-3068
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Windows Workflow Foundation 3.0.0.0
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): WinHttpAutoProxySvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\winhttp.dll,-100
    Description: @%SystemRoot%\system32\winhttp.dll,-101
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Dhcp

    Service (registry key): Winmgmt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
    Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
    Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RPCSS

    Service (registry key): WinRM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%Systemroot%\system32\wsmsvc.dll,-101
    Description: @%Systemroot%\system32\wsmsvc.dll,-102
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,HTTP

    Service (registry key): Winsock
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 3
    Type: 4
    Error Control: 1

    Service (registry key): WinSock2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Wlansvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\wlansvc.dll,-257
    Description: @%SystemRoot%\System32\wlansvc.dll,-258
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

    Service (registry key): WmiAcpi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Windows Management Interface for ACPI
    Image path: \SystemRoot\system32\drivers\wmiacpi.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): WmiApRpl
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): wmiApSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
    Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
    Object name: localSystem
    Image path: %systemroot%\system32\wbem\WmiApSrv.exe
    Image size: 137728
    Image MD5: ABA4CF9F856D9A3A25F4DDD7690A6E9D
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): WMPNetworkSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
    Description: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-102
    Object name: NT AUTHORITY\NetworkService
    Image path: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
    Image size: 896512
    Image MD5: 3978704576A121A9204F8CC49A301A9B
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: UPnPHost,http

    Service (registry key): WPCSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
    Description: @%SystemRoot%\system32\wpcsvc.dll,-101
    Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): WPDBusEnum
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
    Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): WpdUsb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: WpdUsb
    Image path: System32\Drivers\wpdusb.sys
    Image size: 39936
    Image MD5: 0CEC23084B51B8288099EB710224E955
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ws2ifsl
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Winsock IFS driver
    Description: Winsock IFS driver
    Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): wscsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\wscsvc.dll,-200
    Description: @%SystemRoot%\System32\wscsvc.dll,-201
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,WinMgmt

    Service (registry key): WSearch
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\SearchIndexer.exe,-103
    Description: @%systemroot%\system32\SearchIndexer.exe,-104
    Object name: LocalSystem
    Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
    Image size: 439808
    Image MD5: 7778BDFA3F6F6FBA0E75B9594098F737
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): WSearchIdxPi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): wuauserv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\wuaueng.dll,-105
    Description: @%systemroot%\system32\wuaueng.dll,-106
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): WUDFRd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\WUDFRd.sys
    Image size: 83328
    Image MD5: AC13CB789D93412106B0FB6C7EB2BCB6
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): wudfsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
    Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay

    Service (registry key): xmlprov
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): {64012D8C-C2AB-4FCF-A24B-07FF03F3B21B}
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0
     
  11. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    QUOTE (AnkleStigmata @ Feb 5 2010, 01:44 AM)
    I just want to say I hate computers, the Internet, and human beings with the current exception of Blacken. Great OP dude.

    Yep, there's gonna be a big ol' reformattin' and reinstallin' hootenanny on my wife's laptop Saturday. Hosed by one or more of those fake AV things. Spent the better part of the day trying to clean it up and now know to give up. Among many other problems, there's a lot of horrifying shit in the registry.
    I'd read the rest of the thread before doing anything if I were you, as a lot of the recommendations have changed. Specifically, ditch Avast for Microsoft Security Essentials, and use an up-to-date version of Firefox. (I'm switched fully over to Chrome, though, now that ad-blocking works via the new extension model.)

    I keep meaning to rewrite it, but, see, I'm a lazy bastard.
     
  12. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    Yaz, I don't know what that is, but I'm not reading through eight fucking billion pages of barf. Can you get rid of that shit and go run a HijackThis or something that's a little readable?
     
  13. mabrowndog

    mabrowndog Ask me about total zone...or paint Lifetime Member SoSH Member

    Messages:
    39,676
    That's easily the longest post on this site since the last of Nip's porn link treasure troves in Crater Chris.

    Though I'm pretty sure Nip's was longer...
     
  14. Yaz4Ever

    Yaz4Ever stumps for Trump Lifetime Member SoSH Member

    Messages:
    10,119
    Sorry, I pasted the wrong thing. Here's the results rather than the full report.


    Virtumonde.atr: [SBI $ADF6CE3E] Configuration file (File, nothing done)
    C:\Windows\Tasks\kzwqkryd.job
    Properties.size=306
    Properties.md5=D426607C3FA468827DCBCCFF4BD4FC45
    Properties.filedate=1265719005
    Properties.filedatetext=2010-02-09 07:36:45

    Virtumonde.prx: [SBI $1FB893A0] Autorun settings (hehagemik) (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1723326366-2321168841-1007424184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hehagemik

    Virtumonde.prx: [SBI $1FB893A0] Program file (File, nothing done)
    c:\PROGRA~2\seyugogi\seyugogi.dll
    Properties.size=93184
    Properties.md5=0EFF1A428BA27A4D8F3ED9CE081BC969

    Virtumonde.prx: [SBI $1FB893A0] Autorun settings (gukotumeke) (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1723326366-2321168841-1007424184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gukotumeke

    Virtumonde.prx: [SBI $1FB893A0] Program file (File, nothing done)
    C:\ProgramData\fuzosoni\fuzosoni.dll
    Properties.size=53248
    Properties.md5=224FD11E0A3ECAC34AD731FB8664D3C9

    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2007-08-14 unins000.exe (51.41.0.0)
    2009-11-27 unins001.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2009-10-08 Includes\Adware.sbi (*)
    2010-02-02 Includes\AdwareC.sbi (*)
    2010-01-25 Includes\Cookies.sbi (*)
    2009-11-03 Includes\Dialer.sbi (*)
    2010-02-02 Includes\DialerC.sbi (*)
    2010-01-25 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2010-02-02 Includes\HijackersC.sbi (*)
    2010-01-20 Includes\Keyloggers.sbi (*)
    2010-02-02 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2010-01-26 Includes\Malware.sbi (*)
    2010-02-02 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2010-01-26 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2010-02-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-11-03 Includes\Spyware.sbi (*)
    2010-02-02 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-12-08 Includes\Trojans.sbi (*)
    2010-02-02 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll


    When I chose "fix selected problems", it said that the files would be deleted (I confirmed this) and then it said that "This action may not be performed completely because you are not an administrator. If you want this performed for all users, please run this application elevated as an administrator." It removed all but this file -

    (SBI $FB893A0) Program File
    c:\Progra~2\seyugogi\seyugogi.dll

    When I click on "Ok" after the administrator error message above appears (which makes no sense as I'm the only user on this computer), I get the following error message:

    Unexpected error in fixing problems
    (Cannot create file "C:\Windows\wininit.ini". Access is
    denied)

    I think it's because this file won't delete that everything comes right back after a reboot. Correct?
     
  15. Yaz4Ever

    Yaz4Ever stumps for Trump Lifetime Member SoSH Member

    Messages:
    10,119
    blacken - I don't have Hijack This on my computer. I'm running Ad-Aware, Spybot S&D, and AVG free. I keep all three updated and run them fairly often. This is the first time in my memory that a trojan has appeared. Like I said in the eight billion page post, most of the stuff I get are tracking cookies. That's it. I don't know where I went or what I did that put this on my computer.

    ok, I downloaded Hijack This and ran a scan. Here is the logfile it gave me:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:04:02 PM, on 2/9/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Orb Networks\Orb\bin\Orb.exe
    C:\Users\Michael\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Logitech\Logitech Vid\Vid.exe
    C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
    C:\Users\Michael\AppData\Local\Temp\par-Michael\cache-e68ad782a636923d69e9e72af0377d80310d3c5b\xmltv.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe
    O4 - HKCU\..\Run: [08884a0868e9c2b19880c2a2677229e7] C:\Users\Michael\DOWNLO~1\CRUISE~1.EXE /r
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [hehagemik] Rundll32.exe "c:\PROGRA~2\seyugogi\seyugogi.dll",a
    O4 - HKCU\..\Run: [gukotumeke] Rundll32.exe "C:\ProgramData\fuzosoni\fuzosoni.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{64012D8C-C2AB-4FCF-A24B-07FF03F3B21B}: NameServer = 24.25.5.148,24.25.5.147
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

    --
    End of file - 9558 bytes

    is that what you wanted?
     
  16. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    Much more useful. The following look questionable to me:

    O4 - HKCU\..\Run: [08884a0868e9c2b19880c2a2677229e7] C:\Users\Michael\DOWNLO~1\CRUISE~1.EXE /r - NOTHING should be permanently running from your Downloads folder, ever - there is no good reason for it in any case
    O4 - HKCU\..\Run: [hehagemik] Rundll32.exe "c:\PROGRA~2\seyugogi\seyugogi.dll",a - garbage name suggests infection
    O4 - HKCU\..\Run: [gukotumeke] Rundll32.exe "C:\ProgramData\fuzosoni\fuzosoni.dll",s - garbage name suggests infection

    Once more for emphasis, though: AVG is shit, Ad-Aware is shit, and Spybot is...well, marginal. You are better off with Windows Defender and MalwareBytes than either of the last two, and Microsoft Security Essentials for the former (though that's less pressing, AVG at least works--Ad-Aware has been bad for a long time, and Spybot seems to be much less effective as time goes on).

    Run MBAM, see if it picks anything up. If it does, follow its instructions; if not, nuke at least the last two of the ones listed above and nuke the first one unless you are sure you know what it is and that it is harmless.
     
  17. MannysDestination

    MannysDestination is not a republican SoSH Member

    Messages:
    10,785
    QUOTE (Blacken @ Feb 9 2010, 11:16 AM)
    I'd read the rest of the thread before doing anything if I were you, as a lot of the recommendations have changed. Specifically, ditch Avast for Microsoft Security Essentials, and use an up-to-date version of Firefox. (I'm switched fully over to Chrome, though, now that ad-blocking works via the new extension model.)

    I keep meaning to rewrite it, but, see, I'm a lazy bastard.


    Eh? Avast is no good anymore? Is MS Security Essentials a free AV alternative? I scanned a few pages and didn't see this...
     
  18. mabrowndog

    mabrowndog Ask me about total zone...or paint Lifetime Member SoSH Member

    Messages:
    39,676
    QUOTE (MannysDestination @ Feb 9 2010, 02:41 PM)
    Eh? Avast is no good anymore? Is MS Security Essentials a free AV alternative? I scanned a few pages and didn't see this...

    I was just about to post the same thing.

    I'm assuming Blacken typed "Avast" when he meant to type "AdAware" or "AVG" or some other inferior product.
     
  19. Yaz4Ever

    Yaz4Ever stumps for Trump Lifetime Member SoSH Member

    Messages:
    10,119
    blacken - I'm running MBAM right now. Once it finishes, should I post the log or is that unnecessary now? I've never used this program before, so I've got no idea how long it will take.

    Am I correct in understanding that I should get rid of AVG and Ad-Aware right now and instead use MBAM, Windows Defender (something else I've never used), and Microsoft Security Essentials from this point forward?

    I'm assuming the latter two are built into Windows, correct?
     
  20. SoxScout

    SoxScout Well-Known Member Lifetime Member SoSH Member

    Messages:
    30,142
    FWIW, Avast just put out a new version "Avast Free 5", and it has excellent reviews from what I have seen. From running it I have noticed it uses much less memory.
     
  21. TFP

    TFP Dope Dope

    Messages:
    16,599
    QUOTE (SoxScout @ Feb 9 2010, 03:37 PM)
    FWIW, Avast just put out a new version "Avast Free 5", and it has excellent reviews from what I have seen. From running it I have noticed it uses much less memory.

    Is the best way to upgrade to just uninstall Avast from my computer and re-install that? I couldn't find any auto-upgrade type options.

    Or should I just go with Microsoft Security Essentials? What's the difference between the two?
     
  22. SoxScout

    SoxScout Well-Known Member Lifetime Member SoSH Member

    Messages:
    30,142
    I uninstalled and reinstalled. I haven't had a virus with Avast ever and it has caught a few things, so I am very happy and sticking with it. Other people can speak to Microsoft Security Essentials.
     
  23. twoBshorty

    twoBshorty Has friends with cellos SoSH Member

    Messages:
    2,130
    Has anyone ever dealt with some malware called Antivirus Soft? It seems new. MalwareBytes didn't find any of the infected files and I had to do a system restore to get rid of it.
     
  24. TFP

    TFP Dope Dope

    Messages:
    16,599
    QUOTE (SoxScout @ Feb 9 2010, 04:03 PM)
    I uninstalled and reinstalled. I haven't had a virus with Avast ever and it has caught a few things, so I am very happy and sticking with it. Other people can speak to Microsoft Security Essentials.

    Yeah I've never had a problem with Avast either, so I went this route. The new interface is a million times better, too.
     
  25. I'm getting absolutely boned by this "Your PC Protector" virus here at work. I had the IT guy here at work clean it up yesterday, but it's back with a vengeance. What should I use to kill this fucking thing?
     
  26. Yaz4Ever

    Yaz4Ever stumps for Trump Lifetime Member SoSH Member

    Messages:
    10,119
    blacken - here is the log that was created by MBAM

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18882

    2/9/2010 5:16:29 PM
    mbam-log-2010-02-09 (17-16-29).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 341334
    Time elapsed: 1 hour(s), 56 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gukotumeke (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    Also, I've deleted AVG, Ad-Aware, and Spybot S&D from my system. I now have MBAM and HiJack This installed. Windows defender was in my security folder on my control panel and I downloaded MSE. How should I be using these now to keep my system safe and secure? I haven't even looked at them well enough to know if they can be scheduled for automatic scans yet.
     
  27. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    QUOTE (mabrowndog @ Feb 9 2010, 03:09 PM)
    I was just about to post the same thing.

    I'm assuming Blacken typed "Avast" when he meant to type "AdAware" or "AVG" or some other inferior product.
    Er, yes. s/Avast/AVG. Avast is okay, but IMO, MSE is a better antivirus than that, too: lower resource usage, good-enough detection (including some that other scanners will not detect--polymorphic code in VBScript files, for example), and what seems to be (but I haven't verified it) faster definition updates to Microsoft Update.
     
  28. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    Yaz: MSE can be set for automatic scans, and apparently (I did not know this, never looked) MSE turns off Windows Defender because it actually includes the Defender antispyware signatures inside its own files. So it does the work of both an antivirus and antimalware program. It can be scheduled for automatic updates. I only run MBAM when something goes shithouse, personally, but if you have a habit of getting infected, daily/weekly scans of that might not be a bad idea.
     
  29. Yaz4Ever

    Yaz4Ever stumps for Trump Lifetime Member SoSH Member

    Messages:
    10,119
    I don't have a habit of getting infected, so hopefully running MSE should keep me pretty safe and I'll use MBAM only when necessary. Do I not need Hijack This? What about firewall, should I use the windows one or get another? Anything else I'm not thinking of?

    Thanks!
     
  30. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    Windows Firewall is sufficient for consumer use. HijackThis is useful to have around if your shit gets infected, as it's a fairly reliable tool when you know exactly what the problem is and can kill it.
     
  31. TFP

    TFP Dope Dope

    Messages:
    16,599
    Also, I just checked out the Vista Security Center on my computer, and it states that I have 2 firewalls running (Windows Firewall and McAfee Firewall). I have no idea how the McAfee one came about, the only thing I can think of is that I just had Comcast internet set up and maybe they installed something without me knowing. A quick scan/search of my comp for McAfee products reveals nothing.

    Any idea how I can track this down?
     
  32. SoxScout

    SoxScout Well-Known Member Lifetime Member SoSH Member

    Messages:
    30,142
    When you searched did you click all files and folders, then at the bottom hit advanced and check search hidden folders as well?
     
  33. OttoC

    OttoC Member SoSH Member

    Messages:
    7,353
    Is McAfee listed under Add/Remove Programs?
     
  34. TFP

    TFP Dope Dope

    Messages:
    16,599
    QUOTE (SoxScout @ Feb 9 2010, 06:59 PM)
    When you searched did you click all files and folders, then at the bottom hit advanced and check search hidden folders as well?

    I just searched in Windows Explorer on my hard drive and came up with one registry editor result from CC Cleaner. I ran that earlier today, along with cleaning up a ton of other stuff like bloated services and programs on my comp.

    QUOTE (OttoC @ Feb 9 2010, 07:09 PM)
    Is McAfee listed under Add/Remove Programs?

    Nope, that was the first place I checked. I've never had McAfee on this computer, I've always used Avast as A/V and Windows Firewall/Windows Defender.
     
  35. TFP

    TFP Dope Dope

    Messages:
    16,599
    Ok, found a hidden McAfee Folder in C:\ProgramData that has a few things in it that are pretty unrecognizeable. Yet nothing regarding McAfee comes up in Add/Remove programs or the CC Cleaner Uninstall window. I'm guessing just straight deleting the folder probably isn't the way to go, right?
     
  36. OttoC

    OttoC Member SoSH Member

    Messages:
    7,353
    Comcast is advertising free Norton Security with new internet accounts so the McAfee is suspicious,
     
  37. SoxScout

    SoxScout Well-Known Member Lifetime Member SoSH Member

    Messages:
    30,142
    QUOTE (The Four Peters @ Feb 9 2010, 07:59 PM)
    Ok, found a hidden McAfee Folder in C:\ProgramData that has a few things in it that are pretty unrecognizeable. Yet nothing regarding McAfee comes up in Add/Remove programs or the CC Cleaner Uninstall window. I'm guessing just straight deleting the folder probably isn't the way to go, right?

    doesn't sound like that's a good idea: http://www.computing.net/answers/windows-v...-data/2118.html
     
  38. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    Just deleting it is likely to hose your machine pretty badly.

    McAfee is bad enough that it fucking might as well be spywar. Kill it with fire.
     
  39. TFP

    TFP Dope Dope

    Messages:
    16,599
    QUOTE (Blacken @ Feb 9 2010, 09:40 PM)
    Kill it with fire.

    How? I can't find any traces of it except in this folder, and in the Security Center where it says I have 2 firewalls running. None of the scans I run (Avast, Malwarebytes, Windows Defender) return anything. None of the add/remove or resources options show it. It's there, but barely.

    Unless you were kidding. In that case, I guess having 2 firewalls is redundant, but not terrible. I hope.
     
  40. SoxScout

    SoxScout Well-Known Member Lifetime Member SoSH Member

    Messages:
    30,142
    what about using Regseeker and searching for it in the registry and seeing what comes up?
     
  41. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    QUOTE (The Four Peters @ Feb 9 2010, 11:01 PM)
    How? I can't find any traces of it except in this folder, and in the Security Center where it says I have 2 firewalls running. None of the scans I run (Avast, Malwarebytes, Windows Defender) return anything. None of the add/remove or resources options show it. It's there, but barely.

    Unless you were kidding. In that case, I guess having 2 firewalls is redundant, but not terrible. I hope.
    Can you post a HijackThis log? Easiest way to see what's running.
     
  42. allaboutthesox

    allaboutthesox Well-Known Member Lifetime Member SoSH Member

    Messages:
    2,672
    My computer has McAfee on it (not a fan of it at all but it came with it on it), but my understanding is Kapersky Anti-Virus is supposed to be one of the best of out what is out there as well. I had AVG (paid for version) and I liked it, but honestly I would really like to get a nice anti-virus that actually has some worth. I realize there is probably no perfect Antiv-Virus, but to get maximum protection would be nice.
     
  43. TFP

    TFP Dope Dope

    Messages:
    16,599
    QUOTE (Blacken @ Feb 9 2010, 11:11 PM)
    Can you post a HijackThis log? Easiest way to see what's running.

    This seems pretty short for a log, but this is what I got. FWIW, Hijackthis froze twice before finally going through. Also, if you see anything that's easily killable to free up some memory, much obliged. Thanks for this.



    if(!spoilerid) var spoilerid=1; else spoilerid++; mytagid = spoilerid;
    document.write("
    - Click here to show/hide the message.");

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:45:44 PM, on 2/9/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 6968 bytes

    document.write("
    "); document.close();
     
  44. mabrowndog

    mabrowndog Ask me about total zone...or paint Lifetime Member SoSH Member

    Messages:
    39,676
    Just to get back to the Avast/WSE discussion for a second...

    Apparently, unbeknown to me, I've been running both of them simultaneously since I bought this Lenovo last summer. I had used WSE for Windows Defender firewall on my old Dell. When I set it up on the Lenovo, I noticed it includes "Malware Protection," so I just turned it on. It never occurred to me it was the same type of program as Avast.

    Is there any harm in running both? Any potential benefit at all, or is Avast just a superfluous use of system resources?
     
  45. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    QUOTE (allaboutthesox @ Feb 9 2010, 11:35 PM)
    My computer has McAfee on it (not a fan of it at all but it came with it on it), but my understanding is Kapersky Anti-Virus is supposed to be one of the best of out what is out there as well. I had AVG (paid for version) and I liked it, but honestly I would really like to get a nice anti-virus that actually has some worth. I realize there is probably no perfect Antiv-Virus, but to get maximum protection would be nice.
    Kapersky is indeed a better antivirus. If you absolutely insist on paying for one, it's probably the one to get. That said, "maximum protection" is only very slightly better than "average protection" (and I mean very slightly) and it's really not worth the money for an end user to pay for an antivirus.

    When it comes to computers, very often you do not get what you think you paid for. If you do something stupid, you can still get owned. If you don't do stupid things, they're both essentially the same as far as you'll notice.

    QUOTE (The Four Peters @ Feb 9 2010, 11:48 PM)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Update that, seriously. IE8 is free and better to have around even if you don't use it (because parts of your computer almost certainly do).

    I didn't notice any obvious problems with what HT reported, nor did I note anything that you'd probably noticeably improve performance by disabling. You actually have less of the bloatware crud running than most people. McAfee does not appear to be running; you can probably delete that crap safely, but don't blame me if it explodes.
     
  46. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    QUOTE (mabrowndog @ Feb 10 2010, 12:00 AM)
    Just to get back to the Avast/WSE discussion for a second...

    Apparently, unbeknown to me, I've been running both of them simultaneously since I bought this Lenovo last summer. I had used WSE for Windows Defender firewall on my old Dell. When I set it up on the Lenovo, I noticed it includes "Malware Protection," so I just turned it on. It never occurred to me it was the same type of program as Avast.

    Is there any harm in running both? Any potential benefit at all, or is Avast just a superfluous use of system resources?
    Windows Defender is an anti-malware program. Avast has some anti-malware stuff in it (just about everyone packs it in there today). It's probably harmless to run both, so long as they aren't tripping on each other and trying to take each other down (more common than you'd think, but you'd know if it was happening).
     
  47. TFP

    TFP Dope Dope

    Messages:
    16,599
    QUOTE (Blacken @ Feb 10 2010, 12:02 AM)
    Update that, seriously. IE8 is free and better to have around even if you don't use it (because parts of your computer almost certainly do).

    I didn't notice any obvious problems with what HT reported, nor did I note anything that you'd probably noticeably improve performance by disabling. You actually have less of the bloatware crud running than most people. McAfee does not appear to be running; you can probably delete that crap safely, but don't blame me if it explodes.

    Cool, I'll update IE now. I never ever use it, didn't think about the rest of my computer doing it. And I've tried to keep as little crap on there as possible, and also did a lot of cleaning up today. Laptop's running back to normal now, hopefully adding another GB of RAM will help make it even better.

    Other than that, I'll probably just leave everything as is. I wonder if windows is just fooled into thinking I'm running two firewalls, even if I'm not. No clue, if that can even happen. If not, no worth even fucking with it. Regardless, thanks for checking.
     
  48. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,861
    The thing most people don't realize (and this is pretty important) is that even if you "don't use IE," a shit-ton of applications do. It's not a great HTML renderer, but it's guaranteed to be on all Windows PCs in some form. (This is the part that Microsoft said they couldn't remove from the OS to decouple IE and Windows, and they're right. Tons of applications would break.) Just off the top of my head, I know that Google Talk, AIM (their client, not Pidgin or whatever), Valve's Steam client, and Windows Help all use MSHTML. You may browse regularly with Firefox or Chrome, but a sneaky exploit could conceivably be delivered via Steam (somebody sends you a link to a website while you're in a game, you click on it, the web browser opens inside the Steam Overlay, and hello infection) or other methods. Stay patched.
     
  49. OregonSoxFan

    OregonSoxFan lurker

    Messages:
    17
    Okay, last week one of my office computers got hit with a Vundo infection. At the time, I was still running AVG, have since switched to Microsoft Security Essentials and sought their phone support yesterday to clean up the mess, all to no avail. Despite finding and removing 4 Vundo files during last night's scan, I'm still getting pop-ups and it also disables MSE's update service.

    Is my only solution to back up data and do a fresh install?
     
  50. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,646
    QUOTE (OregonSoxFan @ Feb 10 2010, 03:28 PM)
    Okay, last week one of my office computers got hit with a Vundo infection. At the time, I was still running AVG, have since switched to Microsoft Security Essentials and sought their phone support yesterday to clean up the mess, all to no avail. Despite finding and removing 4 Vundo files during last night's scan, I'm still getting pop-ups and it also disables MSE's update service.

    Is my only solution to back up data and do a fresh install?



    You can try this:

    http://www.bleepingcomputer.com/virus-remo...undo-virtumonde
     

Share This Page