Spyware 201

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
A pretty entertaining video from Defcon 15, presented by CSC's Johnny Long. Parts of it have much more to do with physical security and good policies at larger companies (by way of showing how he's subverted them), but there's a lot of good advice about safe use of your computer that has nothing to do with the programs you run or the sites you visit.

http://video.google.com/videoplay?docid=-2...24376898701015#
 

mabrowndog

Ask me about total zone...or paint
Lifetime Member
SoSH Member
Dec 23, 2003
39,676
Falmouth, MA
QUOTE (Blacken @ Jan 15 2010, 05:01 PM) index.php?act=findpost&pid=2772405
A pretty entertaining video from Defcon 15, presented by CSC's Johnny Long.

Great video. This guy is pretty awesome, and I love his dry humor. The reveals on lax airport security were both scary and amazing in their simplicity, from the readily identifiable "undercover" air marshall to the pilot's keypad entry to the TSA uniforms.

When I was flying extensively for business, I had a polarizing screen cover that I bought as an anti-glare screen. As a side benefit, it also functioned as a privacy guard, where you could only view content with your head directly in front of it. Viewing from anything more than, say, a 10% angle in any direction would yield nothing but blackness.

In airport gate areas, I wouldn't use my laptop unless I was seated with my back to a wall. Not because I'm arrogant enough to believe I might be a hacking or spying target (I was in plastics, for Chrissakes...) but I've always been inherently wary of prying eyes that way.
 

JimD

Member
SoSH Member
Nov 29, 2001
6,606
I have the McAfee Internet Security package on my home PC. I was lazy last year and renewed it, but after everything I’ve read I want to upgrade this year. I’m considering going to the Avast antivirus program at minimum, but I’ve also seen Kaspersky programs on sale recently.

My big question is, how easy is it to shut down and (hopefully) delete the McAfee program on my PC once the new packages are up and running? I’m worried about McAfee crap being left behind and screwing up my new security programs. Is there a specific process or order of actions I should take?
 

DrBlinky

Member
SoSH Member
Jun 18, 2002
719
Cranston, RI
QUOTE (JimD @ Jan 18 2010, 10:31 AM) index.php?act=findpost&pid=2774979
I have the McAfee Internet Security package on my home PC. I was lazy last year and renewed it, but after everything I’ve read I want to upgrade this year. I’m considering going to the Avast antivirus program at minimum, but I’ve also seen Kaspersky programs on sale recently.

My big question is, how easy is it to shut down and (hopefully) delete the McAfee program on my PC once the new packages are up and running? I’m worried about McAfee crap being left behind and screwing up my new security programs. Is there a specific process or order of actions I should take?

Check out the McAfee Consumer Products Removal tool (MCPR.exe) found here.
 

DannyHeep

well trained post artisan
Lifetime Member
SoSH Member
Dec 15, 2003
17,398
Blacklick
My mother-in-law has "personal security" on her computer. It is obviously malware.

Can someone point me in the right direction on how I should get it removed? It doesn't let me even connect to the internet so I can download something to remove it.
 

AnkleStigmata

Well-Known Member
Lifetime Member
SoSH Member
May 31, 2005
1,148
@mikemokr
I just want to say I hate computers, the Internet, and human beings with the current exception of Blacken. Great OP dude.

Yep, there's gonna be a big ol' reformattin' and reinstallin' hootenanny on my wife's laptop Saturday. Hosed by one or more of those fake AV things. Spent the better part of the day trying to clean it up and now know to give up. Among many other problems, there's a lot of horrifying shit in the registry.
 

Yaz4Ever

stumps for Trump
Lifetime Member
SoSH Member
WTF is this?? Virtumonde with two different extensions (.prx and .atr) and I'm getting a shit ton of popups, which I never got before. Plus, Ad-Aware keeps giving me a bubble message from the icon in the systray saying "Ad-Watch Live! detected that a malicious process is running and started a scan in the background mode. You will be able to clean any infections safely after the scan is finished." Ad-Aware gives this a TAI of 7. Everything else I've ever seen is a 3. I've let it finish the scan, chose remove, rebooted the computer, and guess what...it's back again. The following is from Spybot S&D:


--- Search result list ---
Virtumonde.atr: [SBI $ADF6CE3E] Configuration file (File, nothing done)
C:\Windows\Tasks\kzwqkryd.job
Properties.size=306
Properties.md5=D426607C3FA468827DCBCCFF4BD4FC45
Properties.filedate=1265719005
Properties.filedatetext=2010-02-09 07:36:45

Virtumonde.prx: [SBI $1FB893A0] Autorun settings (hehagemik) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1723326366-2321168841-1007424184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hehagemik

Virtumonde.prx: [SBI $1FB893A0] Program file (File, nothing done)
c:\PROGRA~2\seyugogi\seyugogi.dll
Properties.size=93184
Properties.md5=0EFF1A428BA27A4D8F3ED9CE081BC969

Virtumonde.prx: [SBI $1FB893A0] Autorun settings (gukotumeke) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1723326366-2321168841-1007424184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gukotumeke

Virtumonde.prx: [SBI $1FB893A0] Program file (File, nothing done)
C:\ProgramData\fuzosoni\fuzosoni.dll
Properties.size=53248
Properties.md5=224FD11E0A3ECAC34AD731FB8664D3C9


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-08-14 unins000.exe (51.41.0.0)
2009-11-27 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-10-08 Includes\Adware.sbi (*)
2010-02-02 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-02-02 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-02-02 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-02-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-01-26 Includes\Malware.sbi (*)
2010-02-02 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-01-26 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-02-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-02-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-02-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 788880
MD5: 17B7EE982055EE0660A3C512D07E5111

Located: HK_LM:Run, AVG9_TRAY
command: C:\PROGRA~1\AVG\AVG9\avgtray.exe
file: C:\PROGRA~1\AVG\AVG9\avgtray.exe
size: 2033432
MD5: 72A7A352072EB6EC4953F9F580463B0D

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: B93C4070F24E46B0097648C276B5039E

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 305440
MD5: D1458A77A6E15462CB96D34089549BAC

Located: HK_LM:Run, LogitechQuickCamRibbon
command: "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
file: C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
size: 2793304
MD5: 2589FFE360BED8F824CBC6171CB5B874

Located: HK_LM:Run, Media Codec Update Service
command: C:\Program Files\Essentials Codec Pack\update.exe -silent
file: C:\Program Files\Essentials Codec Pack\update.exe
size: 303104
MD5: 441C75BC99638C9CB7A47EE79B17D2CF

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13687328
MD5: 3FE65648FFD5DC96CB41BC528E427FE9

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: 42BF3C7DEF9553F5860266EFABAF158E

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, SigmatelSysTrayApp
command: sttray.exe
file: C:\Windows\sttray.exe
size: 303104
MD5: 733DA847D5C3E32C40BA831BEAA8DC93

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, 08884a0868e9c2b19880c2a2677229e7
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: C:\Users\Michael\DOWNLO~1\CRUISE~1.EXE /r
file: C:\Users\Michael\DOWNLO~1\CRUISE~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, Google Update
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
size: 135664
MD5: 8F0DE4FEF8201E306F9938B0905AC96A

Located: HK_CU:Run, gukotumeke
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: Rundll32.exe "C:\ProgramData\fuzosoni\fuzosoni.dll",s
file: C:\ProgramData\fuzosoni\fuzosoni.dll
size: 53248
MD5: 224FD11E0A3ECAC34AD731FB8664D3C9

Located: HK_CU:Run, hehagemik
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: Rundll32.exe "c:\PROGRA~2\seyugogi\seyugogi.dll",a
file: c:\PROGRA~2\seyugogi\seyugogi.dll
size: 93184
MD5: 0EFF1A428BA27A4D8F3ED9CE081BC969

Located: HK_CU:Run, Logitech Vid
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
file: C:\Program Files\Logitech\Logitech Vid\Vid.exe
size: 5458704
MD5: E1473471169EC64C57B49F9C984DFB1A

Located: HK_CU:Run, Picasa Media Detector
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: 03463803AE9386EB095FFFD8DD26B85B

Located: HK_CU:Run, PlayOn
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: C:\Program Files\MediaMall\PlayOn.exe
file: C:\Program Files\MediaMall\PlayOn.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Simplify Media
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: "C:\Program Files\Simplify Media\SimplifyMedia.exe"
file: C:\Program Files\Simplify Media\SimplifyMedia.exe
size: 21752328
MD5: BAD5AC14FBDBA054E1D235D3050A7E8F

Located: HK_CU:Run, Skype
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 25623336
MD5: BF9EAB227D409CE1E75C23BB10CF5DBC

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-1723326366-2321168841-1007424184-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D

Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: DFCB9ADE94A4F8A7C42EEF41101A30AD

Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 214360
MD5: CF03C8F6F6B0D71F6E5BCE167FCF7CA6

Located: Startup (user), Dropbox.lnk
where: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
file: C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
size: 21968784
MD5: 0BFDAEC7BA4CCA24950CCFF19647DCDA

Located: Startup (user), Logitech . Product Registration.lnk
where: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
file: C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
size: 517384
MD5: FBBF2B2A5F257AA4B597F77D65155EDF

Located: Startup (user), OpenOffice.org 3.1.lnk
where: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
size: 384000
MD5: C047C9C6CD8E134AFDFDB374E80547E5



--- Browser helper object list ---
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG9\
Long name: avgssie.dll
Short name:
Date (created): 2/1/2010 7:06:00 PM
Date (last access): 2/1/2010 7:06:00 PM
Date (last write): 2/1/2010 7:06:00 PM
Filesize: 1484056
Attributes: archive
MD5: F7CC657F40C56C9BA7C189066D259F9E
CRC32: DBEFFA87
Version: 9.0.0.713

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/22/2009 2:41:30 PM
Date (last access): 8/19/2009 4:14:34 PM
Date (last write): 1/22/2009 2:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 12/5/2009 6:48:30 PM
Date (last access): 10/11/2009 4:18:20 AM
Date (last write): 10/11/2009 4:17:30 AM
Filesize: 41760
Attributes: archive
MD5: C9EDE29F223A27873E187D9FB6045EA6
CRC32: 5951C3E0
Version: 6.0.170.4



--- ActiveX list ---
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class)
DPF name:
CLSID name: SentinelVE3D Class
Installer: C:\Windows\Downloaded Program Files\VE3DInstall.inf
Codebase: http://download.microsoft.com/download/7/0...tualEarth3D.cab

{49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class)
DPF name:
CLSID name: WMI Class
Installer: C:\Windows\Downloaded Program Files\syspro.inf
Codebase: http://support.dell.com/systemprofiler/SysProExe.CAB

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/5/2009 6:48:30 PM
Date (last access): 10/11/2073 4:18:18 AM
Date (last write): 10/11/2009 4:17:30 AM
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/5/2009 6:48:30 PM
Date (last access): 10/11/2073 4:18:18 AM
Date (last write): 10/11/2009 4:17:30 AM
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/5/2009 6:48:30 PM
Date (last access): 10/11/2073 4:18:18 AM
Date (last write): 10/11/2009 4:17:30 AM
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2009 2:14:36 AM
Date (last access): 10/11/2073 4:18:30 AM
Date (last write): 10/11/2009 4:17:30 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4

{CB50428B-657F-47DF-9B32-671F82AA73F7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\pxplay.inf
Codebase: http://www.photodex.com/pxplay.cab
description:
classification: Open for discussion
known filename: pxplay.ocx
info link:
info source: Safer Networking Ltd.



--- Process list ---
PID: 3836 (3300) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 788880
MD5: 17B7EE982055EE0660A3C512D07E5111
PID: 3896 (3300) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
PID: 3968 (3300) C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: 03463803AE9386EB095FFFD8DD26B85B
PID: 3076 (2672) C:\Users\Michael\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
size: 136176
MD5: 975A3190EB50EAC7AA89488233E18294
PID: 1540 ( 824) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 5736 (1348) C:\Windows\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 6292 ( 876) C:\Windows\explorer.exe
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 3132 (1332) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 7476 (6292) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 3824 (1348) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 5896 (6292) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 412 ( 4) smss.exe
size: 64000
PID: 504 ( 492) csrss.exe
size: 6144
PID: 544 ( 492) wininit.exe
size: 96768
PID: 564 ( 552) csrss.exe
size: 6144
PID: 572 ( 544) avgchsvx.exe
PID: 580 ( 544) avgrsx.exe
PID: 644 ( 544) services.exe
size: 279040
PID: 656 ( 544) lsass.exe
size: 9728
PID: 664 ( 544) lsm.exe
size: 229888
PID: 696 ( 580) avgcsrvx.exe
PID: 824 ( 644) svchost.exe
size: 21504
PID: 876 ( 552) winlogon.exe
size: 314880
PID: 1108 ( 644) nvvsvc.exe
size: 207392
PID: 1156 ( 644) svchost.exe
size: 21504
PID: 1308 ( 644) svchost.exe
size: 21504
PID: 1332 ( 644) svchost.exe
size: 21504
PID: 1348 ( 644) svchost.exe
size: 21504
PID: 1460 (1308) audiodg.exe
size: 88064
PID: 1504 ( 644) svchost.exe
size: 21504
PID: 1524 ( 644) SLsvc.exe
size: 2623488
PID: 1560 ( 644) svchost.exe
size: 21504
PID: 1668 ( 644) svchost.exe
size: 21504
PID: 1776 (1108) rundll32.exe
size: 44544
PID: 1800 ( 644) AAWService.exe
PID: 1948 ( 644) spoolsv.exe
size: 125952
PID: 1976 ( 644) svchost.exe
size: 21504
PID: 628 ( 644) AppleMobileDeviceService.exe
PID: 1204 ( 644) avgwdsvc.exe
PID: 1380 ( 644) mDNSResponder.exe
PID: 1568 ( 644) svchost.exe
size: 21504
PID: 316 ( 644) svchost.exe
size: 21504
PID: 660 ( 644) svchost.exe
size: 21504
PID: 464 ( 644) svchost.exe
size: 21504
PID: 476 ( 644) RoxWatch9.exe
PID: 2240 (1204) avgnsx.exe
PID: 2288 ( 644) svchost.exe
size: 21504
PID: 2340 ( 644) svchost.exe
size: 21504
PID: 2400 ( 644) SearchIndexer.exe
size: 439808
PID: 2420 ( 644) avgemc.exe
PID: 2520 ( 644) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2644 (2420) avgcsrvx.exe
PID: 2952 (1348) taskeng.exe
size: 169472
PID: 3276 (1348) taskeng.exe
size: 169472
PID: 3352 (3276) OrbTray.exe
PID: 4000 (3352) Orb.exe
PID: 4108 ( 824) unsecapp.exe
PID: 4148 ( 644) svchost.exe
size: 21504
PID: 4196 ( 644) wmpnetwk.exe
PID: 4232 ( 824) WmiPrvSE.exe
PID: 5888 ( 644) iPodService.exe
PID: 3324 ( 644) VSSVC.exe
size: 1054720
PID: 2904 ( 644) svchost.exe
size: 21504
PID: 6236 ( 644) LVPrcSrv.exe
PID: 6892 (3140) Vid.exe
PID: 8144 (4000) xmltv.exe
PID: 6612 (8144) xmltv.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2/9/2010 11:05:51 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0070525
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:



--- Uninstall list ---


--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): 61883
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 61883 Unit Device
Image path: system32\DRIVERS\61883.sys
Image size: 45696
Image MD5: 585E64BB6DFBC0A2F1F0B554DED012DF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\drivers\acpi.sys
Image size: 266808
Image MD5: FCB8C7210F0135E24C6580F7F649C73C
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: A1545B731579895D8CC44FC0481C1192
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): AmdK7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: system32\DRIVERS\amdk8.sys
Image size: 44032
Image MD5: 93AE7F7DD54AB986A6F1A1B37BE7442D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Image size: 144712
Image MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aswTdi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 17408
Image MD5: 53B202ABEE6455406254444303E87BE1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE Channel
Image path: \SystemRoot\system32\drivers\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): Avc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVC Device
Image path: system32\DRIVERS\avc.sys
Image size: 40448
Image MD5: F4B56425A00BEB32F5FA6603FF7B0EA2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AVG
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): avg9emc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG E-mail Scanner
Object name: LocalSystem
Image path: "C:\Program Files\AVG\AVG9\avgemc.exe"
Image size: 906520
Image MD5: C34AB3B34ACC0260EBFEAB2827D99C45
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,avg9wd

Service (registry key): avg9wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG WatchDog
Object name: LocalSystem
Image path: "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
Image size: 285392
Image MD5: 7E7B5FA964F578ACD655E8BEEAE2A5CA
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AvgLdx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free AVI Loader Driver x86
Image path: \SystemRoot\System32\Drivers\avgldx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): AvgMfx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free On-access Scanner Minifilter Driver x86
Image path: \SystemRoot\System32\Drivers\avgmfx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): AvgTdiX
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free8 Network Redirector
Image path: \SystemRoot\System32\Drivers\avgtdix.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): bcm4sbxp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom 440x 10/100 Integrated Controller XP Driver
Image path: system32\DRIVERS\bcm4sbxp.sys
Image size: 45568
Image MD5: CD4646067CC7DCBA1907FA0ACF7E3966
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bonjour Service
Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 238888
Image MD5: 3F56903E124E820AEECE6D471583C6C1
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bowser
Description: Implements the datagram receiver for the computer browser browser service.
Image path: system32\DRIVERS\bowser.sys
Image size: 69632
Image MD5: 74B442B2BE1260B7588C136177CEAC66
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltlo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\system32\drivers\brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\system32\drivers\brserwdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\system32\drivers\brusbmdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\system32\drivers\brusbser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\drivers\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 70144
Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrbsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 67072
Image MD5: 1EC25CEA0DE6AC4718BF89F9E1778B57
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\drivers\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Common Log (CLFS)
Description: Common Log (CLFS)
Image path: System32\CLFS.sys
Image size: 247352
Image MD5: 465745561C832B29F7C48B488AAB3842
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 69632
Image MD5: D87ACAED61E417BBA546CED5E7E36D9C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: \SystemRoot\system32\drivers\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: BE01E566D1F569AAB32D0335613E1EEA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: system32\drivers\crcdisk.sys
Image size: 22632
Image MD5: 2A213AE086BBEC5E937553C7D9A2B22C
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Crusoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Transmeta Crusoe Processor Driver
Image path: \SystemRoot\system32\drivers\crusoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 75264
Image MD5: 9E635AE5E8AD93E2B5989E2E23679F97
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): DFSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @dfsrres.dll,-101
Description: @dfsrres.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\DFSR.exe
Image size: 2091520
Image MD5: FA3463F25F9CC9C3BCF1E7912FEFF099
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\drivers\disk.sys
Image size: 55352
Image MD5: 64109E623ABD6955C8FB110B592E68B7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): DLABMFSM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLABMFSM.SYS
Image size: 35096
Image MD5: A53723176D0002FEB486EFF8E17812F2
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLABOIOM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLABOIOM.SYS
Image size: 32472
Image MD5: D4587063ACEA776699251E177D719586
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLACDBHM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLACDBHM.SYS
Image size: 12856
Image MD5: 5230CDB7E715F3A3B4A882E254CDD35D
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0

Service (registry key): DLADResM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLADResM.SYS
Image size: 9400
Image MD5: C950C2E7B9ED1A4FC4A2AC7EC044F1D6
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLAIFS_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAIFS_M.SYS
Image size: 104536
Image MD5: 24400137E387A24410C52A591F3CFB4D
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLAOPIOM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAOPIOM.SYS
Image size: 26296
Image MD5: 29A303FECEB28641ECEBDAE89EB71C63
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLAPoolM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAPoolM.SYS
Image size: 14520
Image MD5: C93E33A22A1AE0C5508F3FB1F6D0A50C
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLARTL_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLARTL_M.SYS
Image size: 28120
Image MD5: 77FE51F0F8D86804CB81F6EF6BFB86DD
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0

Service (registry key): DLAUDFAM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAUDFAM.SYS
Image size: 94648
Image MD5: B953498C35A31E5AC98F49ADBCF3E627
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLAUDF_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAUDF_M.SYS
Image size: 97848
Image MD5: 4897704C093C1F59CE58FC65E1E1EF1E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx

Service (registry key): DockingGroup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LeapFrog WDM USB Device Driver
Image path: System32\Drivers\MS20022K.sys
Image size: 14781
Image MD5: A84BC91FAFF024F7694701077071A6CE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): Dot4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS IEEE-1284.4 Driver
Image path: system32\DRIVERS\Dot4.sys
Image size: 131584
Image MD5: 4F59C172C094E1A1D46463A8DC061CBD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dot4Print
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Class Driver for IEEE-1284.4
Image path: system32\DRIVERS\Dot4Prt.sys
Image size: 16384
Image MD5: 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): dot4usb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Dot4USB Filter Dot4USB Filter
Image path: system32\DRIVERS\dot4usb.sys
Image size: 36864
Image MD5: C55004CA6B419B6695970DFE849B122F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 5632
Image MD5: 97FEF831AB90BEE128C9AF390E243F80
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DRVMCDB
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DRVMCDB.SYS
Image size: 99176
Image MD5: C00440385CF9F3D142917C63F989E244
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 0

Service (registry key): DRVNDDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DRVNDDM.SYS
Image size: 51768
Image MD5: FFC371525AA55D1BAE18715EBCB8797C
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): e1express
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel® PRO/1000 PCI Express Network Connection Driver
Image path: system32\DRIVERS\e1e6032.sys
Image size: 200704
Image MD5: 7505290504C8E2D172FA378CC0497BCC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): E1G60
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel® PRO/1000 NDIS 6 Adapter Driver
Image path: system32\DRIVERS\E1G60I32.sys
Image size: 117760
Image MD5: F88FB26547FD2CE6D0A5AF2985892C48
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso

Service (registry key): Ecache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost Caching Driver
Description: ReadyBoost Caching Driver
Image path: System32\drivers\ecache.sys
Image size: 143416
Image MD5: DD2CD259D83D8B72C02C5F2331FF9D68
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 292352
Image MD5: 9BE3744D295A7701EB425332014F0797
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 131072
Image MD5: AD1870C8E5D6DD340C829E6074BF3C3F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehstart
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehstart.dll,-101
Description: @%SystemRoot%\ehome\ehstart.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): EmdCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): EMDMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\emdmgmt.dll,-1000
Description: @%SystemRoot%\system32\emdmgmt.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Depends On services: rpcss,ecache,slsvc,fileinfo

Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 25088
Image MD5: 63BDADA84951B9C03E641800E176898A
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: File Information FS MiniFilter
Description: Collects information about files in memory to be consumed by other system services.
Image path: system32\drivers\fileinfo.sys
Image size: 58936
Image MD5: A8C0139A884861E3AAE9CFE73B208A9F
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr

Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FileTrace
Description: ETW File Trace Filter
Image path: system32\drivers\filetrace.sys
Image size: 27648
Image MD5: 0AE429A696AECBC5970E3CF2C62635AE
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): FLEXnet Licensing Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FLEXnet Licensing Service
Description: This service performs licensing functions on behalf of FLEXnet enabled products.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
Image size: 654848
Image MD5: 227846995AFEEFA70D328BF5334A86A5
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 6603957EFF5EC62D25075EA8AC27DE68
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 192056
Image MD5: 05EA53AFE985443011E36DAB07343B46
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3

Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 46104
Image MD5: C9BE08664611DDAF98E2331E9288B00B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): fssfltr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FssFltr
Image path: system32\DRIVERS\fssfltr.sys
Image size: 54632
Image MD5: B74B0578FD1D3F897E95F2A2B69EA051
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): fsssvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live Family Safety Service
Description: This service enables Family Safety on the computer. If this service is not running, Family Safety will not work.
Object name: LocalSystem
Image path: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
Image size: 704864
Image MD5: 206AD9A89BF05DFA1621F1FC7B82592D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0

Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\drivers\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 26600
Image MD5: 8182FF89C65E4D38B2DE4BB0FB18564E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k GPSvcGroup
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,Mup

Service (registry key): gusvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Updater Service
Object name: LocalSystem
Image path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 136120
Image MD5: C1B577B2169900F4CF7190C39F085794
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): hcw89
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA Function Driver for High Definition Audio Service
Image path: system32\drivers\HdAudio.sys
Image size: 235520
Image MD5: CB04C744BE0A61B1D648FAED182C3B59
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 53760
Image MD5: C87B1EE051C0464491C1A7B03FA0BC99
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\drivers\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\drivers\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 12288
Image MD5: 854CA287AB7FAF949617A788306D967E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HpCISSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\hpcisss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): hpqcxs08
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: hpqcxs08
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): hpqddsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP CUE DeviceDiscovery Service
Description: This service detects and monitors CUE devices on the system.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HPSLPSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Network Devices Support
Description: Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k HPService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: system32\drivers\HTTP.sys
Image size: 411136
Image MD5: E046FBC483B041A41B1E922C97CFCC0D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\i2omp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 54784
Image MD5: 22D56C8184586B7A1F6FA60BE5F5A2BD
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID Controller Vista
Image path: \SystemRoot\system32\drivers\iastorv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 881664
Image MD5: 7B630ACAED64FEF0C3E1CF255CB56686
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 39424
Image MD5: CE44CC04262F28216DD4341E9E36A16F
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 47616
Image MD5: 62C265C38769B864CB25B4BCF62DF6C3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-200
Description: @%SystemRoot%\system32\iphlpsvc.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ipmidrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 100864
Image MD5: 8793643A67B42CEC66490B2A0CF92D68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iPod Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 545568
Image MD5: 6E0FAEA90E71C5F1B9F3BC71B4CCA2FA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Bus Enumerator
Description: IR Bus Enumerator
Image path: system32\drivers\irenum.sys
Image size: 13312
Image MD5: 109C0DFB82C3632FBD11949B73AEEAC9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort Driver
Image path: system32\DRIVERS\msiscsi.sys
Image size: 181304
Image MD5: F247EEC28317F6C739C16DE420097301
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): iteatapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ITEATAPI_Service_Install
Image path: \SystemRoot\system32\drivers\iteatapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): iteraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ITERAID_Service_Install
Image path: \SystemRoot\system32\drivers\iteraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 35384
Image MD5: 37605E0A8CF00CBBA538E753E4344C6E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard HID Driver
Image path: system32\DRIVERS\kbdhid.sys
Image size: 15872
Image MD5: 18247836959BA67E3511B62846B9C2E0
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: A911ECAC81F94ADEAFBE8E3F7873EDB0
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 439896
Image MD5: 7A0CF7908B6824D6A2A1D313E5AE3DCA
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): Lavasoft Ad-Aware Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lavasoft Ad-Aware Service
Description: Ad-Aware Service
Object name: LocalSystem
Image path: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
Image size: 1181328
Image MD5: 1A383F027D4F282E954C5AE30E5BCE50
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RpcSS

Service (registry key): Lbd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lbd
Description: Ad-Aware mini-filter driver
Image path: system32\DRIVERS\Lbd.sys
Image size: 64288
Image MD5: 713CD5267ABFB86FE90A72E384E82A38
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 47104
Image MD5: D1C5883087A0C3F1344D9D55A44901F6
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio

Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UAC File Virtualization
Description: Virtualizes file write failures to per-user locations.
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): lvpopflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech POP Suppression Filter
Image path: system32\DRIVERS\lvpopflt.sys
Image size: 114712
Image MD5: 01F0E010ACB61472163E9D02D3FF531A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LVPr2Mon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LVPr2Mon Driver
Image path: system32\Drivers\LVPr2Mon.sys
Image size: 25752
Image MD5: 1A7DB7A00A4B0D8DA24CD691A4547291
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LVPrcSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Process Monitor
Description: Injector service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
Image size: 154136
Image MD5: 0DDFDCAA92C7F553328DB06BA599BEA9
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): LVRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech RightSound Filter Driver
Image path: system32\DRIVERS\lvrs.sys
Image size: 265496
Image MD5: 87ECCE893D8AEC5A9337B917742D339C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LVUVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech Webcam 250(UVC)
Image path: system32\DRIVERS\lvuvc.sys
Image size: 6756632
Image MD5: A240E42A7402E927A71B6E8AA4629B13
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mcx2Svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehres.dll,-15501
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): mfeavfk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mfeavfk
Image path: system32\drivers\mfeavfk.sys
Image size: 79304
Image MD5: 2A5C22D126E1E806D6779F05C2AA8C2F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mfebopk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mfebopk
Image path: system32\drivers\mfebopk.sys
Image size: 35272
Image MD5: 8E79451E5144669C1ED9C437E1162373
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mfehidk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mfehidk
Image path: system32\drivers\mfehidk.sys
Image size: 213640
Image MD5: 1377B0BB5E6FBE8475BE0ED6EDFBFBCE
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): mferkdk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mferkdk
Image path: system32\drivers\mferkdk.sys
Image size: 34216
Image MD5: E30E485DF0BF5DF334EE93B0455D726F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mfesmfk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McAfee Inc. mfesmfk
Image path: system32\drivers\mfesmfk.sys
Image size: 40552
Image MD5: EA76FCF9AA1B1C44F12A0C26F17D4C37
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 31744
Image MD5: E13B5EA0F51BA5B1512EC671393D09BA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor Class Function Driver Service
Image path: system32\DRIVERS\monitor.sys
Image size: 41984
Image MD5: 0A9BB33B56E294F686ABB7C1E4E2D8A8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): motmodem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Motorola USB CDC ACM Driver
Image path: system32\DRIVERS\motmodem.sys
Image size: 23680
Image MD5: FE80C18BA448DDD76B7BEAD9EB203D37
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 34360
Image MD5: 5BF6A1326A335C5298477754A506D263
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 15872
Image MD5: 93B8D4869E12CFBE663915502900876F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mount Point Manager
Description: Driver responsible with maintaining persistent drive letters and names for volumes
Image path: System32\drivers\mountmgr.sys
Image size: 57400
Image MD5: BDAFC88AA6B92F7842416EA6A48E1600
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Bus Driver
Image path: \SystemRoot\system32\drivers\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 64000
Image MD5: 22241FEBA9B2DEFA669C8CB0A8DD7D2E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe

Service (registry key): Mraid35x
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\mraid35x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebDav Client Redirector Driver
Description: WebDav Client Redirector Driver
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB MiniRedirector Wrapper and Engine
Description: Implements the framework for the SMB filesystem redirector
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 105472
Image MD5: C4AD205530888404E2B5FC8D9319B119
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB 1.x MiniRedirector
Description: Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 212480
Image MD5: 0A986B34F1678A2697574D7B1664E2DD
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB 2.0 MiniRedirector
Description: Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 78848
Image MD5: 3268B8C3FA92BFC086355C39B45E9CC9
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\msahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Device Specific Module
Image path: \SystemRoot\system32\drivers\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 105984
Image MD5: FD7520CC3A80C5FC8C48852BB24C6DED
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): MSDV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft DV Camera and VCR
Image path: system32\DRIVERS\msdv.sys
Image size: 52608
Image MD5: 343291A4DFD7C923C3F71F550830EC1C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ISA/EISA Class Driver
Image path: system32\drivers\msisadrv.sys
Image size: 16440
Image MD5: 0F400E306F385C56317357D6DEA56F62
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\msimsg.dll,-27
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec /V
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 8192
Image MD5: D8C63D34D9C9E56C059E24EC7185CC07
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5888
Image MD5: 1D373C90D62DDB641D50E55B9E78D65E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 5504
Image MD5: B572DA05BF4E098D4BBA3A4734FB505B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 31288
Image MD5: E384487CB84BE41D09711C30CA79646C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 6016
Image MD5: 7199C1EEC1E4993CAF96B8C0A26BD58A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mup
Description: Multiple UNC Provider
Image path: System32\Drivers\mup.sys
Image size: 49720
Image MD5: 6DFD1D322DE55B0B7DB7D21B90BEC49C
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 148480
Image MD5: 3C21CE48FF529BB73DADB98770B54025
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS System Driver
Description: NDIS System Driver
Image path: system32\drivers\ndis.sys
Image size: 529464
Image MD5: 9BDC71790FA08F0A0B5F10462B1BD0B1
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 20992
Image MD5: 0E186E90404980569FB449BA7519AE61
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 16896
Image MD5: D6973AA34C4D5D76C0430B181C3CD389
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 121344
Image MD5: 3D14C3B3496F88890D431E8AA022A411
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Net Driver HPZ12
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k HPZ12
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 35840
Image MD5: BCD093A5A6777CF626434568DC7DBA78
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): netbt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NETBT
Description: This service implements NetBios over TCP/IP.
Image path: System32\DRIVERS\netbt.sys
Image size: 184320
Image MD5: 7C5FEE5B1C5728507CD96FB4A13E7A02
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip

Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %systemroot%\system32\lsass.exe
Image size: 9728
Image MD5: A911ECAC81F94ADEAFBE8E3F7873EDB0
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi

Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netprof.dll,-246
Description: @%SystemRoot%\system32\netprof.dll,-247
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 132096
Image MD5: 0AD5876EF4E9EB77C8F93EB5B2FFF386
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp

Service (registry key): NMIndexingService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NMIndexingService
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy

Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NSI proxy service
Description: NSI proxy service
Image path: system32\drivers\nsiproxy.sys
Image size: 16384
Image MD5: 609773E344A97410CE4EBF74A8914FCF
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): ntrigdigi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: N-trig HID Tablet Driver
Image path: \SystemRoot\system32\drivers\ntrigdigi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): nvlddmkm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\nvlddmkm.sys
Image size: 7766464
Image MD5: 204A01F718EA2349204AC353F525E7CC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\nvraid.sys
Image size: 88680
Image MD5: E69E946F80C1C31C53003BFBF50CBB7C
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): nvrd32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce RAID Driver
Image path: \SystemRoot\system32\drivers\nvrd32.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\nvstor.sys
Image size: 35920
Image MD5: 4A5FCAB82D9BF6AF8A023A66802FE9E9
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): nvstor32
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\nvstor32.sys
Image size: 110624
Image MD5: DC5F166422BEEBF195E3E4BB8AB4EE22
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): nvsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA Display Driver Service
Description: Provides system and desktop level support to the NVIDIA display driver
Object name: LocalSystem
Image path: %SystemRoot%\system32\nvvsvc.exe
Image size: 207392
Image MD5: D4F13A2A83C7FFDE44C939208408D3C4
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: nvlddmkm

Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP Bus Filter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): odserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Office Diagnostics Service
Description: Run portions of Microsoft Office Diagnostics.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Image size: 441712
Image MD5: 1F0E05DFF4F5A833168E49BE1256F002
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AGERE OHCI Compliant IEEE 1394 Host Controller
Image path: system32\DRIVERS\ohci1394.sys
Image size: 61952
Image MD5: 790E27C3DB53410B40FF9EF2FD10A1D9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ose
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 145184
Image MD5: 5A432A042DAE460ABE7199B758E8606C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8004
Description: @%SystemRoot%\system32\p2psvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\drivers\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Partition Manager
Description: Disk class filter driver that auctions out partitions to volume managers
Image path: System32\drivers\partmgr.sys
Image size: 56376
Image MD5: 3B38467E7C3DAED009DFE359E17F139F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Parvdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\parvdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\drivers\pci.sys
Image size: 151096
Image MD5: 01B94418DEB235DFF777CC80076354B4
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): pcouffin
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VSO Software pcouffin
Image path: System32\Drivers\pcouffin.sys
Image size: 47360
Image MD5: 5B6C11DE7E839C05248CED8825470FEF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 878080
Image MD5: 6349F6ED9C623B44B52EA3C63C831A92
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Pml Driver HPZ12
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k HPZ12
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8002
Description: @%SystemRoot%\system32\p2psvc.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc

Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8000
Description: @%SystemRoot%\system32\p2psvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc

Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe

Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 62976
Image MD5: ECFFFAEC0C1ECD8DBC77F39070EA1DB1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\drivers\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: A911ECAC81F94ADEAFBE8E3F7873EDB0
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 72192
Image MD5: BFEF604508A0ED1EAE2A73E872555FFB
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 43872
Image MD5: 49452BFCEC22F36A7A9B9C2181BC3042
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QLogic Fibre Channel Miniport Driver
Image path: \SystemRoot\system32\drivers\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QLogic iSCSI Miniport Driver
Image path: \SystemRoot\system32\drivers\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): R300
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\atikmdag.sys
Image size: 2028032
Image MD5: E642B131FB74CAF4BB8A014F31113142
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 11776
Image MD5: 147D7F9C556D259924351FEB0DE606C3
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 76288
Image MD5: A214ADBAF4CB47DD2728859EF31F26B0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc

Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 3E9D9B048107B40D87B97DF2E48E0744
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 69120
Image MD5: A7D141684E9500AC928A772ED8E6B671
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Redirected Buffering Sub Sysytem
Description: Provides the framework for network mini-redirectors
Image path: system32\DRIVERS\rdbss.sys
Image size: 224768
Image MD5: 6E1C5D0457622F9EE35F683110E93D14
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDPCDD
Description: RDPDD Chained DD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 6144
Image MD5: 89E59BE9A564262A3FB6C4F4F1CD9899
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: \SystemRoot\system32\drivers\rdpdr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Image path: system32\drivers\rdpencdd.sys
Image size: 6144
Image MD5: 9D91FE5286F748862ECFFA05F8A0710C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSS,RasMan,bfe
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RoxMediaDB9
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RoxMediaDB9
Description: Roxio RoxMediaDB9 Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
Image size: 880640
Image MD5: EBCDE8B48FADC6479D96A56D0A432160
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0

Service (registry key): RoxWatch9
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio Hard Drive Watcher 9
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
Image size: 159744
Image MD5: AB2B1DE1C8F31EFCE2384B14B3DC4260
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0

Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 7680
Image MD5: 5123F83CBC4349D065534EEB6BBDC42B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: DcomLaunch

Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 60416
Image MD5: 9C508F4074A39E8B4B31D27198146FAD
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: A911ECAC81F94ADEAFBE8E3F7873EDB0
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBP-2 Transport/Protocol Bus Driver
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBSD Security Center Service
Object name: LocalSystem
Image path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Image size: 1153368
Image MD5: 794D4B48DFB6E999537C7C3947863463
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: wscsvc

Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: \SystemRoot\system32\drivers\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Port Driver
Image path: \SystemRoot\system32\drivers\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\drivers\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\drivers\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): sisagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\system32\drivers\sisagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sisraid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): slsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\SLsvc.exe,-101
Description: @%SystemRoot%\system32\SLsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\SLsvc.exe
Image size: 2623488
Image MD5: 0BA91E1358AD25236863039BB2609A2E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): SLUINotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\SLUINotify.dll,-103
Description: @%SystemRoot%\system32\SLUINotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SLSvc,netprofm,EventSystem

Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 66560
Image MD5: 031E6BCD53C9B2B9ACE111EAFEC347B6
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 12800
Image MD5: 2A146A055B4401C16EE62D18B8E2A032
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\spoolsv.exe,-1
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 125952
Image MD5: 846CDF9A3CF4DA9B306ADFB7D55EE4C2
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http

Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srv.sys
Image size: 288768
Image MD5: 73DDDBEEC61E78568082916A27AADAEE
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2

Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: srv2
Description: Default SDDL for Windows Resource Protected file
Image path: System32\DRIVERS\srv2.sys
Image size: 144896
Image MD5: 4CEEB95E0B79E48B81F2DA0A6C24C64B
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet

Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 98304
Image MD5: F63A0A58AAFE34D7A1A0A74ABCCDD9C0
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): STHDA
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SigmaTel High Definition Audio CODEC
Image path: system32\drivers\stwrt.sys
Image size: 647680
Image MD5: 9CEA131B5EB0EA653F6B3EA80B54956D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): StillCam
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Still Serial Digital Camera Driver
Image path: system32\DRIVERS\serscan.sys
Image size: 9216
Image MD5: EF70B3D22B4BFFDA6EA851ECB063EFAA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection

Service (registry key): stllssvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: stllssvr
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
Image size: 73728
Image MD5: 51778FD315C9882F1CBD932743E62A72
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): SupportSoft RemoteAssist
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SupportSoft RemoteAssist
Object name: LocalSystem
Image path: C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
Image size: 394608
Image MD5: 2E5586392CDFBD1D73BADB20E9ED6386
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 15288
Image MD5: 7BA58ECF0C0A9A69D44B3DCA62BECF56
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Symc8xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\symc8xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sym_hi
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sym_hi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sym_u3
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sym_u3.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\TabSvc.dll,-100
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 897608
Image MD5: 8A7AD2A214233F684242F289ED83EBC3
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Tcpip6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 897608
Image MD5: 8A7AD2A214233F684242F289ED83EBC3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 30208
Image MD5: D4A2E4A4B011F3A883AF77315A5AE76B
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 17920
Image MD5: 5DCF5E267BE67A1AE926F2DF77FBCC56
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 29184
Image MD5: 389C63E32B3CEFED425B61ED92D3F021
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 71680
Image MD5: D09276B1FAB033CE1D40DCBDF303D10F
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 54328
Image MD5: A048056F5E1A96A9BF3071B91741A5AA
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\termsrv.dll,-268
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD

Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-8192
Description: @%SystemRoot%\System32\shsvcs.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 39424
Image MD5: 16613A1BAD034D4ECF957AF18B7C2FF5
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services Security Filter Driver
Description: Terminal Services Security Filter Driver
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 23552
Image MD5: DCF0F056A2E4F52287264F5AB29CF206
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): tunmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Tun Miniport Adapter Driver
Image path: system32\DRIVERS\tunmp.sys
Image size: 15360
Image MD5: CAECC0120AC49E3D2F758B9169872D38
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Tunnel Miniport Adapter Driver
Image path: system32\DRIVERS\tunnel.sys
Image size: 23040
Image MD5: 119B8184E106BAEDC83FCE5DDF3950DA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\drivers\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 226816
Image MD5: 8B5088058FA1D1CD897A2113CCFF6C58
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 35840
Image MD5: ECEF404F62863755951E09C802C94AD5
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP Bus Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uliahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\uliahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): UlSata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ulsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ulsata2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ulsata2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBus Enumerator Driver
Image path: system32\DRIVERS\umbus.sys
Image size: 34816
Image MD5: 32CFF9F809AE9AED85464492BF3E32D2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\upnphost.dll,-213
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): usb
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): USBAAPL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile USB Driver
Image path: System32\Drivers\usbaapl.sys
Image size: 40448
Image MD5: 1DF89C499BF45D878B87EBD4421D462D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Audio Driver (WDM)
Image path: system32\drivers\usbaudio.sys
Image size: 73088
Image MD5: 292A25BB75A568AE2C67169BA2C6365A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 73216
Image MD5: CAF811AE4C147FFCD5B51750C7F09142
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome Infrared Receiver (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 39424
Image MD5: CEBE90821810E76320155BEBA722FCF9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 194560
Image MD5: CC6B28E4CE39951357963119CE47B143
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: system32\DRIVERS\usbohci.sys
Image size: 19456
Image MD5: 7BDB7B0E7D45AC0402D78B90789EF47C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 18944
Image MD5: E75C4B5269091D15A2E7DC0B6D35F2F5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 35328
Image MD5: A508C9BD8724980512136B039BBA65E9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 55296
Image MD5: 87BA6B83C5D19B69160968D07D6E2982
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 22528
Image MD5: 325DBBACB8A36AF9988CCF40EAC228CC
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbvideo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Video Device (WDM)
Image path: System32\Drivers\usbvideo.sys
Image size: 134016
Image MD5: E67998E8F14CB0627A769F6530BCB352
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 382976
Image MD5: B13BC395B9D6116628F5AF47E0802AC4
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 26112
Image MD5: 7D92BE0028ECDEDEC74617009084B5EF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): viaagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\system32\drivers\viaagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ViaC7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA C7 Processor Driver
Image path: \SystemRoot\system32\drivers\viac7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\drivers\volmgr.sys
Image size: 52792
Image MD5: 69503668AC66C77C6CD7AF86FBDF8C43
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Dynamic Volume Manager
Description: Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks
Image path: System32\drivers\volmgrx.sys
Image size: 294456
Image MD5: 98F5FFE6316BD74E9E2C97206C190196
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Storage volumes
Image path: system32\drivers\volsnap.sys
Image size: 227896
Image MD5: D8B4A53DD2769F226B3EB374374987C9
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\vsmraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 1054720
Image MD5: D5FB73D19C46ADE183F968E13F186B23
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\w32time.dll,-200
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\drivers\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Wanarp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 62464
Image MD5: 55201897378CCA7AF8B5EFD874374A26
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 62464
Image MD5: 55201897378CCA7AF8B5EFD874374A26
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Watchdog Timer Driver
Image path: \SystemRoot\system32\drivers\wd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Mode Driver Frameworks service
Image path: system32\drivers\Wdf01000.sys
Image size: 503864
Image MD5: B6F0A7AD6D4BD325FBCD8BAC96CD8D96
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k wdisvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog,mpssvc

Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0

Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-3068
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp

Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP

Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 137728
Image MD5: ABA4CF9F856D9A3A25F4DDD7690A6E9D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
Description: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
Image size: 896512
Image MD5: 3978704576A121A9204F8CC49A301A9B
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: UPnPHost,http

Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WpdUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WpdUsb
Image path: System32\Drivers\wpdusb.sys
Image size: 39936
Image MD5: 0CEC23084B51B8288099EB710224E955
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Winsock IFS driver
Description: Winsock IFS driver
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,WinMgmt

Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 439808
Image MD5: 7778BDFA3F6F6FBA0E75B9594098F737
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 83328
Image MD5: AC13CB789D93412106B0FB6C7EB2BCB6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {64012D8C-C2AB-4FCF-A24B-07FF03F3B21B}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
QUOTE (AnkleStigmata @ Feb 5 2010, 01:44 AM) index.php?act=findpost&pid=2800040
I just want to say I hate computers, the Internet, and human beings with the current exception of Blacken. Great OP dude.

Yep, there's gonna be a big ol' reformattin' and reinstallin' hootenanny on my wife's laptop Saturday. Hosed by one or more of those fake AV things. Spent the better part of the day trying to clean it up and now know to give up. Among many other problems, there's a lot of horrifying shit in the registry.
I'd read the rest of the thread before doing anything if I were you, as a lot of the recommendations have changed. Specifically, ditch Avast for Microsoft Security Essentials, and use an up-to-date version of Firefox. (I'm switched fully over to Chrome, though, now that ad-blocking works via the new extension model.)

I keep meaning to rewrite it, but, see, I'm a lazy bastard.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
Yaz, I don't know what that is, but I'm not reading through eight fucking billion pages of barf. Can you get rid of that shit and go run a HijackThis or something that's a little readable?
 

mabrowndog

Ask me about total zone...or paint
Lifetime Member
SoSH Member
Dec 23, 2003
39,676
Falmouth, MA
That's easily the longest post on this site since the last of Nip's porn link treasure troves in Crater Chris.

Though I'm pretty sure Nip's was longer...
 

Yaz4Ever

stumps for Trump
Lifetime Member
SoSH Member
Sorry, I pasted the wrong thing. Here's the results rather than the full report.


Virtumonde.atr: [SBI $ADF6CE3E] Configuration file (File, nothing done)
C:\Windows\Tasks\kzwqkryd.job
Properties.size=306
Properties.md5=D426607C3FA468827DCBCCFF4BD4FC45
Properties.filedate=1265719005
Properties.filedatetext=2010-02-09 07:36:45

Virtumonde.prx: [SBI $1FB893A0] Autorun settings (hehagemik) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1723326366-2321168841-1007424184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hehagemik

Virtumonde.prx: [SBI $1FB893A0] Program file (File, nothing done)
c:\PROGRA~2\seyugogi\seyugogi.dll
Properties.size=93184
Properties.md5=0EFF1A428BA27A4D8F3ED9CE081BC969

Virtumonde.prx: [SBI $1FB893A0] Autorun settings (gukotumeke) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1723326366-2321168841-1007424184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gukotumeke

Virtumonde.prx: [SBI $1FB893A0] Program file (File, nothing done)
C:\ProgramData\fuzosoni\fuzosoni.dll
Properties.size=53248
Properties.md5=224FD11E0A3ECAC34AD731FB8664D3C9

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-08-14 unins000.exe (51.41.0.0)
2009-11-27 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-10-08 Includes\Adware.sbi (*)
2010-02-02 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-02-02 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-02-02 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-02-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-01-26 Includes\Malware.sbi (*)
2010-02-02 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-01-26 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-02-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-02-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-02-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


When I chose "fix selected problems", it said that the files would be deleted (I confirmed this) and then it said that "This action may not be performed completely because you are not an administrator. If you want this performed for all users, please run this application elevated as an administrator." It removed all but this file -

(SBI $FB893A0) Program File
c:\Progra~2\seyugogi\seyugogi.dll

When I click on "Ok" after the administrator error message above appears (which makes no sense as I'm the only user on this computer), I get the following error message:

Unexpected error in fixing problems
(Cannot create file "C:\Windows\wininit.ini". Access is
denied)

I think it's because this file won't delete that everything comes right back after a reboot. Correct?
 

Yaz4Ever

stumps for Trump
Lifetime Member
SoSH Member
blacken - I don't have Hijack This on my computer. I'm running Ad-Aware, Spybot S&D, and AVG free. I keep all three updated and run them fairly often. This is the first time in my memory that a trojan has appeared. Like I said in the eight billion page post, most of the stuff I get are tracking cookies. That's it. I don't know where I went or what I did that put this on my computer.

ok, I downloaded Hijack This and ran a scan. Here is the logfile it gave me:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:02 PM, on 2/9/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Users\Michael\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
C:\Users\Michael\AppData\Local\Temp\par-Michael\cache-e68ad782a636923d69e9e72af0377d80310d3c5b\xmltv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe
O4 - HKCU\..\Run: [08884a0868e9c2b19880c2a2677229e7] C:\Users\Michael\DOWNLO~1\CRUISE~1.EXE /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [hehagemik] Rundll32.exe "c:\PROGRA~2\seyugogi\seyugogi.dll",a
O4 - HKCU\..\Run: [gukotumeke] Rundll32.exe "C:\ProgramData\fuzosoni\fuzosoni.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64012D8C-C2AB-4FCF-A24B-07FF03F3B21B}: NameServer = 24.25.5.148,24.25.5.147
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 9558 bytes

is that what you wanted?
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
Much more useful. The following look questionable to me:

O4 - HKCU\..\Run: [08884a0868e9c2b19880c2a2677229e7] C:\Users\Michael\DOWNLO~1\CRUISE~1.EXE /r - NOTHING should be permanently running from your Downloads folder, ever - there is no good reason for it in any case
O4 - HKCU\..\Run: [hehagemik] Rundll32.exe "c:\PROGRA~2\seyugogi\seyugogi.dll",a - garbage name suggests infection
O4 - HKCU\..\Run: [gukotumeke] Rundll32.exe "C:\ProgramData\fuzosoni\fuzosoni.dll",s - garbage name suggests infection

Once more for emphasis, though: AVG is shit, Ad-Aware is shit, and Spybot is...well, marginal. You are better off with Windows Defender and MalwareBytes than either of the last two, and Microsoft Security Essentials for the former (though that's less pressing, AVG at least works--Ad-Aware has been bad for a long time, and Spybot seems to be much less effective as time goes on).

Run MBAM, see if it picks anything up. If it does, follow its instructions; if not, nuke at least the last two of the ones listed above and nuke the first one unless you are sure you know what it is and that it is harmless.
 

MannysDestination

is not a republican
SoSH Member
Nov 15, 2006
10,785
Boston
QUOTE (Blacken @ Feb 9 2010, 11:16 AM) index.php?act=findpost&pid=2805441
I'd read the rest of the thread before doing anything if I were you, as a lot of the recommendations have changed. Specifically, ditch Avast for Microsoft Security Essentials, and use an up-to-date version of Firefox. (I'm switched fully over to Chrome, though, now that ad-blocking works via the new extension model.)

I keep meaning to rewrite it, but, see, I'm a lazy bastard.


Eh? Avast is no good anymore? Is MS Security Essentials a free AV alternative? I scanned a few pages and didn't see this...
 

mabrowndog

Ask me about total zone...or paint
Lifetime Member
SoSH Member
Dec 23, 2003
39,676
Falmouth, MA
QUOTE (MannysDestination @ Feb 9 2010, 02:41 PM) index.php?act=findpost&pid=2805769
Eh? Avast is no good anymore? Is MS Security Essentials a free AV alternative? I scanned a few pages and didn't see this...

I was just about to post the same thing.

I'm assuming Blacken typed "Avast" when he meant to type "AdAware" or "AVG" or some other inferior product.
 

Yaz4Ever

stumps for Trump
Lifetime Member
SoSH Member
blacken - I'm running MBAM right now. Once it finishes, should I post the log or is that unnecessary now? I've never used this program before, so I've got no idea how long it will take.

Am I correct in understanding that I should get rid of AVG and Ad-Aware right now and instead use MBAM, Windows Defender (something else I've never used), and Microsoft Security Essentials from this point forward?

I'm assuming the latter two are built into Windows, correct?
 

SoxScout

Well-Known Member
Lifetime Member
SoSH Member
Jun 19, 2003
30,143
FWIW, Avast just put out a new version "Avast Free 5", and it has excellent reviews from what I have seen. From running it I have noticed it uses much less memory.
 

TFP

Dope
Dope
Dec 10, 2007
17,291
QUOTE (SoxScout @ Feb 9 2010, 03:37 PM) index.php?act=findpost&pid=2805854
FWIW, Avast just put out a new version "Avast Free 5", and it has excellent reviews from what I have seen. From running it I have noticed it uses much less memory.

Is the best way to upgrade to just uninstall Avast from my computer and re-install that? I couldn't find any auto-upgrade type options.

Or should I just go with Microsoft Security Essentials? What's the difference between the two?
 

SoxScout

Well-Known Member
Lifetime Member
SoSH Member
Jun 19, 2003
30,143
I uninstalled and reinstalled. I haven't had a virus with Avast ever and it has caught a few things, so I am very happy and sticking with it. Other people can speak to Microsoft Security Essentials.
 

twoBshorty

Has friends with cellos
SoSH Member
Oct 15, 2005
2,132
MD
Has anyone ever dealt with some malware called Antivirus Soft? It seems new. MalwareBytes didn't find any of the infected files and I had to do a system restore to get rid of it.
 

TFP

Dope
Dope
Dec 10, 2007
17,291
QUOTE (SoxScout @ Feb 9 2010, 04:03 PM) index.php?act=findpost&pid=2805899
I uninstalled and reinstalled. I haven't had a virus with Avast ever and it has caught a few things, so I am very happy and sticking with it. Other people can speak to Microsoft Security Essentials.

Yeah I've never had a problem with Avast either, so I went this route. The new interface is a million times better, too.
 
C

Corsi Combover

Guest
I'm getting absolutely boned by this "Your PC Protector" virus here at work. I had the IT guy here at work clean it up yesterday, but it's back with a vengeance. What should I use to kill this fucking thing?
 

Yaz4Ever

stumps for Trump
Lifetime Member
SoSH Member
blacken - here is the log that was created by MBAM

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/9/2010 5:16:29 PM
mbam-log-2010-02-09 (17-16-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 341334
Time elapsed: 1 hour(s), 56 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gukotumeke (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Also, I've deleted AVG, Ad-Aware, and Spybot S&D from my system. I now have MBAM and HiJack This installed. Windows defender was in my security folder on my control panel and I downloaded MSE. How should I be using these now to keep my system safe and secure? I haven't even looked at them well enough to know if they can be scheduled for automatic scans yet.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
QUOTE (mabrowndog @ Feb 9 2010, 03:09 PM) index.php?act=findpost&pid=2805805
I was just about to post the same thing.

I'm assuming Blacken typed "Avast" when he meant to type "AdAware" or "AVG" or some other inferior product.
Er, yes. s/Avast/AVG. Avast is okay, but IMO, MSE is a better antivirus than that, too: lower resource usage, good-enough detection (including some that other scanners will not detect--polymorphic code in VBScript files, for example), and what seems to be (but I haven't verified it) faster definition updates to Microsoft Update.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
Yaz: MSE can be set for automatic scans, and apparently (I did not know this, never looked) MSE turns off Windows Defender because it actually includes the Defender antispyware signatures inside its own files. So it does the work of both an antivirus and antimalware program. It can be scheduled for automatic updates. I only run MBAM when something goes shithouse, personally, but if you have a habit of getting infected, daily/weekly scans of that might not be a bad idea.
 

Yaz4Ever

stumps for Trump
Lifetime Member
SoSH Member
I don't have a habit of getting infected, so hopefully running MSE should keep me pretty safe and I'll use MBAM only when necessary. Do I not need Hijack This? What about firewall, should I use the windows one or get another? Anything else I'm not thinking of?

Thanks!
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
Windows Firewall is sufficient for consumer use. HijackThis is useful to have around if your shit gets infected, as it's a fairly reliable tool when you know exactly what the problem is and can kill it.
 

TFP

Dope
Dope
Dec 10, 2007
17,291
Also, I just checked out the Vista Security Center on my computer, and it states that I have 2 firewalls running (Windows Firewall and McAfee Firewall). I have no idea how the McAfee one came about, the only thing I can think of is that I just had Comcast internet set up and maybe they installed something without me knowing. A quick scan/search of my comp for McAfee products reveals nothing.

Any idea how I can track this down?
 

SoxScout

Well-Known Member
Lifetime Member
SoSH Member
Jun 19, 2003
30,143
When you searched did you click all files and folders, then at the bottom hit advanced and check search hidden folders as well?
 

TFP

Dope
Dope
Dec 10, 2007
17,291
QUOTE (SoxScout @ Feb 9 2010, 06:59 PM) index.php?act=findpost&pid=2806133
When you searched did you click all files and folders, then at the bottom hit advanced and check search hidden folders as well?

I just searched in Windows Explorer on my hard drive and came up with one registry editor result from CC Cleaner. I ran that earlier today, along with cleaning up a ton of other stuff like bloated services and programs on my comp.

QUOTE (OttoC @ Feb 9 2010, 07:09 PM) index.php?act=findpost&pid=2806144
Is McAfee listed under Add/Remove Programs?

Nope, that was the first place I checked. I've never had McAfee on this computer, I've always used Avast as A/V and Windows Firewall/Windows Defender.
 

TFP

Dope
Dope
Dec 10, 2007
17,291
Ok, found a hidden McAfee Folder in C:\ProgramData that has a few things in it that are pretty unrecognizeable. Yet nothing regarding McAfee comes up in Add/Remove programs or the CC Cleaner Uninstall window. I'm guessing just straight deleting the folder probably isn't the way to go, right?
 

OttoC

Member
SoSH Member
Dec 2, 2003
7,353
Comcast is advertising free Norton Security with new internet accounts so the McAfee is suspicious,
 

SoxScout

Well-Known Member
Lifetime Member
SoSH Member
Jun 19, 2003
30,143
QUOTE (The Four Peters @ Feb 9 2010, 07:59 PM) index.php?act=findpost&pid=2806237
Ok, found a hidden McAfee Folder in C:\ProgramData that has a few things in it that are pretty unrecognizeable. Yet nothing regarding McAfee comes up in Add/Remove programs or the CC Cleaner Uninstall window. I'm guessing just straight deleting the folder probably isn't the way to go, right?

doesn't sound like that's a good idea: http://www.computing.net/answers/windows-v...-data/2118.html
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
Just deleting it is likely to hose your machine pretty badly.

McAfee is bad enough that it fucking might as well be spywar. Kill it with fire.
 

TFP

Dope
Dope
Dec 10, 2007
17,291
QUOTE (Blacken @ Feb 9 2010, 09:40 PM) index.php?act=findpost&pid=2806497
Kill it with fire.

How? I can't find any traces of it except in this folder, and in the Security Center where it says I have 2 firewalls running. None of the scans I run (Avast, Malwarebytes, Windows Defender) return anything. None of the add/remove or resources options show it. It's there, but barely.

Unless you were kidding. In that case, I guess having 2 firewalls is redundant, but not terrible. I hope.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
QUOTE (The Four Peters @ Feb 9 2010, 11:01 PM) index.php?act=findpost&pid=2806686
How? I can't find any traces of it except in this folder, and in the Security Center where it says I have 2 firewalls running. None of the scans I run (Avast, Malwarebytes, Windows Defender) return anything. None of the add/remove or resources options show it. It's there, but barely.

Unless you were kidding. In that case, I guess having 2 firewalls is redundant, but not terrible. I hope.
Can you post a HijackThis log? Easiest way to see what's running.
 

allaboutthesox

Well-Known Member
Lifetime Member
SoSH Member
Dec 17, 2004
2,672
My computer has McAfee on it (not a fan of it at all but it came with it on it), but my understanding is Kapersky Anti-Virus is supposed to be one of the best of out what is out there as well. I had AVG (paid for version) and I liked it, but honestly I would really like to get a nice anti-virus that actually has some worth. I realize there is probably no perfect Antiv-Virus, but to get maximum protection would be nice.
 

TFP

Dope
Dope
Dec 10, 2007
17,291
QUOTE (Blacken @ Feb 9 2010, 11:11 PM) index.php?act=findpost&pid=2806700
Can you post a HijackThis log? Easiest way to see what's running.

This seems pretty short for a log, but this is what I got. FWIW, Hijackthis froze twice before finally going through. Also, if you see anything that's easily killable to free up some memory, much obliged. Thanks for this.



if(!spoilerid) var spoilerid=1; else spoilerid++; mytagid = spoilerid;
document.write("
- Click here to show/hide the message.");

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:44 PM, on 2/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6968 bytes

document.write("
"); document.close();
 

mabrowndog

Ask me about total zone...or paint
Lifetime Member
SoSH Member
Dec 23, 2003
39,676
Falmouth, MA
Just to get back to the Avast/WSE discussion for a second...

Apparently, unbeknown to me, I've been running both of them simultaneously since I bought this Lenovo last summer. I had used WSE for Windows Defender firewall on my old Dell. When I set it up on the Lenovo, I noticed it includes "Malware Protection," so I just turned it on. It never occurred to me it was the same type of program as Avast.

Is there any harm in running both? Any potential benefit at all, or is Avast just a superfluous use of system resources?
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
QUOTE (allaboutthesox @ Feb 9 2010, 11:35 PM) index.php?act=findpost&pid=2806721
My computer has McAfee on it (not a fan of it at all but it came with it on it), but my understanding is Kapersky Anti-Virus is supposed to be one of the best of out what is out there as well. I had AVG (paid for version) and I liked it, but honestly I would really like to get a nice anti-virus that actually has some worth. I realize there is probably no perfect Antiv-Virus, but to get maximum protection would be nice.
Kapersky is indeed a better antivirus. If you absolutely insist on paying for one, it's probably the one to get. That said, "maximum protection" is only very slightly better than "average protection" (and I mean very slightly) and it's really not worth the money for an end user to pay for an antivirus.

When it comes to computers, very often you do not get what you think you paid for. If you do something stupid, you can still get owned. If you don't do stupid things, they're both essentially the same as far as you'll notice.

QUOTE (The Four Peters @ Feb 9 2010, 11:48 PM) index.php?act=findpost&pid=2806725
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Update that, seriously. IE8 is free and better to have around even if you don't use it (because parts of your computer almost certainly do).

I didn't notice any obvious problems with what HT reported, nor did I note anything that you'd probably noticeably improve performance by disabling. You actually have less of the bloatware crud running than most people. McAfee does not appear to be running; you can probably delete that crap safely, but don't blame me if it explodes.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
QUOTE (mabrowndog @ Feb 10 2010, 12:00 AM) index.php?act=findpost&pid=2806733
Just to get back to the Avast/WSE discussion for a second...

Apparently, unbeknown to me, I've been running both of them simultaneously since I bought this Lenovo last summer. I had used WSE for Windows Defender firewall on my old Dell. When I set it up on the Lenovo, I noticed it includes "Malware Protection," so I just turned it on. It never occurred to me it was the same type of program as Avast.

Is there any harm in running both? Any potential benefit at all, or is Avast just a superfluous use of system resources?
Windows Defender is an anti-malware program. Avast has some anti-malware stuff in it (just about everyone packs it in there today). It's probably harmless to run both, so long as they aren't tripping on each other and trying to take each other down (more common than you'd think, but you'd know if it was happening).
 

TFP

Dope
Dope
Dec 10, 2007
17,291
QUOTE (Blacken @ Feb 10 2010, 12:02 AM) index.php?act=findpost&pid=2806735
Update that, seriously. IE8 is free and better to have around even if you don't use it (because parts of your computer almost certainly do).

I didn't notice any obvious problems with what HT reported, nor did I note anything that you'd probably noticeably improve performance by disabling. You actually have less of the bloatware crud running than most people. McAfee does not appear to be running; you can probably delete that crap safely, but don't blame me if it explodes.

Cool, I'll update IE now. I never ever use it, didn't think about the rest of my computer doing it. And I've tried to keep as little crap on there as possible, and also did a lot of cleaning up today. Laptop's running back to normal now, hopefully adding another GB of RAM will help make it even better.

Other than that, I'll probably just leave everything as is. I wonder if windows is just fooled into thinking I'm running two firewalls, even if I'm not. No clue, if that can even happen. If not, no worth even fucking with it. Regardless, thanks for checking.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,113
The thing most people don't realize (and this is pretty important) is that even if you "don't use IE," a shit-ton of applications do. It's not a great HTML renderer, but it's guaranteed to be on all Windows PCs in some form. (This is the part that Microsoft said they couldn't remove from the OS to decouple IE and Windows, and they're right. Tons of applications would break.) Just off the top of my head, I know that Google Talk, AIM (their client, not Pidgin or whatever), Valve's Steam client, and Windows Help all use MSHTML. You may browse regularly with Firefox or Chrome, but a sneaky exploit could conceivably be delivered via Steam (somebody sends you a link to a website while you're in a game, you click on it, the web browser opens inside the Steam Overlay, and hello infection) or other methods. Stay patched.
 

OregonSoxFan

lurker
Jul 14, 2005
17
Okay, last week one of my office computers got hit with a Vundo infection. At the time, I was still running AVG, have since switched to Microsoft Security Essentials and sought their phone support yesterday to clean up the mess, all to no avail. Despite finding and removing 4 Vundo files during last night's scan, I'm still getting pop-ups and it also disables MSE's update service.

Is my only solution to back up data and do a fresh install?
 

Harry Hooper

Well-Known Member
Lifetime Member
SoSH Member
Jan 4, 2002
25,029
QUOTE (OregonSoxFan @ Feb 10 2010, 03:28 PM) index.php?act=findpost&pid=2807416
Okay, last week one of my office computers got hit with a Vundo infection. At the time, I was still running AVG, have since switched to Microsoft Security Essentials and sought their phone support yesterday to clean up the mess, all to no avail. Despite finding and removing 4 Vundo files during last night's scan, I'm still getting pop-ups and it also disables MSE's update service.

Is my only solution to back up data and do a fresh install?



You can try this:

http://www.bleepingcomputer.com/virus-remo...undo-virtumonde