Author Topic: Can't get rid of Brower Hijacker (Read 7572 times)

newssurferboi · « **on:** June 26, 2005, 02:10:35 AM »

MS Antispyware has deleted this browser hijaker 3 times and it keeps coming back when I reboot. MS Antispyware IDs it as http://213.159.177.134/index.php. I just ran a Hijack This scan. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 3:07:41 AM, on 6/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec\Web Tools\CKA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\lexmarklexmark_x7328e0\printray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Global Startup: CorelCENTRAL 9.lnk = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.lnk = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100698816246
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B482F5D-A60A-43CE-A56E-EFB9C549C92F}: NameServer = 64.89.70.2 64.89.74.2
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Please help me get this Brower Hijacker off my system. Any help will be deeply appreciated.

newssurferboi

guestolo · « **Reply #1 on:** June 26, 2005, 11:21:32 PM »

Hi again newssurferboi

Not sure why those entries returned
I'm hoping it's not Microsoft Anti-Spyware causing the trouble

Please do the following
Close down all instances of Internet Explorer that you have open

Also do the following
Open Hijackthis>>Open Misc tools section>>Open Process manager
End process on every instance you see of this
C:\Program Files\Internet Explorer\iexplore.exe

That will leave you with no IE windows open

Do another scan with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer

Back in Windows
Come back here and post a fresh hijackthis log

I must Stress this
If Microsoft Anti-Spyware prompts you about any changes
You MUST ALLOW them
So it won't interfere with any fixes

Could you also
Download and Unzip to desktop DPF.zip
So you have Dpf.bat extracted
Double click on dpf.bat and a text file will open
Copy and paste the whole contents back here

newssurferboi · « **Reply #2 on:** June 27, 2005, 11:37:45 AM »

I couldn't find the files you told me to delete. That may be because I ran CWShredder and it removed a file that was infected. I downloaded the dpf.bat file onto my desktop. Also, while waiting for a reply ran Spybot S&D and it found EffectiveBandToolbar, but when I let it fix the file and reran the twice, SpyBoy S&D found EffectiveBandToolbar again. I checked other posts re this and downloaded SpSeHjfix112.exe but haven't used it because I'm not sure what it's for.

Here my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:11:53 PM, on 6/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\My Downloads\hijackthis.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\lexmarklexmark_x7328e0\printray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Global Startup: CorelCENTRAL 9.lnk = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.lnk = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100698816246
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Here's mydpflist scan:

Volume in drive C has no label.
Volume Serial Number is 1462-349D

Directory of C:\WINDOWS\Downloaded Program Files

04/29/2005 11:37 PM <DIR> BUILTIN\Administrators .
04/29/2005 11:37 PM <DIR> BUILTIN\Administrators ..
06/12/2002 01:16 PM 112,312 BATCAVE7-WWT7VG\SURFERBActiveData.dll
04/11/2005 12:20 PM 118,784 BATCAVE7-WWT7VG\SURFERBasinst.dll
03/23/2005 05:12 PM 525 BATCAVE7-WWT7VG\SURFERBasinst.inf
08/11/2004 07:24 PM 197,760 BATCAVE7-WWT7VG\SURFERBavsniff.dll
08/11/2004 07:22 PM 626 BATCAVE7-WWT7VG\SURFERBavsniff.inf
04/27/2004 02:28 PM 241 BATCAVE7-WWT7VG\SURFERBCabSA.inf
08/25/2004 01:00 AM 2,390 BATCAVE7-WWT7VG\SURFERBcatalog.dat
04/08/2005 12:49 PM <DIR> BATCAVE7-WWT7VG\SURFERBCONFLICT.1
10/29/2004 09:38 AM 180,224 BATCAVE7-WWT7VG\SURFERBcpcScan.dll
03/25/2004 04:31 PM 65 BUILTIN\Administrators desktop.ini
04/18/2003 01:59 PM 53,248 BATCAVE7-WWT7VG\SURFERBDiskFAU.dll
03/11/2004 01:35 PM 1,271 BATCAVE7-WWT7VG\SURFERBerma.inf
08/25/2003 07:12 PM 1,096 BATCAVE7-WWT7VG\SURFERBiuctl.inf
11/12/2004 03:33 PM 346,888 BATCAVE7-WWT7VG\SURFERBLegitCheckControl.DLL
11/12/2004 12:01 PM 493 BATCAVE7-WWT7VG\SURFERBLegitCheckControl.inf
10/27/2004 02:10 PM 111,752 BATCAVE7-WWT7VG\SURFERBLSSupCtl.dll
10/27/2004 02:03 PM 302 BATCAVE7-WWT7VG\SURFERBLSSupCtl.inf
01/20/2000 03:25 PM 1,162 BATCAVE7-WWT7VG\SURFERBMicrosoft XML Parser for Java.osd
03/15/2004 06:28 PM 6,854 BATCAVE7-WWT7VG\SURFERBnavapi.vxd
03/15/2004 06:28 PM 208,896 BATCAVE7-WWT7VG\SURFERBnavapi32.dll
08/25/2004 01:00 AM 119,976 BATCAVE7-WWT7VG\SURFERBnaveng32.dll
08/25/2004 01:00 AM 672,936 BATCAVE7-WWT7VG\SURFERBnavex32a.dll
08/29/2004 10:02 PM 249,856 BATCAVE7-WWT7VG\SURFERBPCPitstop.dll
08/30/2004 10:58 AM 618 BATCAVE7-WWT7VG\SURFERBPCPitstop.inf
10/09/2003 10:32 AM 144 BATCAVE7-WWT7VG\SURFERBQTPlugin.inf
01/28/2004 01:13 PM 520,349 BATCAVE7-WWT7VG\SURFERBRdxIE.dll
08/11/2004 07:24 PM 160,928 BATCAVE7-WWT7VG\SURFERBrufsi.dll
05/03/2004 03:39 PM 118,784 BATCAVE7-WWT7VG\SURFERBSassCln.dll
05/03/2004 03:40 PM 306 BATCAVE7-WWT7VG\SURFERBSASSCLN.INF
08/25/2004 01:00 AM 83,936 BATCAVE7-WWT7VG\SURFERBscrauth.dat
12/08/2003 02:58 PM 3,759 BATCAVE7-WWT7VG\SURFERBswflash.inf
12/20/2004 06:03 PM 157,288 BATCAVE7-WWT7VG\SURFERBSymAData.dll
08/25/2004 01:00 AM 8,137 BATCAVE7-WWT7VG\SURFERBsymaveng.cat
08/25/2004 01:00 AM 900 BATCAVE7-WWT7VG\SURFERBsymaveng.inf
08/25/2004 01:00 AM 6,153 BATCAVE7-WWT7VG\SURFERBtcdefs.dat
08/25/2004 01:00 AM 158,027 BATCAVE7-WWT7VG\SURFERBtcscan7.dat
08/25/2004 01:00 AM 55,374 BATCAVE7-WWT7VG\SURFERBtcscan8.dat
08/25/2004 01:00 AM 176,768 BATCAVE7-WWT7VG\SURFERBtcscan9.dat
08/25/2004 01:00 AM 453 BATCAVE7-WWT7VG\SURFERBtinf.dat
08/25/2004 01:00 AM 148 BATCAVE7-WWT7VG\SURFERBtinfidx.dat
08/25/2004 01:00 AM 1,957 BATCAVE7-WWT7VG\SURFERBtinfl.dat
08/25/2004 01:00 AM 35,594 BATCAVE7-WWT7VG\SURFERBtscan1.dat
08/25/2004 01:00 AM 1,179 BATCAVE7-WWT7VG\SURFERBtscan1hd.dat
08/25/2004 01:00 AM 5,382 BATCAVE7-WWT7VG\SURFERBv.grd
08/25/2004 01:00 AM 2,227 BATCAVE7-WWT7VG\SURFERBv.sig
08/25/2004 01:00 AM 106,244 BATCAVE7-WWT7VG\SURFERBvirscan.inf
08/25/2004 01:00 AM 883,786 BATCAVE7-WWT7VG\SURFERBvirscan1.dat
08/25/2004 01:00 AM 527,511 BATCAVE7-WWT7VG\SURFERBvirscan2.dat
08/25/2004 01:00 AM 144,200 BATCAVE7-WWT7VG\SURFERBvirscan3.dat
08/25/2004 01:00 AM 316,532 BATCAVE7-WWT7VG\SURFERBvirscan4.dat
08/25/2004 01:00 AM 70,708 BATCAVE7-WWT7VG\SURFERBvirscan5.dat
08/25/2004 01:00 AM 377,957 BATCAVE7-WWT7VG\SURFERBvirscan6.dat
08/25/2004 01:00 AM 1,304,307 BATCAVE7-WWT7VG\SURFERBvirscan7.dat
08/25/2004 01:00 AM 1,135,551 BATCAVE7-WWT7VG\SURFERBvirscan8.dat
08/25/2004 01:00 AM 1,555,603 BATCAVE7-WWT7VG\SURFERBvirscan9.dat
08/25/2004 01:00 AM 32 BATCAVE7-WWT7VG\SURFERBvirscant.dat
10/27/2002 07:32 PM 3,036 BATCAVE7-WWT7VG\SURFERBwmv9dmo.inf
06/30/2003 10:41 PM 1,689 BATCAVE7-WWT7VG\SURFERBWMV9VCM.inf
08/03/2004 03:51 PM 293 BATCAVE7-WWT7VG\SURFERBwuweb.inf
04/08/2005 12:23 PM 427,800 BATCAVE7-WWT7VG\SURFERBxclean_micro.exe
06/09/2004 05:51 PM 1,777 BATCAVE7-WWT7VG\SURFERBxscan.inf
06/09/2004 05:56 PM 435,712 BATCAVE7-WWT7VG\SURFERBxscan53.ocx
01/26/2004 06:42 PM 856 BATCAVE7-WWT7VG\SURFERByinst.inf
01/26/2004 06:40 PM 133,120 BATCAVE7-WWT7VG\SURFERByinsthelper.dll
08/25/2004 01:00 AM 224 BATCAVE7-WWT7VG\SURFERBzdone.dat
64 File(s) 11,313,006 bytes
3 Dir(s) 19,501,735,936 bytes free

Hope this extra info helps. Again, thanks for the help.

newssurferboi

guestolo · « **Reply #3 on:** June 27, 2005, 07:52:32 PM »

Your Hijackthis log looks clean again,
Can you let me know
Did you install SpywareBlaster and IE-Spyad?
I linked you to them in your last thread
Did you clear your System Restore points after we had you clean last time
I'm asking this, because there may be a chance you used System Restore from the last time we had you clean
Here's that link
http://www.thetechguide.com/forum/index.ph...topic=18298&hl=

Could you also do the following please

Run another scan with Spybot
When the scan is complete, can you right click in the Results pane and Save the full report
Save it too desktop
Copy and paste back the contents please

newssurferboi · « **Reply #4 on:** June 29, 2005, 03:54:52 PM »

I did everything you asked the last time I was infected. Also I uninstalled my version of Spybot, which was 1.3, installed the 1.4 version and updated it. Then I scanned my computer with Spyboy S&D as you said. Here's the scan:

--- Search result list ---
Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-06-23 Includes\Dialer.sbi (*)
2005-06-23 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-06-23 Includes\Malware.sbi (*)
2005-06-09 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-06-09 Includes\Security.sbi (*)
2005-06-15 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-06-21 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security Update for Microsoft Data Access Components
/ MSXML4: Patch Available For XMLHTTP Vulnerability
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP1: Windows XP Hotfix - KB821557
/ Windows XP / SP1: Windows XP Hotfix - KB823182
/ Windows XP / SP1: Windows XP Hotfix - KB824105
/ Windows XP / SP1: Windows XP Hotfix - KB824141
/ Windows XP / SP1: Windows XP Hotfix - KB828035
/ Windows XP / SP1: Windows XP Service Pack 1a
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811493
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q815021
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q819696
/ Windows XP / SP2: Windows XP Hotfix - KB821557
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839643
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329170
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329441
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811493
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811630
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814033
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q815021
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817287
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817606
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696

--- Startup entries list ---
Located: HK_LM:Run, AcctMgr
command: C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
file:

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 469824
MD5: 70c5a9c9cf9e65a9073a2a43da822841

Located: HK_LM:Run, pccguide.exe
command: "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
file: C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
size: 815166
MD5: c8edffafd3f00fc5b116e6e0f0aa3c39

Located: HK_LM:Run, PrinTray
command: C:\WINDOWS\system32\spool\drivers\w32x86\lexmarklexmark_x7328e0\printray.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\lexmarklexmark_x7328e0\printray.exe
size: 36864
MD5: 7ba53cbea0b27de4b70ddee2e9f4a7e0

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, SSC_UserPrompt
command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: b96c81be7b8d11710496787e5859d768

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 3cf6bff887af6f733473d81a8921a5c5

Located: HK_CU:Run, Norton SystemWorks
command: C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
file:

Located: Startup (common), CorelCENTRAL 9.lnk
command: C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
file: C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
size: 593920
MD5: 3258468986960765a1127a7b58295ec8

Located: Startup (common), CorelCENTRAL Alarms.lnk
command: C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
file: C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
size: 241664
MD5: 4a2ead270b55ce695b36872553a387a4

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---

--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
description: Gateway tools
classification: Unknown
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 8/29/2004 10:02:18 PM
Date (last access): 6/29/2005 4:13:18 PM
Date (last write): 8/29/2004 10:02:18 PM
Filesize: 249856
Attributes: archive
MD5: 32F05059838DA40D263CEB81C8C51E2D
CRC32: E529AA0C
Version: 1.0.0.130

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/shock...director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 6/6/2004 8:28:28 AM
Date (last access): 6/29/2005 4:30:44 PM
Date (last write): 5/28/2004 1:38:00 AM
Filesize: 54480
Attributes: archive
MD5: 408F53722D9C1280BF4EDD70341EA7F2
CRC32: 4EB8819E
Version: 10.0.1.4

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 11/12/2004 3:33:48 PM
Date (last access): 6/29/2005 4:13:18 PM
Date (last write): 11/12/2004 3:33:48 PM
Filesize: 346888
Attributes: archive
MD5: 40FC24CEF49EAF0EBC7C51C67F89A952
CRC32: C2CCDE24
Version: 1.0.58.6

{1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)
DPF name:
CLSID name: LSSupCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf
Codebase: http://www.symantec.com/techsupp/asa/LSSupCtl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LSSupCtl.dll
Short name:
Date (created): 10/27/2004 2:10:26 PM
Date (last access): 6/29/2005 4:13:18 PM
Date (last write): 10/27/2004 2:10:26 PM
Filesize: 111752
Attributes: archive
MD5: C8FEBEA460AAD5C1B6817F9676E03F78
CRC32: 807349F9
Version: 3.1.0.5

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

{556DDE35-E955-11D0-A707-000000521957} ()
DPF name:
CLSID name:
Installer:
Codebase: http://www.xblock.com/download/xclean_micro.exe

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://v5.windowsupdate.microsoft.com/v5co...b?1100698816246
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 8/3/2004 2:59:06 PM
Date (last access): 6/29/2005 4:30:44 PM
Date (last write): 8/3/2004 2:59:06 PM
Filesize: 120288
Attributes: archive
MD5: 0CD6248038C70B4C688DBD315D90A97A
CRC32: 0EF7DE01
Version: 5.4.3790.2182

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoftware.com/activescan/as5/asinst.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 4/11/2005 12:20:22 PM
Date (last access): 6/29/2005 4:13:18 PM
Date (last write): 4/11/2005 12:20:22 PM
Filesize: 118784
Attributes: archive
MD5: 36259D36E842FCF12B3D2F3766E7529F
CRC32: F62E6268
Version: 57.6.0.0

{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object)
DPF name:
CLSID name: SassCln Object
Installer: C:\WINDOWS\Downloaded Program Files\SASSCLN.INF
Codebase: http://www.microsoft.com/security/controls/SassCln.CAB
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SassCln.dll
Short name:
Date (created): 5/3/2004 3:39:54 PM
Date (last access): 6/29/2005 4:13:18 PM
Date (last write): 5/3/2004 3:39:54 PM
Filesize: 118784
Attributes: archive
MD5: A1C8571FA4B64CFC5C0CDA672F3C2D21
CRC32: 06EBA55B
Version: 1.0.0.16

{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan)
DPF name:
CLSID name: Crucial cpcScan
Installer:
Codebase: http://www.crucial.com/controls/cpcScanner.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: cpcScan.dll
Short name:
Date (created): 10/29/2004 9:38:40 AM
Date (last access): 6/29/2005 4:13:18 PM
Date (last write): 10/29/2004 9:38:40 AM
Filesize: 180224
Attributes: archive
MD5: 37CE2FD746A23AEF1F71D485C3C559E7
CRC32: 8454B644
Version: 2.0.0.0

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Installer:
Codebase: http://www.symantec.com/techsupp/asa/SymAData.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SymAData.dll
Short name:
Date (created): 12/20/2004 6:03:36 PM
Date (last access): 6/29/2005 4:13:18 PM
Date (last write): 12/20/2004 6:03:36 PM
Filesize: 157288
Attributes: archive
MD5: D39C8355D0587B6A3FD2325DA7E2919C
CRC32: B639D5B5
Version: 2.0.0.2

{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class)
DPF name:
CLSID name: ActiveDataObj Class
Installer:
Codebase: https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ActiveData.dll
Short name: ACTIVE~1.DLL
Date (created): 6/12/2002 1:16:22 PM
Date (last access): 6/29/2005 4:13:18 PM
Date (last write): 6/12/2002 1:16:22 PM
Filesize: 112312
Attributes: archive
MD5: C0A5720A581109543B113A8BEAE7868C
CRC32: 1B08DE36
Version: 1.0.0.1

--- Process list ---
PID: 0 ( 0) [System]
PID: 324 ( 4) \SystemRoot\System32\smss.exe
PID: 476 ( 324) \??\C:\WINDOWS\system32\csrss.exe
PID: 500 ( 324) \??\C:\WINDOWS\system32\winlogon.exe
PID: 544 ( 500) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 556 ( 500) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 736 ( 544) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 764 ( 544) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 916 ( 544) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1212 ( 544) C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
size: 864338
MD5: 474A016A35549B212A58F062CD0FF006
PID: 1316 ( 544) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 819352
MD5: F11341CD0D1DC5EFF5FEFFCC7424984E
PID: 1380 ( 544) C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
size: 286792
MD5: 41D260FBD4E5D9525D458C7B21C3065F
PID: 1412 ( 544) C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
size: 188484
MD5: 5F975641C10E9A58DAE9B0E723364AE9
PID: 1892 (1788) C:\WINDOWS\Explorer.EXE
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 2024 ( 544) C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
size: 585789
MD5: FB55153CDA34073AF9B3137893BC1E67
PID: 228 (1892) C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 469824
MD5: 70C5A9C9CF9E65A9073A2A43DA822841
PID: 116 (1892) C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
size: 815166
MD5: C8EDFFAFD3F00FC5B116E6E0F0AA3C39
PID: 952 ( 736) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 748352
MD5: 255CA546F8E187C41EBED2AABBEEE07C
PID: 2828 (2576) C:\Program Files\Symantec\Web Tools\CKA.exe
size: 230576
MD5: 3B2F5CA8A588F6167DA8B9F95FE8FCB5
PID: 3104 (1892) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 3112 (1892) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 3612 ( 116) C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
size: 680002
MD5: F00BDAC2A4D58A87E5C29B0B16C344F2
PID: 2684 (1892) C:\Documents and Settings\SURFERBOI\Desktop\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3288 (1892) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 2544 (1892) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 3244 (1892) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 3252 (1892) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 3804 (1892) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 2796 (1892) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/29/2005 4:32:34 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.microsoft.com/search/lobby/search.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.microsoft.com/search/lobby/search.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.yahoo
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

Adobe Download Manager 1.2 (Remove Only) (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

AnswerWorks Runtime (AnswerWorks)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"

(Branding)

(Connection Manager)

Corel Applications (Corel Applications)
uninstall cmd: C:\WINDOWS\Corel\Uninst32.exe

(DXM_Runtime)

Norton GoBack Personal Edition (Symantec Corporation) (GoBack)
uninstall cmd: C:\Program Files\Norton SystemWorks\Norton GoBack\Setup.exe /u
publisher: Symantec Corporation

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: E:\MY DOWNLOADS\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Internet Explorer Q831167 (ieupdate)
uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q831167.inf

Windows XP Hotfix - KB821557 20030611.134342 (KB821557)
uninstall cmd: C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=821557

Windows XP Hotfix - KB823182 20030724.164017 (KB823182)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823182

Windows XP Hotfix - KB823559 20030701.220428 (KB823559)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823559

Windows XP Hotfix - KB824105 20030724.164839 (KB824105)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824105

Windows XP Hotfix - KB824141 20030925.103600 (KB824141)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824141

Windows XP Hotfix - KB825119 20030828.113916 (KB825119)
uninstall cmd: C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=825119

Windows XP Hotfix - KB828035 20031021.165228 (KB828035)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828035

Windows XP Hotfix - KB828741 20040305.182309 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Windows XP Hotfix - KB835732 20040329.175541 (KB835732)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Windows XP Hotfix - KB837001 20040317.230926 (KB837001)
uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=837001

Windows XP Hotfix - KB839643 20040512.154803 (KB839643)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839643

Windows XP Hotfix - KB840374 20040416.100205 (KB840374)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840374

Windows XP Hotfix - KB842773 20040805.140010 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=842773

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Secure Delivery (kdx)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\kdx\kdx.inf,DefaultUninstall,5

LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

(Microsoft NetShow Player 2.0)

Mozilla Firefox (1.0.4) 1.0.4 (en-US) (Mozilla Firefox (1.0.4))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.0.4 (en-US)"
publisher: Mozilla

(MPlayer2)

Outlook Express Q837009 (oeupdate)
uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Windows XP Hotfix (SP2) [See Q329048 for more information] (Q329048)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) [See Q329115 for more information] (Q329115)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q329170 20030102.120145 (Q329170)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329170 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329390 for more information] (Q329390)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q329441 20021114.125038 (Q329441)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
publisher: Microsoft Corporation

Windows XP Hotfix (SP2) [See Q329834 for more information] (Q329834)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q810565 20021127.115011 (Q810565)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810565 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810577 20021118.135247 (Q810577)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810577 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810833 20021203.201545 (Q810833)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810833 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q811493 20030424.101451 (Q811493)
uninstall cmd: C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811493

Windows XP Hotfix (SP2) Q814033 20030131.164620 (Q814033)
uninstall cmd: C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q814033 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q815021 20030501.165608 (Q815021)
uninstall cmd: C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=815021

Windows XP Hotfix (SP2) Q817287 20030325.164011 (Q817287)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817287

Windows XP Hotfix (SP2) Q817606 20030331.103753 (Q817606)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817606

Windows XP Hotfix (SP2) Q819696 20030513.102848 (Q819696)
uninstall cmd: C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=819696

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

RamBooster (RamBooster)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\RamBooster\DeIsL1.isu" -c"C:\Program Files\RamBooster\_ISREG32.DLL"

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Registry Mechanic 4.0 (Registry Mechanic_is1)
install location: C:\Program Files\Registry Mechanic\
uninstall cmd: "C:\Program Files\Registry Mechanic\unins000.exe"
publisher: PC Tools
help link: http://www.pctools.com/registry-mechanic/support/

(Sevinst)

(Shockwave)

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Documents and Settings\SURFERBOI\Desktop\Spybot - Search & Destroy\
uninstall cmd: "C:\Documents and Settings\SURFERBOI\Desktop\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

StationRipper V1.13 V1.13 (StationRipper)
uninstall cmd: C:\Program Files\Ratajik Software\StationRipper\uninst.exe
publisher: Ratajik Software

Norton SystemWorks 2004 (Symantec Corporation) 7.00.00 (SymSetup.{71E7B3F5-CFAF-4c1e-B494-528E28707937})
install location: C:\Program Files\Norton SystemWorks
install source: D:
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4c1e-B494-528E28707937}.exe /X
publisher: Symantec Corporation

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 1a (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

Yahoo! extras (Yahoo! Customizations)
uninstall cmd: C:\Program Files\Yahoo!\Common\unycust.exe /S

Yahoo! Internet Mail (Yahoo! Internet Mail)
uninstall cmd: C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Yahoo! Address AutoComplete (Yahoo! Mail AutoComplete)
uninstall cmd: C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Messenger Explorer Bar (Yahoo! Messenger Explorer Bar)
uninstall cmd: C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL

Adobe Photoshop Album 2.0 Starter Edition 2.00.000 ({11B569C2-4BF6-4ED0-9D17-A4273943CB24})
version: 33554432
version (major): 2
estimated size: 15907
install date: 20040606
install source: C:\WINDOWS\Downloaded Installations\{30F65707-62BC-4443-BB21-86DA6E7F8A55}\
uninstall cmd: MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\readme.txt

Norton WMI Update 2005.1.0.111 ({1526D87C-A955-4FAB-BF18-697BA457E352})
version (major): 2005
version (minor): 1
estimated size: 2032
install date: 20040815
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.1_E\
uninstall cmd: MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
publisher: Symantec Corporation

Data Lifeguard ({2C0A655C-61E7-428A-8ED2-23A3D20E7DD2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"

TuneUp Utilities 2004 4.1.2312 ({2C3738C9-56FA-410A-BCB5-79C5DFD238F0})
version: 67176712
version (major): 4
version (minor): 1
estimated size: 14290
install date: 20040714
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{2C3738C9-56FA-410A-BCB5-79C5DFD238F0}
publisher: TuneUp Software
help link: www.Tune-Up.com

WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2524
install date: 20040325
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Microsoft XML Parser and SDK 4.10.9406.0 ({3E908702-AF35-4611-9518-955DA24B7E07})
version: 67773630
version (major): 4
version (minor): 10
estimated size: 5722
install date: 20040619
install source: C:\DOCUME~1\SURFER~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
publisher: Microsoft Corporation
help link: http://www.msdn.microsoft.com/xml

Microsoft AntiSpyware 1.0 ({536F7C74-844B-4683-B0C5-EA39E19A6FE3})
version: 16777216
version (major): 1
estimated size: 15195
install date: 20050121
install location: C:\Program Files\Microsoft AntiSpyware\
install source: C:\WINDOWS\Downloaded Installations\{DCD77953-1FCC-465A-A457-7AE805A97710}\
uninstall cmd: MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
publisher: Microsoft Corporation
contact: Microsoft Support
help link: http://www.microsoft.com

Norton CleanSweep 1.0.0 ({634B01DF-A45B-4623-80E1-E15FF82A4979})
version: 16777216
version (major): 1
estimated size: 13351
install date: 20041101
install source: D:\NCS\
uninstall cmd: MsiExec.exe /I{634B01DF-A45B-4623-80E1-E15FF82A4979}
publisher: <no manufacturer>

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninst

Norton Utilities 16.0.0 ({6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5})
version: 268435456
version (major): 16
estimated size: 23297
install date: 20041101
install source: D:\NU\
uninstall cmd: MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
publisher: <no manufacturer>

Norton SystemWorks 2004 7.00.00 ({71E7B3F5-CFAF-4c1e-B494-528E28707937})
version: 117440512
version (major): 7
install date: 20041101
install source: D:\NSW\
uninstall cmd: MsiExec.exe /I{71E7B3F5-CFAF-4c1e-B494-528E28707937}
publisher: Symantec Corporation

Trend Micro PC-cillin Internet Security 2005 12.0 ({7698EDA5-A90F-4205-99CB-8FF6F9048ED9})
version: 201326592
version (major): 12
estimated size: 43154
install date: 20050531
install location: C:\PROGRA~1\TRENDM~1\INTERN~1\
install source: C:\Program Files\Trend Micro\PCC2005_1244\Setup\
uninstall cmd: MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
publisher: Trend Micro
help link: http://kb.trendmicro.com/solutions/
help telephone:

Norton Password Manager 1.00.00 ({8315D4B0-9BF2-4D63-8654-74B89D288D6E})
version: 16777216
version (major): 1
estimated size: 8557
install date: 20041101
install source: D:\NPM\
uninstall cmd: MsiExec.exe /I{8315D4B0-9BF2-4D63-8654-74B89D288D6E}
publisher: Symantec Corporation

NSW_DRM_COLLECTION 1.0.0 ({900B1884-2D6F-4a70-A3C7-C3F4DA873FDB})
version: 16777216
version (major): 1
estimated size: 1656
install date: 20041101
install source: D:\NSW\
uninstall cmd: MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
publisher: Symantec Corporation

Adobe Acrobat - Reader 6.0.2 Update 6.0.2 ({AC76BA86-0000-0000-0000-6028747ADE01})
version: 100663298
version (major): 6
estimated size: 5800
install date: 20050504
install source: C:\Program Files\Adobe\{AC76BA86-0000-0000-7AC5-6028747ADE00}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
publisher: Adobe Systems
comments: Adobe Acrobat - Reader 6.0.2 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Acrobat and Reader 6.0.3 Update 6.0.3 ({AC76BA86-0000-7EC8-7489-000000000603})
version: 100663299
version (major): 6
estimated size: 1037
install date: 20050504
install source: C:\Program Files\Adobe\{8312557B-FC01-4F06-AAC0-D1285ADBE94B}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
publisher: Adobe Systems
comments: Adobe Acrobat - Reader 6.0.3 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Reader 6.0.1 006.000.001 ({AC76BA86-7AD7-1033-7B44-A00000000001})
version: 100663297
version (major): 6
estimated size: 45189
install date: 20040606
install location: C:\Program Files\Adobe\Acrobat 6.0\Reader\
install source: C:\WINDOWS\Cache\Adobe Reader 6.0.1\ENUBIG\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Reader\Readme.htm

Dell ResourceCD ({D78653C3-A8FF-415F-92E6-D774E634FF2D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"

({E85FA9A1-C241-4698-893B-DD99509B8DB0})

({F64306A5-4C32-41bb-B153-53986527FAB4})

Works Suite OS Pack 1.0.0.0000 ({FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94})
version: 16777216
version (major): 1
estimated size: 344
install date: 20050104
install source: D:\ospack\
publisher: Microsoft Corporation
help link: http://www.microsoft.com
help telephone:

MSRedist 1.0.0.0 ({FC37ABD0-2108-4beb-B010-1254E0662B5A})
version: 16777216
version (major): 1
estimated size: 3526
install date: 20041101
install source: D:\Support\MsRedist\
uninstall cmd: MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
publisher: Symantec Corp

--- System Services ---
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 179328
Image MD5: 94DDD4B3ACBD7A9558E1762CD58386F9
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142208
Image MD5: FF773FEDA15E8BD97FD54FE87A0ACDBE
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 497AEAD5ECEF9512F6B364977A5308EE
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 13568
Image MD5: 03F403B07A884FC2AA54A0916C410931
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 86912
Image MD5: 95B858761A00E1D4F81F79A0DA019ACA
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57216
Image MD5: 8D735CA1CBDB0081B0E3B9FF0EB222D0
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): AvgFwSvr
Start: 0
Type: 0
Error Control: 0

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Uses idle network bandwidth to transfer data.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Rpcss

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 47488
Image MD5: 6506E033AD04CFEC9EE56DBEFD1083DD
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): cisvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\cisvc.exe
Image size: 5120
Image MD5: 325F1D50AFD0D6CE830938262AC2AE14
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 30720
Image MD5: 08EBC742345AB7EF2EC29BC92D6D33DD
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 4608
Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start:

newssurferboi · « **Reply #5 on:** June 29, 2005, 09:34:42 PM »

Here's Part 2 of my Spybot S&D log:

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 33792
Image MD5: D1B16340CEACEECBF52340A0CBDF43E1
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 204800
Image MD5: 67648497FDC9A9235A2642950E326756
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 780928
Image MD5: E18132D39407AADCA6B1D19ADF408A8A
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Image path: System32\drivers\dmio.sys
Image size: 146304
Image MD5: ACA44E9A8E2FF7C833664263C8478629
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 50048
Image MD5: EF05974D47D56FA8387F170F05BAE5E7
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2816
Image MD5: FD859E517FA2ABB53654AFA7EC9E3A94
Start: 3
Type: 1
Error Control: 1

Service (registry key): EL90XBC
Display name: 3Com EtherLink XL 90XB/C Adapter Driver
Image path: System32\DRIVERS\el90xbc5.sys
Image size: 66591
Image MD5: 6E883BF518296A40959131C2304AF714
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): es1371
Display name: Creative AudioPCI (ES1371,ES1373) (WDM)
Image path: system32\drivers\es1371mp.sys
Image size: 40704
Image MD5: A55DD7D8CED5D2624A9EE2DDA7BE0319
Start: 3
Type: 1
Error Control: 1

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 101376
Image MD5: E3DF4A0252D287C44606EE55355E1623
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 26240
Image MD5: 19C5C7EAC0190A42522290BF002F64EA
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: System32\DRIVERS\flpydisk.sys
Image size: 19712
Image MD5: 8F70D1F7606F7442E2F7383F3701D728
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): gameenum
Display name: Game Port Enumerator
Image path: System32\DRIVERS\gameenum.sys
Image size: 9856
Image MD5: 6D18CAD8A05D88E672B61DB855A08289
Start: 3
Type: 1
Error Control: 0

Service (registry key): GBDevice
Start: 0
Type: 1
Error Control: 0

Service (registry key): GBFSHook
Start: 2
Type: 2
Error Control: 0

Service (registry key): GBPoll
Display name: GBPoll
Object name: LocalSystem
Image path: C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
Image size: 507904
Image MD5: 24ABED24813EF8CD6DEF1ADC269B0663
Start: 3
Type: 272
Error Control: 1

Service (registry key): GoBack2K
Start: 0
Type: 1
Error Control: 0

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 33792
Image MD5: 13591E0A02E85DE2A388F3EC4BD206DF
Start: 3
Type: 1
Error Control: 1

Service (registry key): HCF_MSFT
Image path: System32\DRIVERS\HCF_MSFT.sys
Image size: 907456
Image MD5: 4236E014632F4163F53EBB717F41594C
Start: 3
Type: 1
Error Control: 0

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1

Service (registry key): hpt3xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 51072
Image MD5: 7080F46568108CC6EA73E460EE6EE702
Start: 1
Type: 1
Error Control: 1

Service (registry key): i81x
Image path: System32\DRIVERS\i81xnt5.sys
Image size: 138240
Image MD5: 1D37C8D853582EA95DDF1A6BA1A62573
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP0
Image path: System32\DRIVERS\wADV01nt.sys
Image size: 12672
Image MD5: 7CB34D392210C286AC925D8A17E00A75
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP1
Image path: System32\DRIVERS\wADV02NT.sys
Image size: 12288
Image MD5: E086A10B2558F9CDD16CF6686E1393BE
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP2
Image path: System32\DRIVERS\wADV05NT.sys
Image size: 12032
Image MD5: E02F7161F07B3AA468ECB7F652F084EB
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP3
Image path: System32\DRIVERS\wSiINTxx.sys
Image size: 12160
Image MD5: C5FC395F2534F157286137196B663389
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP4
Image path: System32\DRIVERS\wVchNTxx.sys
Image size: 18688
Image MD5: 9DFCD083FC329BA87C7CB69EE9E7D923
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV0
Image path: System32\DRIVERS\wATV01nt.sys
Image size: 29440
Image MD5: FD70D86DD033F17199ECB3940C28AB23
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV1
Image path: System32\DRIVERS\wATV02NT.sys
Image size: 19456
Image MD5: 68BC5080A3A9393FC97B59772BD3E99D
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV2
Image path: System32\DRIVERS\wATV03nt.sys
Image size: 44928
Image MD5: 894D8B95A5EB503173E5A01866BB73B0
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV3
Image path: System32\DRIVERS\wATV04nt.sys
Image size: 31104
Image MD5: E3D6FF5710F98EBB8456753291EC106F
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV4
Image path: System32\DRIVERS\wCh7xxNT.sys
Image size: 23680
Image MD5: FCEF47DA2C8889424848BB60490CF292
Start: 3
Type: 1
Error Control: 0

Service (registry key): Imapi
Start: 1
Type: 1
Error Control: 0

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\imapi.exe
Image size: 123904
Image MD5: 8993C30844386527A2D1CE69CBA4C871
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Image path: System32\DRIVERS\intelide.sys
Image size: 4736
Image MD5: 3049227DA71A4A68515DCDCE3030EACD
Start: 0
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 19584
Image MD5: F56DD863BA732A4E8EE58D486C31250F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 79488
Image MD5: FC672AD6E9676814A0C844912F2ABCFF
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 57984
Image MD5: 1C4802409CFD4A7051F458B744CFCAA5
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 10496
Image MD5: B43201394646B7E98C89056EDDA686B5
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 23424
Image MD5: 1E7F78C2FC393356CD884C6FDE7966F9
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 159360
Image MD5: 10E0FEB086D8C1419B958C9034E4668A
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LexBceS
Display name: LexBce Server
Object name: LocalSystem
Image path: C:\WINDOWS\system32\LEXBCES.EXE
Image size: 311296
Image MD5: 2A125981BB23F0A023255D39B7E1C25E
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): LXARScan
Display name: Lexmark X73 MFP Scanner
Image path: System32\Drivers\Lxarscan.sys
Image size: 18024
Image MD5: E8D15ACD2F65A2E8756768353E08A9A0
Start: 2
Type: 1
Error Control: 1

Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mnmsrvc.exe
Image size: 32768
Image MD5: 743AEA1D5DB177ED3F1A0A25B3F5D6A6
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 22016
Image MD5: 81FB25D6EE5E0728D2C0630C58D7D908
Start: 1
Type: 1
Error Control: 1

Service (registry key): MountMgr
Display name: Mount Point Manager
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: System32\DRIVERS\mrxdav.sys
Image size: 172672
Image MD5: D30CBA20CC355D3648B9FED5BB55A9D5
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 392576
Image MD5: D4BD5EF775AD4FB0B8E3786F674DABDD
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\System32\msdtc.exe
Image size: 6144
Image MD5: 073D2F5B53580583FEB704084CBA39CE
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Installs, repairs and removes software according to instructions contained in .MSI files.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\msiexec.exe /V
Image size: 64512
Image MD5: 0FF60CC9E72EFC863B40B906E3372D81
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7040
Image MD5: 9686DED76AFB73B48905C77A002C3AD5
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5120
Image MD5: BD8A0DCF208C27E20416BF9E8AED9CF9
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4608
Image MD5: F6A726B8832DB1F88326B8BE98B11981
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 12288
Image MD5: E6B6D5E4C9C199B7BB56D7862EA68FBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 87552
Image MD5: 15787DECA8C5428BEEAA8044F544FD85
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 33152
Image MD5: E351339FA17C4A70940E15B5E3DAE6E2
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBT
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 149248
Image MD5: C6ED759F45B762CD5C1F69023AB90F4C
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 105984
Image MD5: 289CDCFFE33490CCA8B2F107511D654F
Start: 3
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 105984
Image MD5: 289CDCFFE33490CCA8B2F107511D654F
Start: 3
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): NPDriver
Display name: Norton Unerase Protection Driver
Image path: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
Image size: 258476
Image MD5: F5812BCACBFDCFA9B8E849084D15A9E9
Start: 3
Type: 1
Error Control: 1
Depends On services: SymEvent

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): NProtectService
Display name: Norton Unerase Protection
Object name: LocalSystem
Image path: C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
Image size: 81920
Image MD5: 360F93496FD1664B6E2D318D3E76882A
Start: 2
Type: 272
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): OMCI
Display name: OMCI
Image path: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
Start: 1
Type: 1
Error Control: 1

Service (registry key): P3
Display name: Intel PentiumIII Processor Driver
Image path: System32\DRIVERS\p3.sys
Image size: 37504
Image MD5: A724B79AF03C0F38CFBD8EF3A49829E6
Start: 1
Type: 1
Error Control: 1

Service (registry key): Parport
Display name: Parallel port driver
Image path: System32\DRIVERS\parport.sys
Image size: 76032
Image MD5: 67FD105F525A94C0246C9088E85A2F3B
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Display name: Partition Manager
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PcCtlCom
Display name: Trend Micro Central Control Component
Description: Manages the Trend Micro PC-cillin Component.
Object name: LocalSystem
Image path: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Image size: 864338
Image MD5: 474A016A35549B212A58F062CD0FF006
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 62976
Image MD5: 9390447F3B1BE5064A3EBE98C555A1E5
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 101376
Image MD5: E3DF4A0252D287C44606EE55355E1623
Start: 2
Type: 32
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: System32\DRIVERS\raspptp.sys
Image size: 46208
Image MD5: A33601C20FCA262A3FABE3730C2FAA62
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: System32\DRIVERS\psched.sys
Image size: 66048
Image MD5: 944440247FE6988C88B376ED85A0CD1A
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): QDFSDRV
Start: 0
Type: 0
Error Control: 0

Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 48384
Image MD5: 4C242C79A9C0D98D52D6F8CB9248D528
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: System32\DRIVERS\raspppoe.sys
Image size: 38912
Image MD5: 888335B3BE346119CF7B4EFF3A3FCA7C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 163328
Image MD5: DF80C149C96FCFBB8A3DC3D5DD950AA8
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 129024
Image MD5: FD256272FDDA1448A21D9C19CC9B4C25
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 56576
Image MD5: AB56D6ED4E86D2B6F819A24A070F35F7
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\locator.exe
Image size: 68608
Image MD5: 4EB484338FB62ED86A86D28013BFF9FD
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\System32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SCardDrv
Display name: Smart Card Helper
Description: Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 93184
Image MD5: A885D4EDE9852D81981B32FB0F134703
Start: 3
Type: 32
Error Control: 0
Depends On group: "Smart Card Reader"

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 93184
Image MD5: A885D4EDE9852D81981B32FB0F134703
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): ScsiPort
Image path: %SystemRoot%\system32\drivers\scsiport.sys
Image size: 90240
Image MD5: F1D2D6D805AE2856F3D923E949AD917D
Start: 0
Type: 0
Error Control: 0

Service (registry key): SDdriver
Display name: SDdriver
Image path: \??\C:\WINDOWS\System32\Drivers\sddriver.sys
Image size: 90272
Image MD5: 491F052B8F1E05B396D15EC9BF36565A
Start: 3
Type: 1
Error Control: 1

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: System32\DRIVERS\secdrv.sys
Image size: 27440
Image MD5: D26E26EA516450AF9D072635C60387F4
Start: 3
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: System32\DRIVERS\serenum.sys
Image size: 14976
Image MD5: 65A7C4D86C153C82E33A552C217ABB29
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: System32\DRIVERS\serial.sys
Image size: 62464
Image MD5: DC7CBFEC14B1B38BCF32ABA922FFEAAD
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Display name: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,NLA,RasMan,ALG

Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1

Service (registry key): Speed Disk service
Display name: Speed Disk service
Object name: LocalSystem
Image path: C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
Image size: 176193
Image MD5: 5E71D2342B963E61F99B19CB2E462C63
Start: 2
Type: 272
Error Control: 0
Depends On services: RPCSS

Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 5888
Image MD5: 32C54211E9E8A45CBCB097BEAEB1999A
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 51200
Image MD5: 9B4155BA58192D4073082B8FC5D42612
Start: 2
Type: 272
Error Control: 1
Depends On services: LexBceS,RPCSS

Service (registry key): sr
Display name: System Restore Filter Driver
Image path: \SystemRoot\System32\DRIVERS\sr.sys
Start: 4
Type: 2
Error Control: 1

Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: System32\DRIVERS\srv.sys
Image size: 322048
Image MD5: 042BEB03B0E917B530E78B8A08D48749
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1

Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k imgsvc
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): swenum
Display name: Software Bus Driver
Image path: System32\DRIVERS\swenum.sys
Image size: 3840
Image MD5: 064740C5C02DE46723C4B8200EE876DF
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{64FAD5C5-AA75-4AB9-9254-4BC3C15C745B}
Image size: 4608
Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): swwd
Start: 0
Type: 0
Error Control: 0

Service (registry key): Symantec Core LC
Display name: Symantec Core LC
Description: Symantec Core LC
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Image size: 819352
Image MD5: F11341CD0D1DC5EFF5FEFFCC7424984E
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): SymEvent
Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Image size: 110352
Image MD5: 4091B529B88C16CDAFDD50CB623F8365
Start: 3
Type: 1
Error Control: 1

Service (registry key): symlcbrd
Display name: symlcbrd
Image path: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys
Image size: 4608
Image MD5: 6596892DD5ABBE48F5876A551867A166
Start: 2
Type: 1
Error Control: 0

Service (registry key): SymWSC
Display name: SymWMI Service
Description: Symantec WMI Service
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Image size: 316544
Image MD5: 67C5AF84809468061121FBCBECB19285
Start: 2
Type: 16
Error Control: 0
Depends On services: winmgmt

Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 56832
Image MD5: B0B19F036F76333AB3338C7493E87B12
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 82944
Image MD5: 097741FAF3F510F9D23FACFF2DA8491D
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: System32\DRIVERS\tcpip.sys
Image size: 332928
Image MD5: 244A2F9816BC9B593957281EF577D976
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: System32\DRIVERS\termdd.sys
Image size: 38024
Image MD5: 194C51BC28A7CE9818012142B062E431
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): Tmfilter
Display name: Tmfilter
Image path: System32\drivers\TmXPFlt.sys
Image size: 183808
Image MD5: 7B6A9637905FAB070292D5A6AD5CF3AF
Start: 2
Type: 1
Error Control: 1
Depends On services: Vsapint,Tmpreflt

Service (registry key): Tmntsrv
Display name: Trend Micro Real-time Service
Description: Enables scanning in real time.
Object name: LocalSystem
Image path: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
Image size: 286792
Image MD5: 41D260FBD4E5D9525D458C7B21C3065F
Start: 2
Type: 272
Error Control: 1

Service (registry key): TmPfw
Display name: Trend Micro Personal Firewall
Description: Manages the Trend Micro Personal Firewall.
Object name: LocalSystem
Image path: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
Image size: 585789
Image MD5: FB55153CDA34073AF9B3137893BC1E67
Start: 2
Type: 272
Error Control: 1
Depends On services: rasman,tm_cfw

Service (registry key): Tmpreflt
Display name: Tmpreflt
Image path: System32\drivers\Tmpreflt.sys
Image size: 25088
Image MD5: CCD8B28C039302C367266BC3F641BC92
Start: 2
Type: 1
Error Control: 1

Service (registry key): tmproxy
Display name: Trend Micro Proxy Service
Description: Manages the Trend Micro tmtdi module.
Object name: LocalSystem
Image path: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Image size: 188484
Image MD5: 5F975641C10E9A58DAE9B0E723364AE9
Start: 2

guestolo · « **Reply #6 on:** July 01, 2005, 09:54:49 PM »

How's everything running?
No immediate threats found from Spybot

TheTechGuide Forum

News:

Author Topic: Can't get rid of Brower Hijacker (Read 7572 times)

newssurferboi

Can't get rid of Brower Hijacker

guestolo

Can't get rid of Brower Hijacker

newssurferboi

Can't get rid of Brower Hijacker

guestolo

Can't get rid of Brower Hijacker

newssurferboi

Can't get rid of Brower Hijacker

newssurferboi

Can't get rid of Brower Hijacker

guestolo

Can't get rid of Brower Hijacker