|
|
|
Getting Rid of SpyFalcon
|
|
|
mdrnage13
Newbie
|
12. May 2006 @ 17:08 |
Link to this message
|
|
hi i'm new here and not very savvy with computers. This SyFalcon has been on my computer for weeks and I don't know how to remove it! I followed the steps made by the first poster but cant get the program in this part: Download to desktop SpyFalcon.reg. How can I get that? Thank you! please respond quickly
|
|
Advertisement
|
 |
|
|
Senior Member
|
12. May 2006 @ 22:00 |
Link to this message
|
Hi mdrnage13.
Please post a HijackThis log to here.
Instructions for posting -> http://forums.afterdawn.com/thread_view.cfm/263784
(steps 3-5)
Then download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Unzip it (folder named SmitFraudFix) to your desktop:
Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)
Post the contents of this textfile to here.
(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
So I need you to post a HijackThis log and the SmitfraudFix log, then we'll get you cleaned...
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 12. May 2006 @ 22:01
|
|
ddp
Moderator
|
13. May 2006 @ 07:23 |
Link to this message
|
|
double post deleted
|
|
Runaway56
Suspended due to non-functional email address
|
20. May 2006 @ 05:11 |
Link to this message
|
Hello, all.
I read FordJenn's post with real interest.
I have Spyfalcon on this machine. I found removal instructions which echo each other at several sites. Followed the instructions, and have ALMOST gotten rid of Spyfalcon.
Oddly, it remains on Administrator's account.
Even more oddly, Administrator's access rights on the computer have been somehow restricted.
There are 6 accounts on this machine, including Administrator. Spyfalcon does not appear on any other account, after following removal instructions.
As Administrator, none of the listed suspect running processes appear in Task Manager. I run Spywareblaster, Spybot S&D, SpySweeper, and AVG AntiVirus. Also tried V-Com's System Suite, and have now installed BitDefender. Nothing even hints that any spyware, adware, or malware is running on the machine. This dude is quite well hidden.
FordJenn's comments regarding an updated Spyfalcon appear to be pretty important to any discussion of this fraudware.
The icon in the toolbar, and the popup window have been modified, it seems, because I don't see that blue popup, but a red and white small square popup.
Not sure if I can attach a screenshot here, don't see the tool to do so.
Anyway - have downloaded Ford's modified removal tools, I'm about to reboot to safe mode, and walk through this thing again. With any luck, I'll log in shortly, to report that Ford's tools worked, but I'm skeptical.
Wish me luck....
|
Senior Member
|
20. May 2006 @ 05:21 |
Link to this message
|
Hi Runaway56.
SpyFalcon is part of the smitfraud malware family and it is updated quite often.
But fortunately there is a great tool against smitfraud which is also updated regularly, when new variants are found. This tool is called the "SmitfraudFix".
I suggest that you do the following steps too:
Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Unzip it (folder named SmitFraudFix) to your desktop:
Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)
Post the contents of this textfile to here.
(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
Post a HijackThis log to here too, instructions -> http://forums.afterdawn.com/thread_view.cfm/263784
(steps 3-5)
|
|
Runaway56
Suspended due to non-functional email address
|
20. May 2006 @ 06:49 |
Link to this message
|
Done.
I think it's fixed this time. For the third time, I followed the instructions, very carefully.
Log files from smitfraud and HijackThis copied below, but anyone who actually works on this may find my experience interesting.
After running through the drill, as "Dad", I logged on, still in safe mode, as "Administrator". The toolbar icon and the popup window were still both active. Rebooted, and ran HijackThis as "dad", then as "administrator" again, as well as spywareblaster, and spybotS&D. Spybot updated itself, I ran it again. Nothing.
I inspected the HijackThis log again, and disabled G:\WINDOWS\system32\wbem\unsecapp.exe
Rebooted, logged in as "Administrator" again, and the toolbar icon was gone. Ran Spybot again, and when it got to the smitfraud section of it's scan, I got the spyfalcon popup. Wierd.
However - when Spybot had finished, I told it to fix the problems it found, which included two entries in ActiveDesktop.
Seems everything is fixed.
Logs attached below.
______________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 1:38:02 PM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\brsvc01a.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\brss01a.exe
G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\system32\cisvc.exe
G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
G:\WINDOWS\system32\inetsrv\inetinfo.exe
G:\WINDOWS\system32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
G:\WINDOWS\system32\BRMFRSMG.EXE
G:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
G:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\WINDOWS\system32\nvraidservice.exe
G:\PROGRA~1\Grisoft\AVG7\avgcc.exe
G:\WINDOWS\system32\wbem\unsecapp.exe
G:\PROGRA~1\VCOM\SYSTEM~1\SSuite.exe
G:\WINDOWS\system32\cidaemon.exe
G:\WINDOWS\system32\cidaemon.exe
G:\WINDOWS\system32\taskmgr.exe
G:\WINDOWS\system32\winlogon.exe
G:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
G:\Documents and Settings\Administrator\Desktop\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SpySweeper] "G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] G:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "G:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Fix-It AV] G:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOINC - Unknown owner - G:\Program Files\BOINC\boinc.exe" -daemon (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - G:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Diskeeper Corporation - G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - G:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - G:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
_______________________________________________________________________
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 05/20/2006
The current time is: 8:35:57.06
Running from
G:\Documents and Settings\Dad\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
logfiles
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1632 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
______________________________________________________________________
--- Search result list ---
Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1177238915-1935655697-1060284298-1007\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1
Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1177238915-1935655697-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1
SpyFalcon: Tracking cookie (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-19 Includes\Cookies.sbi (*)
2006-05-19 Includes\Dialer.sbi (*)
2006-05-19 Includes\Hijackers.sbi (*)
2006-05-19 Includes\Keyloggers.sbi (*)
2006-05-19 Includes\Malware.sbi (*)
2006-05-19 Includes\PUPS.sbi (*)
2006-05-19 Includes\Revision.sbi (*)
2006-05-19 Includes\Security.sbi (*)
2006-05-19 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-19 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: G:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 347695
MD5: 849ce18226be5645f47d8079b07f162f
Located: HK_LM:Run, BDMCon
command: "G:\Program Files\Softwin\BitDefender8\bdmcon.exe"
file: G:\Program Files\Softwin\BitDefender8\bdmcon.exe
size: 421888
MD5: fa4682f279a1449a8c33a19ed0d57b33
Located: HK_LM:Run, BDNewsAgent
command: "G:\Program Files\Softwin\BitDefender8\bdnagent.exe"
file: G:\Program Files\Softwin\BitDefender8\bdnagent.exe
size: 8192
MD5: 641e3f9e3bd0856eb6c8f88f318df4d4
Located: HK_LM:Run, BDOESRV
command: "G:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
file: G:\Program Files\Softwin\BitDefender8\bdoesrv.exe
size: 90112
MD5: 01980366e2a0ee31bab611a141f44e8d
Located: HK_LM:Run, DiskeeperSystray
command: "G:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
file: G:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
size: 319488
MD5: 4d7f94ec908cd3fc8354c2abda587d21
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: G:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: 053d920cba55ab5c45f42124ddfe1386
Located: HK_LM:Run, SpySweeper
command: "G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
file: G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
size: 3405312
MD5: 7c4b497a01887b43a234adf44758f7d5
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wingdm32
command: wingdm32.dll
file: wingdm32.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
--- ActiveX list ---
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: G:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: G:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 4/11/2006 5:10:10 PM
Date (last access): 5/20/2006 9:22:32 AM
Date (last write): 4/11/2006 5:10:10 PM
Filesize: 135168
Attributes: archive
MD5: 7267AE9C8DF527C30885DC29687D2A9B
CRC32: 1B1733A3
Version: 58.5.0.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: G:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 5/19/2006 8:34:30 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: G:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 5/20/2006 9:29:04 AM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
--- Process list ---
PID: 0 ( 0) [System]
PID: 952 ( 4) \SystemRoot\System32\smss.exe
PID: 1044 ( 952) \??\G:\WINDOWS\system32\csrss.exe
PID: 1068 ( 952) \??\G:\WINDOWS\system32\winlogon.exe
PID: 1112 (1068) G:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1124 (1068) G:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1268 (1112) G:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1328 (1112) G:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1368 (1112) G:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1420 (1112) G:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1880 (1112) G:\WINDOWS\system32\brsvc01a.exe
size: 57344
MD5: D3FACB34FFF5DB91ADB70987838F8BA7
PID: 1900 (1112) G:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: AD3D9D191AEA7B5445FE1D82FFBB4788
PID: 1912 (1880) G:\WINDOWS\system32\brss01a.exe
size: 45056
MD5: 9E646CD378D4D0C996BAF9BCB18237C7
PID: 812 ( 752) G:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 920 ( 812) G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
size: 3405312
MD5: 7C4B497A01887B43A234ADF44758F7D5
PID: 928 ( 812) G:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: 053D920CBA55AB5C45F42124DDFE1386
PID: 940 ( 812) G:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 347695
MD5: 849CE18226BE5645F47D8079B07F162F
PID: 968 ( 812) G:\Program Files\Softwin\BitDefender8\bdmcon.exe
size: 421888
MD5: FA4682F279A1449A8C33A19ED0D57B33
PID: 976 ( 812) G:\Program Files\Softwin\BitDefender8\bdoesrv.exe
size: 90112
MD5: 01980366E2A0EE31BAB611A141F44E8D
PID: 984 ( 812) G:\Program Files\Softwin\BitDefender8\bdnagent.exe
size: 8192
MD5: 641E3F9E3BD0856EB6C8F88F318DF4D4
PID: 1404 (1112) G:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1524 (1112) G:\WINDOWS\system32\msdtc.exe
size: 6144
MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
PID: 1704 (1112) G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 330291
MD5: 9023309E63E3C808A359835460288264
PID: 1736 (1112) G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 39987
MD5: 0C07536704F29608E79A3561EB5F1039
PID: 1808 (1112) G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
size: 233524
MD5: 4E4F6991561A78186F18F26DFF3B7B5A
PID: 1984 (1112) G:\Program Files\BOINC\boinc.exe
size: 278528
MD5: FF364D177B704DC625BDF5A5AA992351
PID: 2032 (1112) G:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 192 (1112) G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
size: 942080
MD5: 076ACBEF3E2EAA473FD1092A7F097540
PID: 456 (1112) G:\WINDOWS\system32\inetsrv\inetinfo.exe
size: 15872
MD5: 74B9FA2AFAF60B7F4E2A952E77B9DC6C
PID: 464 (1984) G:\Program Files\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_5.16_windows_intelx86.exe
size: 7356416
MD5: A5EC19EA221021851834318FC7A6B610
PID: 576 (1112) G:\WINDOWS\system32\locator.exe
size: 75264
MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
PID: 1040 (1112) G:\WINDOWS\system32\tcpsvcs.exe
size: 19456
MD5: 32933B07FC16D9F778BEE12545FA1B1A
PID: 1232 (1112) G:\WINDOWS\System32\snmp.exe
size: 32768
MD5: D923BF27723E28E3C121B77F52DB4BCE
PID: 1616 (1112) G:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1552 (1112) G:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
size: 2161152
MD5: 6FA9A8F97598C891D3437F4239AD6E6B
PID: 648 (1616) G:\WINDOWS\system32\BRMFRSMG.EXE
size: 32256
MD5: EAE7A53581A0ACA26FDDAA40CAF7BD62
PID: 2220 (1112) G:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
size: 69632
MD5: EFE92ECB722976B0FE4FCD22575ACA4F
PID: 2356 (1112) G:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
size: 69632
MD5: 4EF298F9218C61040A86ADE86AF3D9EB
PID: 2604 (1112) G:\Program Files\Softwin\BitDefender8\vsserv.exe
size: 90112
MD5: 0F0AC440B3894622AE6E8B35A297947C
PID: 3348 (1112) G:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3776 ( 812) G:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 17260 ( 812) G:\Program Files\SpywareBlaster\spywareblaster.exe
size: 995328
MD5: FD9C58D1B802BEB71ADA77DD6A92D0D9
PID: 17724 (2032) G:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 17836 (2032) G:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/20/2006 9:29:03 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
G:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 5: MSAFD Pgm (RDM)
GUID: {D4E2134A-DFB4-48B7-9840-C35C99474C35}
Filename: %SystemRoot%\system32\mswsock.dll
Protocol 6: MSAFD Pgm (Stream)
GUID: {D4E2134A-DFB4-48B7-9840-C35C99474C35}
Filename: %SystemRoot%\system32\mswsock.dll
Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: G:\WINDOWS\system32\pnrpnsp.dll
Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: G:\WINDOWS\system32\pnrpnsp.dll
--- Uninstall list ---
123 Free Solitaire 123 Free Solitaire 2004 (123 Free Solitaire)
uninstall cmd: G:\PROGRA~1\123FRE~1\UNWISE.EXE G:\PROGRA~1\123FRE~1\INSTALL.LOG
publisher: TreeCardGames.com
Atlantis Word Processor (Atlantis Word Processor)
uninstall cmd: "G:\Program Files\Atlantis\Atlantis.exe" -ui
AVG Anti-Virus 7.1 (AVG7Uninstall)
uninstall cmd: G:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Baldur's Gate & Tales of the Sword Coast (Baldur's Gate & Tales of the Sword Coast)
uninstall cmd: G:\WINDOWS\IsUninst.exe -f"G:\Program Files\Black Isle\Baldur's Gate\Uninst.isu"
(Branding)
GameSpy Arcade (GameSpy Arcade)
uninstall cmd: G:\PROGRA~1\GAMESP~1\UNWISE.EXE G:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gem Quest 1.1 (Gem Quest_is1)
install location: G:\Program Files\Gem Quest\
uninstall cmd: "G:\Program Files\Gem Quest\unins000.exe"
publisher: Drake Games
help link: http://www.drakegames.com
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: D:\old e drive\Documents and Settings\Sherry\Desktop\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
Security Update for Windows XP (KB913433) (KB913433)
uninstall cmd: G:\WINDOWS\system32\MacroMed\Flash\genuinst.exe G:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913433
K-Lite codec Pack 2.72 Full 2.72 (KLiteCodecPack_is1)
install location: G:\Program Files\K-Lite codec Pack\
uninstall cmd: "G:\Program Files\K-Lite codec Pack\unins000.exe"
Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: G:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE G:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: http://www.macromedia.com/support/shockwave
Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396
Mozilla FireFox (1.5) 1.5 (en-US) (Mozilla FireFox (1.5))
install location: G:\Program Files\Mozilla Firefox
uninstall cmd: G:\WINDOWS\UninstallFirefox.exe /ua "1.5 (en-US)"
publisher: Mozilla
My Free Mahjong v.2.0 2.0 (My Free Mahjong_is1)
install location: G:\Program Files\My Free Mahjong\
uninstall cmd: "G:\Program Files\My Free Mahjong\unins000.exe"
publisher: MyPlayCity.com
help link: http://www.myplaycity.com/support
NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: G:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan (Panda ActiveScan)
uninstall cmd: G:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 G:\WINDOWS\INF\PCHealth.inf
Roger Wilco (Roger Wilco)
uninstall cmd: G:\WINDOWS\uninst.exe -f"G:\Program Files\Resounding\Roger Wilco\DeIsL1.isu" -c"G:\Program Files\Resounding\Roger Wilco\_ISREG32.DLL"
Scorched3D 39.1 39.1 (Scorched3D)
uninstall cmd: G:\Program Files\Scorched3D\uninst.exe
publisher: Scorched
(Shockwave)
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: G:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "G:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: G:\Program Files\SpywareBlaster\
uninstall cmd: "G:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC
SwiftSwitch (SwiftSwitch)
uninstall cmd: G:\Program Files\SwiftSwitch\Uninstal.exe
Tweak UI (Tweak UI 2.10)
uninstall cmd: "G:\WINDOWS\system32\mshta.exe" "res://G:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "G:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver (WinRAR archiver)
uninstall cmd: G:\Program Files\WinRAR\uninstall.exe
XoftSpySE (XoftSpySE)
uninstall cmd: G:\Program Files\XoftSpySE\uninstall.exe
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122261
install date: 20060517
install source: G:\Documents and Settings\Dad\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: G:\Program Files\Java\jre1.5.0_06\README.txt
Spy Sweeper 4.5 ({5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1)
install location: G:\Program Files\Webroot\Spy Sweeper\
uninstall cmd: "G:\Program Files\Webroot\Spy Sweeper\unins000.exe"
publisher: Webroot Software, Inc.
BOINC 5.2.13 ({6744FF41-012F-4CC9-8B01-242D9CF83ED8})
version: 84017165
version (major): 5
version (minor): 2
estimated size: 6908
install date: 20060502
install location: G:\Program Files\BOINC\
install source: G:\WINDOWS\Downloaded Installations\{E80F6050-2F24-46CC-9DB6-F3E407E3E086}\
uninstall cmd: MsiExec.exe /I{6744FF41-012F-4CC9-8B01-242D9CF83ED8}
publisher: Space Sciences Laboratory, U.C. Berkeley
comments: Berkeley Open Infrastructure for Network Computing (BOINC)
help link: http://boinc.berkeley.edu/
Diskeeper Professional Premier Edition 10.0.606 ({7D8CC2F9-6787-4354-A709-8EE9FD3D8AFF})
version: 167772766
version (major): 10
estimated size: 21965
install date: 20060516
install source: G:\WINDOWS\Downloaded Installations\Diskeeper ProPremier\{DBA4CC38-78DE-45F5-960C-8AA3CA987601}\
uninstall cmd: MsiExec.exe /X{7D8CC2F9-6787-4354-A709-8EE9FD3D8AFF}
publisher: Diskeeper Corporation
comments: Disk Defragmenter
contact: Technical Support
help link: http://www.diskeeper.com/support
help telephone: US - 818-771-1600 EU - +011-44-1342-327477 Japan - 03-3447-7544
PowerDesk 6 6.0.4.2 ({B93251B5-9209-4DAB-867C-AA98D91584CD})
version: 100663300
version (major): 6
estimated size: 70012
install date: 20060517
install source: G:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{B93251B5-9209-4DAB-867C-AA98D91584CD}
publisher: Avanquest Publishing USA, Inc.
MSN Messenger 7.5 7.5.0324.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
version: 117768516
version (major): 7
version (minor): 5
estimated size: 15537
install date: 20060516
install source: C:\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation
BitDefender 8 Professional Plus 8.0.201 ({FBF5AAEB-55E7-493D-85B1-5018AFDC24A3})
version: 134217929
version (major): 8
estimated size: 21738
install date: 20060519
install source: G:\Program Files\Common Files\Softwin\Setup Information\{FBF5AAEB-55E7-493D-85B1-5018AFDC24A3}\
uninstall cmd: MsiExec.exe /I{FBF5AAEB-55E7-493D-85B1-5018AFDC24A3}
publisher: SOFTWIN
help link: http://www.bitdefender.com
--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for Oracle
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for SqlServer
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0
Service (registry key): 6to4
Display name: IPv6 Helper Service
Description: Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,tcpip6,winmgmt
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1
Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): ALCXWDM
Display name: Service for Realtek AC97 Audio (WDM)
Image path: system32\drivers\ALCXWDM.SYS
Image size: 2324160
Image MD5: D42F79F0D2CFFFA71BC807A863417011
Start: 3
Type: 1
Error Control: 1
Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1
Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASP
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_2.0.50727
Start: 0
Type: 0
Error Control: 0
Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 29896
Image MD5: D33C507942299753868204CC7642FA27
Start: 3
Type: 16
Error Control: 1
Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1
Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Image size: 330291
Image MD5: 9023309E63E3C808A359835460288264
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7RsXP
Display name: AVG7 Resident Driver XP
Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Image size: 39987
Image MD5: 0C07536704F29608E79A3561EB5F1039
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): AVGEMS
Display name: AVG E-mail Scanner
Object name: LocalSystem
Image path: G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Image size: 233524
Image MD5: 4E4F6991561A78186F18F26DFF3B7B5A
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): AvgTdi
Display name: AVG Network Redirector
Image path: \SystemRoot\System32\Drivers\avgtdi.sys
Start: 2
Type: 1
Error Control: 1
Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0
Service (registry key): bdss
Display name: BitDefender Scan Server
Description: Scans media for viruses and other security threats
Object name: LocalSystem
Image path: "G:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Image size: 69632
Image MD5: 4EF298F9218C61040A86ADE86AF3D9EB
Start: 2
Type: 16
Error Control: 1
Depends On services: XCOMM
Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): BOINC
Display name: BOINC
Description: Provides all the infrastructure for BOINC to download workunits and process them without user interaction.
Object name: .\Dad
Image path: "G:\Program Files\BOINC\boinc.exe" -daemon
Image size: 278528
Image MD5: FF364D177B704DC625BDF5A5AA992351
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip,AFD
Service (registry key): Brother XP spl Service
Display name: BrSplService
Object name: LocalSystem
Image path: G:\WINDOWS\system32\brsvc01a.exe
Image size: 57344
Image MD5: D3FACB34FFF5DB91ADB70987838F8BA7
Start: 2
Type: 272
Error Control: 1
Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): BrUsbScn
Display name: Brother MFC USB Scanner driver
Image path: System32\Drivers\BrUsbScn.sys
Image size: 10368
Image MD5: 1C5F014048E5B2748C1A8AD297C50B6F
Start: 3
Type: 1
Error Control: 1
Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0
Service (registry key): cisvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE
Service (registry key): clr_optimization_v2.0.50727_32
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66240
Image MD5: 3C4D595E7F9B747325AEF28B4ADCAAE5
Start: 3
Type: 16
Error Control: 0
Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0
Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0
Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1
Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0
Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1
Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT
Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Diskeeper
Display name: Diskeeper
Description: Controls the Windows Diskeeper Service
Object name: LocalSystem
Image path: "G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
Image size: 942080
Image MD5: 076ACBEF3E2EAA473FD1092A7F097540
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer
Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: system32\DRIVERS\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 0
Type: 1
Error Control: 1
Service (registry key): dmload
Start: 0
Type: 1
Error Control: 1
Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip
Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1
Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1
Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1
Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: TermService
Service (registry key): Fax
Display name: Fax
Description: Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
Object name: LocalSystem
Image path: %systemroot%\system32\fxssvc.exe
Image size: 267776
Image MD5: FCBD571FA0EE8DC238944AE5FAB74461
Start: 2
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler
Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1
Service (registry key): FILESpy
Display name: FILESpy
Image path: \??\G:\Program Files\Softwin\BitDefender8\filespy.sys
Image size: 13985
Image MD5: B2D164A9B3D73C2E683B694CA2152542
Start: 2
Type: 1
Error Control: 1
Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1
Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Start: 3
Type: 1
Error Control: 1
Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 124800
Image MD5: 157754F0DF355A9E0A6F54721914F9C6
Start: 0
Type: 2
Error Control: 1
Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0
Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1
Service (registry key): gameenum
Display name: Game Port Enumerator
Image path: system32\DRIVERS\gameenum.sys
Image size: 10624
Image MD5: 5F92FD09E5610A5995DA7D775EADCD12
Start: 3
Type: 1
Error Control: 0
Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1
Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): hidusb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0
Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1
Service (registry key): hSONYPVh
Display name: hSONYPVh
Image path: \??\C:\TEMP\hSONYPVh.sys
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262272
Image MD5: 3247A2DB333D1521680E6864A8295A47
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1
Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1
Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1
Service (registry key): IISADMIN
Display name: IIS Admin
Description: Allows administration of Web and FTP services through the Internet Information Services snap-in
Object name: LocalSystem
Image path: G:\WINDOWS\system32\inetsrv\inetinfo.exe
Image size: 15872
Image MD5: 74B9FA2AFAF60B7F4E2A952E77B9DC6C
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1
Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1
Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0
Service (registry key): InetInfo
Start: 0
Type: 0
Error Control: 0
Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1
Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntelIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): Ip6Fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\DRIVERS\Ip6Fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1
Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: D58ECD3B3969A670E68588F1640920B6
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): Iprip
Display name: RIP Listener
Description: Listens for route updates sent by routers that use the Routing Information Protocol version 1 (RIPv1).
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS
Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1
Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1
Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0
Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3
Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1
Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 171776
Image MD5: D93CAD07C5683DB066B0B2D2D3790EAD
Start: 3
Type: 1
Error Control: 1
Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1
Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0
Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0
Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0
Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): LPDSVC
Display name: TCP/IP Print Server
Description: Provides a TCP/IP-based printing service that uses the Line Printer protocol.
Object name: LocalSystem
Image path: %SystemRoot%\system32\tcpsvcs.exe
Image size: 19456
Image MD5: 32933B07FC16D9F778BEE12545FA1B1A
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Spooler
Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS
Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0
Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1
Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0
Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1
Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0
Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1
Service (registry key): MQAC
Display name: Message Queuing access control
Image path: \??\G:\WINDOWS\system32\drivers\mqac.sys
Image size: 72960
Image MD5: DB07B0088CDFD20C2A22E675120EDE34
Start: 3
Type: 1
Error Control: 1
Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1
Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 452864
Image MD5: F6BFAE0CC79784D0A72DF6684C173437
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: G:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSFtpsvc
Display name: FTP Publishing
Description: Provides FTP connectivity and administration through the Internet Information Services snap-in
Object name: LocalSystem
Image path: %SystemRoot%\system32\inetsrv\inetinfo.exe
Image size: 15872
Image MD5: 74B9FA2AFAF60B7F4E2A952E77B9DC6C
Start: 2
Type: 32
Error Control: 1
Depends On services: IISADMIN
Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\msiexec.exe /V
Image size: 77312
Image MD5: 4236AE241F193F58ADAB141CECCFD5F4
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSMQ
Display name: Message Queuing
Description: Provides a communications infrastructure for distributed, asynchronous messaging applications.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\mqsvc.exe
Image size: 4608
Image MD5: 72EF444E51025F389C6C232A28B7D736
Start: 2
Type: 16
Error Control: 1
Depends On services: MQAC,RMCAST,LanmanServer,NtLmSsp,RPCSS,MSDTC
Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1
Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1
Service (registry key): ms_mpu401
Display name: Microsoft MPU-401 MIDI UART Driver
Image path: system32\drivers\msmpu401.sys
Image size: 2944
Image MD5: CA3E22598F411199ADC2DFEE76CD0AE0
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1
Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 14592
Image MD5: 8D3CE6B579CDE8D37ACC690B67DC2106
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM
Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd
Service (registry key): nm
Display name: Network Monitor Driver
Image path: system32\DRIVERS\NMnt.sys
Image size: 40320
Image MD5: 60CF8C7192B3614F240838DDBAA4A245
Start: 3
Type: 1
Error Control: 1
Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): NTFSDRV
Start: 0
Type: 0
Error Control: 0
Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Null
Start: 1
Type: 1
Error Control: 1
Service (registry key): nv
Image path: system32\DRIVERS\nv4_mini.sys
Image size: 1897408
Image MD5: 2B298519EDBFCF451D43E0F1E8F1006D
Start: 3
Type: 1
Error Control: 0
Service (registry key): nvatabus
Image path: system32\DRIVERS\nvatabus.sys
Image size: 79360
Image MD5: 46DEED4C6C5FA765F9A2C723BE60348D
Start: 0
Type: 1
Error Control: 3
Service (registry key): NVENETFD
Display name: NVIDIA nForce Networking Controller Driver
Image path: system32\DRIVERS\NVENETFD.sys
Image size: 33024
Image MD5: F87D81C2A99A3796B5E4DB6D38B8E706
Start: 3
Type: 1
Error Control: 1
Service (registry key): nvnetbus
Display name: NVIDIA Network Bus Enumerator
Image path: system32\DRIVERS\nvnetbus.sys
Image size: 12928
Image MD5: 1602ABC3FC9F8CA6A5B2C9CB466720B5
Start: 3
Type: 1
Error Control: 1
Service (registry key): nvraid
Display name: NVIDIA NForce(tm) ATA RAID Class Driver
Image path: system32\DRIVERS\nvraid.sys
Image size: 68224
Image MD5: A5C77D944410FADEE380FB20B432760D
Start: 0
Type: 1
Error Control: 1
Service (registry key): nv_agp
Display name: NVIDIA nForce AGP Bus Filter
Image path: system32\DRIVERS\nv_agp.sys
Image size: 21120
Image MD5: C0FCD544A1C4EEA6D11A0AE6A07DAC9D
Start: 0
Type: 1
Error Control: 1
Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd
Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1
Service (registry key): NwlnkIpx
Display name: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
Description: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
Image path: system32\DRIVERS\nwlnkipx.sys
Image size: 88448
Image MD5: 79EA3FCDA7067977625B3363A2657C80
Start: 2
Type: 1
Error Control: 1
Service (registry key): NwlnkNb
Display name: NWLink NetBIOS
Description: NWLink NetBIOS
Image path: system32\DRIVERS\nwlnknb.sys
Image size: 63232
Image MD5: 56D34A67C05E94E16377C60609741FF8
Start: 2
Type: 1
Error Control: 1
Service (registry key): NwlnkSpx
Display name: NWLink SPX/SPXII Protocol
Description: NWLink SPX/SPXII Protocol
Image path: system32\DRIVERS\nwlnkspx.sys
Image size: 55936
Image MD5: C0BB7D1615E1ACBDC99757F6CEAF8CF0
Start: 2
Type: 1
Error Control: 1
Service (registry key): NwSapAgent
Display name: SAP Agent
Description: Service Advertising Protocol
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NwlnkIpx
Service (registry key): p2pgasvc
Display name: Peer Networking Group Authentication
Description: Provides Network Authentication for Peer Group Members.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k p2psvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc
Service (registry key): p2pimsvc
Display name: Peer Networking Identity Manager
Description: Provides Identity service for Peer Networking
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k p2psvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): p2psvc
Display name: Peer Networking
Description: Provides Peer Networking services
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k p2psvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PNRPSvc,p2pgasvc
Service (registry key): Parport
Display name: Parallel port driver
Image path: system32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 29744EB4CE659DFE3B4122DEB45BC478
Start: 3
Type: 1
Error Control: 1
Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1
Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"
Service (registry key): PCI
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 1
Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0
Service (registry key): PCIIde
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1
Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1
Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1
Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0
Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1
Service (registry key): PNRPSvc
Display name: Peer Name Resolution Protocol
Description: Enables Serverless Peer Name Resolution over the Internet
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k p2psvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: tcpip6,p2pimsvc
Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec
Service (registry key): PortProxy
Start: 0
Type: 0
Error Control: 0
Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1
Service (registry key): Processor
Display name: Processor Driver
Image path: system32\DRIVERS\processr.sys
Image size: 35328
Image MD5: 0D97D88720A4087EC93AF7DBB303B30A
Start: 1
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc
Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1
Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1
Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1
Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1
Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv
Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv
Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1
Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1
Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: D0FEF8156D2D2FEC557C100956D76887
Start: 1
Type: 2
Error Control: 1
Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0
Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1
Service (registry key): REGSpy
Display name: REGSpy
Image path: \??\G:\Program Files\Softwin\BitDefender8\regspy.sys
Image size: 10799
Image MD5: D49264ECD9AFBBB984B3223ABE9C42D2
Start: 2
Type: 1
Error Control: 1
Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup
Service (registry key): RemoteRegistry
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): RMCAST
Display name: Reliable Multicast Protocol driver
Image path: \??\G:\WINDOWS\system32\drivers\RMCast.sys
Image size: 200064
Image MD5: 35E81B908AE4E97FC7BDF4607C516FF4
Start: 3
Type: 1
Error Control: 1
Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 2
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs
Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 4
Type: 32
Error Control: 0
Depends On services: PlugPlay
Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 27440
Image MD5: D26E26EA516450AF9D072635C60387F4
Start: 3
Type: 1
Error Control: 1
Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0
Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15488
Image MD5: A2D868AEEFF612E70E213C451A70CAFB
Start: 3
Type: 1
Error Control: 1
Service (registry key): Serial
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 64896
Image MD5: CD9404D115A00D249F70A371B46D5A26
Start: 1
Type: 1
Error Control: 0
Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"
Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt
Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1
Service (registry key): SimpTcp
Display name: Simple TCP/IP Services
Description: Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day.
Object name: LocalSystem
Image path: %SystemRoot%\system32\tcpsvcs.exe
Image size: 19456
Image MD5: 32933B07FC16D9F778BEE12545FA1B1A
Start: 2
Type: 32
Error Control: 1
Depends On services: AFD
Service (registry key): SMCSMCWirelessUSB(SMC2662W)(R)
Display name: SMC SMCWirelessUSB(SMC2662W)(R) Service for SMC EZ Connect Wireless USB Adapter(SMC2662W)
Image path: system32\DRIVERS\Nets6251.sys
Image size: 93312
Image MD5: 7D4B6DCA2435B8D3E1CBCFC600F63319
Start: 3
Type: 1
Error Control: 1
Service (registry key): SMTPSVC
Display name: Simple Mail Transfer Protocol (SMTP)
Description: Transports electronic mail across the network
Object name: LocalSystem
Image path: G:\WINDOWS\system32\inetsrv\inetinfo.exe
Image size: 15872
Image MD5: 74B9FA2AFAF60B7F4E2A952E77B9DC6C
Start: 3
Type: 32
Error Control: 1
Depends On services: IISADMIN,Eventlog
Service (registry key): SNMP
Display name: SNMP Service
Description: Includes agents that monitor the activity in network devices and report to the network console workstation.
Object name: LocalSystem
Image path: %SystemRoot%\System32\snmp.exe
Image size: 32768
Image MD5: D923BF27723E28E3C121B77F52DB4BCE
Start: 2
Type: 16
Error Control: 1
Depends On services: EventLog
Service (registry key): SNMPTRAP
Display name: SNMP Trap Service
Description: Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 8704
Image MD5: 6F591DBEFD11F7697042907B516F1212
Start: 3
Type: 16
Error Control: 1
Depends On services: EventLog
Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1
Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 8E186B8F23295D1E42C573B82B80D548
Start: 3
Type: 1
Error Control: 1
Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: AD3D9D191AEA7B5445FE1D82FFBB4788
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): Sr
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Start: 0
Type: 2
Error Control: 1
Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 332544
Image MD5: 54E79B08D0ABC9C551D0FE69CC2F87EC
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): SSI
Display name: SSI
Image path: system32\Drivers\SSI.SYS
Image size: 78336
Image MD5: 0C55162D065B6ECD4C3D092515623418
Start: 0
Type: 1
Error Control: 1
Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): svcWRSSSDK
Display name: Webroot Spy Sweeper Engine
Description: Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function.
Object name: LocalSystem
Image path: G:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Image size: 2161152
Image MD5: 6FA9A8F97598C891D3437F4239AD6E6B
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): swenum
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1
Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1
Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\dllhost.exe /Processid:{38216683-046F-4B79-A9BD-2079528279D5}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1
Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1
Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1
Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1
Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 360448
Image MD5: 65C34C093E839505636954EAD50FA315
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec
Service (registry key): Tcpip6
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip6.sys
Image size: 223616
Image MD5: 4D58BB1AE8841AAFD8790AD7E1E3B8EA
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0
Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0
Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): TlntSvr
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\tlntsvr.exe
Image size: 73216
Image MD5: 37DB0A7D097310E8B4DE803FC3119C78
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP
Service (registry key): Tmfilter
Start: 0
Type: 0
Error Control: 0
Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): tunmp
Display name: Microsoft Tun Miniport Adapter Driver
Image path: system32\DRIVERS\tunmp.sys
Image size: 12416
Image MD5: 87A0E9E18C10A9E454238E3330E2A26D
Start: 3
Type: 1
Error Control: 1
Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1
Service (registry key): UMWdf
Display name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Object name: NT AUTHORITY\LocalService
Image path: G:\WINDOWS\system32\wdfmgr.exe
Image size: 38912
Image MD5: AB0A7CA90D9E3D6A193905DC1715DED0
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): Update
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 209408
Image MD5: AFF2E5045961BBC0A602BB6F95EB1345
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 4
Type: 16
Error Control: 1
Service (registry key): usbccgp
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 31616
Image MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 26624
Image MD5: 15E993BA2F6946B2BFBBFCD30398621E
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBFVNETR
Display name: EZ Connect 11 Mbps Wireless USB Adapter
Image path: system32\DRIVERS\vnetusbr.sys
Image size: 80128
Image MD5: 7ABD29FDC8834E20AB0068926C10E042
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbohci
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: system32\DRIVERS\usbohci.sys
Image size: 17024
Image MD5: BDFE799A8531BAD8A5A985821FE78760
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbprint
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 25856
Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbstor
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1
Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0
Service (registry key): ViaIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1
Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): VSSERV
Display name: BitDefender Virus Shield
Description: Scans media for viruses and other security threats
Object name: LocalSystem
Image path: "G:\Program Files\Softwin\BitDefender8\vsserv.exe" /service
Image size: 90112
Image MD5: 0F0AC440B3894622AE6E8B35A297947C
Start: 2
Type: 16
Error Control: 1
Depends On services: XCOMM,BDSS
Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): W3SVC
Display name: World Wide Web Publishing
Description: Provides Web connectivity and administration through the Internet Information Services snap-in
Object name: LocalSystem
Image path: %SystemRoot%\system32\inetsrv\inetinfo.exe
Image size: 15872
Image MD5: 74B9FA2AFAF60B7F4E2A952E77B9DC6C
Start: 2
Type: 32
Error Control: 1
Depends On services: IISADMIN
Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1
Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0
Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: 2797F33EBF50466020C430EE4F037933
Start: 3
Type: 1
Error Control: 1
Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV
Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0
Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: G:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WS2IFSL
Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Image path: \SystemRoot\System32\drivers\ws2ifsl.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt
Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio
Service (registry key): XCOMM
Display name: BitDefender Communicator
Description: Ensures proper communication between BitDefender components
Object name: LocalSystem
Image path: "G:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Image size: 69632
Image MD5: EFE92ECB722976B0FE4FCD22575ACA4F
Start: 2
Type: 16
Error Control: 1
Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): {9A04BA9D-078C-4922-A3C1-7406C0C64239}
Start: 0
Type: 0
Error Control: 0
Service (registry key): {BD16FD44-4A27-4F21-98C9-DEC49A791001}
Start: 0
Type: 0
Error Control: 0
______________________________________________________________________
Hope all of that helps the people who are actively fighting this fraudware. Seems that maybe the smitfraud tool needs adjusted to scan and repair those activedesktop registry settings.
Thanks for your time, and attention, everyone. ;)
|
|
Runaway56
Suspended due to non-functional email address
|
20. May 2006 @ 07:58 |
Link to this message
|
Seems I was wrong. Spyfalcon has restored itself to my desktop, both the toolbar icon, and the popup windows.
That sockspy entry looks suspicious to me, but when I tell HijackThis to repair it, I get an error.... probably should have copied it, to paste here.
Arghhh!! I'm quitting this for awhile. Be back later...
|
Senior Member
|
20. May 2006 @ 10:44 |
Link to this message
|
Hi Runaway56.
Smitfraud won't go away because you're using the wrong tool. You're using Smitrem while you should have been using SmitfraudFix. Smitrem is no longer updated so it won't recognise the latest variants.
So this is what I need you to do:
Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Unzip it (folder named SmitFraudFix) to your desktop:
Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)
Post the contents of this textfile to here.
(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
|
|
Runaway56
Suspended due to non-functional email address
|
21. May 2006 @ 00:44 |
Link to this message
|
|
Smitfraudfix worked.
I THOUGHT that I saved that txt file, but I can't find it now. Little bugger, just disappeared.
Errrr, I just ran it again, and realize now that I was looking for the wrong thing. Rapport.txt is overwritten with this new rapport.txt.
SmitFraudFix v2.45
Scan done at 3:39:15.65, Sun 05/21/2006
Run from G:\Documents and Settings\Dad\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» G:\
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Dad\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» G:\DOCUME~1\Dad\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» G:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
I don't understand what it's trying to tell me about wininet.dll - it's infected, or not?
Seems that running system file checker should replace wininet with the original Windows file. Whether that be true or not, sfc /scannow seems like a good idea. If any system files were corrupted by this thing, they'll be good as new once sfc has run.
|
Senior Member
|
21. May 2006 @ 02:22 |
Link to this message
|
You don't have a firewall on your computer. Download and install one firewall.
These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com
Cleaning instructions:
Move HijackThis into its own folder C:\HJT
Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download
We'll use it later.
Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
Scan and clean your computer with Ewido and save the log file.
Post a fresh HijackThis log and Ewido's log to here so we can see if your computer is now clean.
And the wininet.dll is clean now.
|
|
tschrock
Newbie
|
22. May 2006 @ 14:11 |
Link to this message
|
You would think if someone was going to go through all of the trouble to creating a crappy program like this one, that they would also reserve the likely removal URLs and cash in on both ends.
For example, you can infect yourself at http://www.spyfalcon.com. You can remove it by visiting http://www.removespyfalcon.com.
So smart, yet so lacking...
Thor Schrock
Owner
Schrock Innovations, Inc.
|
|
Skalek
Newbie
|
22. May 2006 @ 16:05 |
Link to this message
|
|
Hmmm...nice writeup. Your regfile seems to be outdated for all the newer variants though.
|
|
aznrukus
Newbie
|
23. May 2006 @ 06:27 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 6:32:21 AM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hpBE.tmp
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0....
O18 - Protocol: bw+0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
SmitFraudFix v2.46
Scan done at 6:47:09.46, Tue 05/23/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\FAVORI~1
C:\DOCUME~1\Admin\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"
[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
Skalek
Newbie
|
23. May 2006 @ 07:25 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 23. May 2006 @ 07:28
|
Senior Member
|
23. May 2006 @ 09:21 |
Link to this message
|
@Skalek
Those instructions won't work with the new variants, that tool is outdated. And there is some other infections too so there IS a need for HijackThis log.....
@aznrukus
You don't have a firewall or an antivirus on your computer. Download and install one firewall and one antivirus.
These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com
These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com
Ok, you got some infections....
Cleaning instructions:
Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download
We'll use it later.
Disable Ad-Aware Ad-Watch -> http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_R...
Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml
When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.
You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.
The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".
The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt.
Warning : Running option 2 in a clean computer will delete your desktop wallpaper.
Scan and clean your computer with Ewido and save the log file.
Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\rapport.txt
This message has been edited since posting. Last time this message was edited on 23. May 2006 @ 09:21
|
|
aznrukus
Newbie
|
23. May 2006 @ 10:54 |
Link to this message
|
|
Thanks alot for the fast reply i'm gonna try this i'll let you know how it goes.
|
|
Skalek
Newbie
|
23. May 2006 @ 11:25 |
Link to this message
|
|
How are those instructions outdated?
With all due respect to S1ri and his smitfraudfix tool, which is an excellent tool in its own right, the instructions at BC are updated every single time a new infection dll is released.
Plus the tool that it uses, RogueScanFix, is currently targetting SpyFalcon DLLs that SmitFraudFix is not as of yet targetting (though S1Ri does plan on implementing them in the next update).
If you mean smitrem is outdated, you are right, but thats just being used for ancillary files that are left over from smitfraud infections.
|
|
aznrukus
Newbie
|
23. May 2006 @ 12:57 |
Link to this message
|
I would like to thank JaPK for all the help for this situation. This program is a creeper. We got the program from my cousin using myspace and clicking on a user's page and automaticaly saved it on the computer and restarted the computer by itself afterwards of viewing the page. Thanks alot for your help guys i really appreciate it and will be using those programs you guys refreed me to as wells as my ad aware. Thanks agian for everything.
Here are the logs as stated.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:51:19 PM, 5/23/2006
+ Report-Checksum: 8642D6F
+ Scan result:
No infected objects found.
::Report End
SmitFraudFix v2.46
Scan done at 13:10:37.55, Tue 05/23/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"
[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Admin\FAVORI~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\sbnudh.dll -> Missing File
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"
[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 1:56:38 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0....
O18 - Protocol: bw+0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {ACC65C64-ABF9-4617-A75B-6D0EDAC60E89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
This message has been edited since posting. Last time this message was edited on 23. May 2006 @ 12:58
|
Senior Member
|
23. May 2006 @ 23:41 |
Link to this message
|
|
@Skalek
Ok sorry my bad, you were rigth, those instructions are updated too. I wasn't looking carefully enough ;) But it is outdated in that sence that it has 17 steps and lots of manual work... SmitfraudFix only has two steps but in this case we have to do some manual removing too :)
@aznrukus
Ok, run SmitfraudFix with option 2 again. Then post the new contents of C:\rapport.txt to here
|
|
aznrukus
Newbie
|
24. May 2006 @ 00:07 |
Link to this message
|
|
Here you go JaPK thanks agian.
SmitFraudFix v2.46
Scan done at 1:03:25.64, Wed 05/24/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"
[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\sbnudh.dll -> Missing File
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"
[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
This message has been edited since posting. Last time this message was edited on 24. May 2006 @ 00:12
|
Senior Member
|
24. May 2006 @ 00:30 |
Link to this message
|
|
Ok almost clean...
Open Notepad
-> copy the following lines into a new document:
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"=-
[-HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}]
Save the document to your desktop as fix.reg and filetype: All Files
Go to your desktop and run the file fix.reg and answer yes to any questions.
Then run smitfraudfix with option 1 and copy the results to here.
This message has been edited since posting. Last time this message was edited on 24. May 2006 @ 00:32
|
|
aznrukus
Newbie
|
25. May 2006 @ 01:25 |
Link to this message
|
|
SmitFraudFix v2.46
Scan done at 2:24:42.40, Thu 05/25/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"
[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@="C:\WINDOWS\system32\sbnudh.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
Senior Member
|
25. May 2006 @ 05:19 |
Link to this message
|
|
Hi aznrukus, did you follow my instructions and created that fix.reg file? Did you run it ?
We'll have to do that again.
Open Notepad
-> copy the following lines into a new document:
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"=-
[-HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}]
Save the document to your desktop as fix.reg and filetype: All Files
Go to your desktop and run the file fix.reg and answer yes to any questions.
Then run smitfraudfix with option 1 and copy the results to here.
|
|
Skalek
Newbie
|
25. May 2006 @ 09:04 |
Link to this message
|
|
|
|
Advertisement
|
|
|
|
Caclone
Newbie
|
25. May 2006 @ 10:36 |
Link to this message
|
Hi. SpyFalcon bs has gotten to me too. Aware of the great job you guys are doing to help people use their computers in peace, i'll save you guys further introductions and go straight to the logs.
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 14:29:06, on 25-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\system32\WinSys.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\HJT\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 82.195.155.5 c3310.z1301.winmx.com c3311.z1301.winmx.com c3312.z1301.winmx.com c3313.z1301.winmx.com c3314.z1301.winmx.com c3315.z1301.winmx.com c3316.z1301.winmx.com c3317.z1301.winmx.com c3318.z1301.winmx.com c3319.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1302.winmx.com c3311.z1302.winmx.com c3312.z1302.winmx.com c3313.z1302.winmx.com c3314.z1302.winmx.com c3315.z1302.winmx.com c3316.z1302.winmx.com c3317.z1302.winmx.com c3318.z1302.winmx.com c3319.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1303.winmx.com c3311.z1303.winmx.com c3312.z1303.winmx.com c3313.z1303.winmx.com c3314.z1303.winmx.com c3315.z1303.winmx.com c3316.z1303.winmx.com c3317.z1303.winmx.com c3318.z1303.winmx.com c3319.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1304.winmx.com c3311.z1304.winmx.com c3312.z1304.winmx.com c3313.z1304.winmx.com c3314.z1304.winmx.com c3315.z1304.winmx.com c3316.z1304.winmx.com c3317.z1304.winmx.comc3318.z1304.winmx.com c3319.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1305.winmx.com c3311.z1305.winmx.com c3312.z1305.winmx.com c3313.z1305.winmx.com c3314.z1305.winmx.com c3315.z1305.winmx.com c3316.z1305.winmx.com c3317.z1305.winmx.com c3318.z1305.winmx.com c3319.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1306.winmx.com c3311.z1306.winmx.com c3312.z1306.winmx.com c3313.z1306.winmx.com c3314.z1306.winmx.com c3315.z1306.winmx.com c3316.z1306.winmx.com c3317.z1306.winmx.comc3318.z1306.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1301.winmx.com c3521.z1301.winmx.com c3522.z1301.winmx.com c3523.z1301.winmx.com c3524.z1301.winmx.com c3525.z1301.winmx.com c3526.z1301.winmx.com c3527.z1301.winmx.com c3528.z1301.winmx.com c3529.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1302.winmx.com c3521.z1302.winmx.com c3522.z1302.winmx.com c3523.z1302.winmx.com c3524.z1302.winmx.com c3525.z1302.winmx.com c3526.z1302.winmx.com c3527.z1302.winmx.com 3528.z1302.winmx.com c3529.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1303.winmx.com c3521.z1303.winmx.com c3522.z1303.winmx.com c3523.z1303.winmx.com c3524.z1303.winmx.com c3525.z1303.winmx.com c3526.z1303.winmx.com c3527.z1303.winmx.com c3528.z1303.winmx.com c3529.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1304.winmx.com c3521.z1304.winmx.com c3522.z1304.winmx.com c3523.z1304.winmx.com c3524.z1304.winmx.com c3525.z1304.winmx.com c3526.z1304.winmx.com c3527.z1304.winmx.com c3528.z1304.winmx.com c3529.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1305.winmx.com c3521.z1305.winmx.com c3522.z1305.winmx.com c3523.z1305.winmx.com c3524.z1305.winmx.com c3525.z1305.winmx.com c3526.z1305.winmx.com c3527.z1305.winmx.com c3528.z1305.winmx.com c3529.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1306.winmx.com c3521.z1306.winmx.com c3522.z1306.winmx.com c3523.z1306.winmx.comc3524.z1306.winmx.com c3525.z1306.winmx.com c3526.z1306.winmx.com c3527.z1306.winmx.com c3528.z1306.winmx.comc3529.z1306.winmx.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Archivos de programa\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp102.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://www.arcadetown.com/swf/waterbugs/r64loader.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.reflexive.net/rlwweb/ReflexiveWebGameLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.arcadetown.com/swf/luxor/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/po...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
SmitFraudFix log:
SmitFraudFix v2.47
Scan done at 14:32:56,12, 25-05-2006
Run from C:\Documents and Settings\Roberto\Escritorio\Smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Versi˘n 5.1.2600]
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Roberto\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Roberto\FAVORI~1
C:\DOCUME~1\Roberto\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Archivos de programa
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mi p gina de inicio actual"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{336ec37f-54bf-4f13-8237-03f64fa591e7}"="devisors"
[HKEY_CLASSES_ROOT\CLSID\{336ec37f-54bf-4f13-8237-03f64fa591e7}\InProcServer32]
@="C:\WINDOWS\system32\oerucu.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{336ec37f-54bf-4f13-8237-03f64fa591e7}\InProcServer32]
@="C:\WINDOWS\system32\oerucu.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Thanks in advance.
...
|
|
