Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

BurstMedia attack HELP!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: BurstMedia attack HELP!!

Unread postby ndmmxiaomayi » December 3rd, 2007, 11:13 am

Hi vinaymieux,

Do you have system restore turned on? If yes, try the following:

  1. Click on Start > All Programs > Accessories > System Tools > System Restore .
  2. Select Restore my computer to an earlier date.
  3. Click Next.
  4. You will be shown a calendar. Select the date before you used Spybot to remove Burstmedia (before 30 November).
  5. Click Next.
  6. Windows will ask you if you want to use this Restore Point. Click Next, then click OK.
  7. Restart your computer.

Are your connections working?

Please also post a new HijackThis log.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Re: BurstMedia attack HELP!!

Unread postby vinaymieux » December 3rd, 2007, 1:35 pm

Hi ndmmxiaomayi,

I have already tried the System Restore long back. It did not help.
vinaymieux
Regular Member
 
Posts: 31
Joined: November 27th, 2007, 10:41 am

Re: BurstMedia attack HELP!!

Unread postby ndmmxiaomayi » December 3rd, 2007, 8:34 pm

Hmm...

Try the following:

Disable Threatfire temporarily

1. Right-click the ThreatFire icon in the system tray.
2. Click Suspend. The word "Suspend" is preceded by a check.

Uninstall ZoneAlarm

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate ZoneAlarm and click on the Change/Remove button to uninstall it.
  3. Close Add/Remove Programs and Control Panel.
  4. Restart the computer.

One question:

Have you uninstalled or installed any programs lately?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BurstMedia attack HELP!!

Unread postby vinaymieux » December 4th, 2007, 3:52 am

Hi ndmmxiaomayi,

1. Threat Fire I've already stopped using.

2. Uninstalled Zone Alarm but still no progress.

3. I didn't install any new program when i was hit by the malware, but after that, because i started facing this problem, i had installed a few anti spywares. Nothing else.

I have even tried starting my laptop in clean boot mode ( msconfig => diagnostic startup ); to make sure that there's no third party installed program causing this. But that also didn't work.

And I've even tried my laptop in Safe Mode with Networking; still same...
vinaymieux
Regular Member
 
Posts: 31
Joined: November 27th, 2007, 10:41 am

Re: BurstMedia attack HELP!!

Unread postby ndmmxiaomayi » December 4th, 2007, 7:12 am

What anti spyware programs did you install?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BurstMedia attack HELP!!

Unread postby vinaymieux » December 4th, 2007, 9:48 am

Threat Fire
AVG Antispyware
Super Antispyware

Now I'm using Super Antispyware only.
Which one do you suggest I should use amongst these or any other? I keep getting Tracking Cookies on my comp and have to scan and delete manually everyday.
vinaymieux
Regular Member
 
Posts: 31
Joined: November 27th, 2007, 10:41 am

Re: BurstMedia attack HELP!!

Unread postby ndmmxiaomayi » December 4th, 2007, 10:06 am

Hi vinaymieux,

Keep SuperAntiSpyware for now. Have you scanned with SuperAntispyware? Did you remove anything with it? Do you have a SuperAntispyware log?

  1. Open Spybot Search & Destroy.
  2. Click on Mode > Advanced Mode. You will be prompted. Click Yes.
  3. Click on Tools on the left. Check (tick) the View Report box on the right hand side.
  4. Now click on the View Report button on the left hand side.
  5. Uncheck (untick) these boxes:
      Include results of last check in report
      Include browser pages in report
      Include system information in report
  6. Click on View Report (See image below, boxed up in red) button at the top.

    Image
  7. Click on Export.... (See image below, boxed up in red)

    Image
  8. Save this report to your desktop.
  9. Open the report and copy and paste this report in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BurstMedia attack HELP!!

Unread postby vinaymieux » December 5th, 2007, 5:32 am

Hi ndmmxiaomayi,

I am using Super AntiSpyware only now. I keep scanning everyday with it. Sometimes it detects Tracking Cookies so I delete them. The first time i had installed it and scanned, it caught lots of them. Here's the log of that scan:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/28/2007 at 01:27 PM

Application Version : 3.9.1008

Core Rules Database Version : 3351
Trace Rules Database Version: 1350

Scan type : Complete Scan
Total Scan Time : 00:56:11

Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 8196
Registry threats detected : 0
File items scanned : 42968
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@questionmarket[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@weborama[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@ads.pointroll[2].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@www.googleadservices[2].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@www.googleadservices[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@www4.addfreestats[2].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@adbrite[2].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@bs.serving-sys[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@serving-sys[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@track.asus[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@www.serial-gamer[2].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@eyewonder[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@www.googleadservices[3].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@stat.dealtime[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@banners.audioholics[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@2o7[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@adinterax[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@estat[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@tacoda[2].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@3.adbrite[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@atwola[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@revsci[2].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@tribalfusion[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@clicksor[2].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@adserver.easyad[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@sonycorporate.122.2o7[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@2.adbrite[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@xiti[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@ads.adbrite[1].txt
C:\Documents and Settings\Vinay_Acer\Cookies\vinay_acer@ads.bridgetrack[2].txt


And here's the log of Spybot (This one is really long):



--- Startup entries list ---
Located: HK_LM:Run, Ad-watch
command: C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
file: C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
size: 396288
MD5: ca7e45a7572f5ff3ed0beb219b727144

Located: HK_LM:Run, Broadcom Wireless Manager UI
command: C:\WINDOWS\system32\WLTRAY
file: C:\WINDOWS\system32\WLTRAY.exe
size: 647272
MD5: e06b0348867fe3e741cbc2c814acbb88

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 116328
MD5: 452e910f4ade5117394024591bd8ed6e

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: 8a265bbcf604292ed59ff823bb99e49b

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 7fde1b477bbdd4dd905c0612954042f0

Located: HK_LM:Run, LManager
command: C:\PROGRA~1\LAUNCH~1\LManager.exe
file: C:\PROGRA~1\LAUNCH~1\LManager.exe
size: 483328
MD5: 31a06fa4acabdc5c511c42e2602e528c

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 517768
MD5: c837d17de0b349539aa527ee750ebe2a

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 692315
MD5: 6f0aa1f6467793b7651af71c8508d69a

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 102491
MD5: 402541819ca99cd10e730e80f73cd7ed

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, SUPERAntiSpyware
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1318912
MD5: 225e41f95d0f33148d264746087017d4

Located: Startup (common), BTTray.lnk
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 565309
MD5: 97cf3ec1582005c2d354b708f0960b63

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 98632
MD5: d91afb6d2a0da7539b74fb5838775d94

Located: Startup (disabled), Adobe Gamma Loader.exe (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (disabled), GetRight - Tray Icon (DISABLED)
command: C:\PROGRA~1\GetRight\getright.exe
file: C:\PROGRA~1\GetRight\getright.exe
size: 2301952
MD5: 47ae8e7b1ee6479ffacf6962d2e738e3

Located: Startup (disabled), Microsoft Office OneNote 2003 Quick Launch (DISABLED)
command: C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr
file:

Located: Startup (disabled), Phone Connection Monitor (DISABLED)
command: C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE
file: C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE
size: 754176
MD5: 4094667c86adaea50095e69a7780f014

Located: Startup (disabled), Picture Package Menu (DISABLED)
command: C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~4\SonyTray.exe
file: C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~4\SonyTray.exe
size: 151552
MD5: f15fcbb20fe82674f48a60a37e5ba45a

Located: Startup (disabled), Picture Package VCD Maker (DISABLED)
command: C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE -h
file: C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE
size: 106496
MD5: 2361871818dcadb9c436c44f21d4a077

Located: Startup (disabled), Microsoft Office Groove (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office12\GROOVE.EXE -background
file: C:\PROGRA~1\MICROS~3\Office12\GROOVE.EXE
size: 338216
MD5: f7351de406289f3a2fc6e0586a24082f

Located: Startup (disabled), OneNote 2007 Screen Clipper and Launcher (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr
file: C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE
size: 98632
MD5: d91afb6d2a0da7539b74fb5838775d94

Located: System.ini, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 294912
MD5: 3b2f85d8c913ce452ade4a0d24299fea

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, IntelWireless
command:
file:

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, winghy32 (DISABLED)
command: winghy32.dll
file: winghy32.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 1:56:50 AM
Date (last access): 12/5/2007 2:34:56 PM
Date (last write): 12/14/2004 1:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
BHO name:
CLSID name:
Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\
Long name: NppBHO.dll
Short name:
Date (created): 2/19/2007 8:52:56 AM
Date (last access): 12/5/2007 2:34:56 PM
Date (last write): 2/19/2007 8:52:56 AM
Filesize: 97960
Attributes: readonly archive
MD5: FE48BB4C64B6D42EB637732D9D2962E4
CRC32: 9D5C5BBE
Version: 2007.1.7.4

{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
BHO name:
CLSID name: bho2gr Class
description: GetRight
classification: Legitimate
known filename: msie2gr.dll
info link: http://www.getright.com/
info source: TonyKlein
Path: C:\Program Files\GetRight\
Long name: xx2gr.dll
Short name:
Date (created): 2/12/2006 2:32:04 AM
Date (last access): 12/5/2007 2:45:16 PM
Date (last write): 2/14/2005 12:08:50 PM
Filesize: 233472
Attributes: archive
MD5: 06EE81C0ABBCFCD09ED3B3A9798871D3
CRC32: 752B81F8
Version: 5.2.0.3

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 8/21/2006 3:49:22 PM
Date (last access): 12/5/2007 2:34:56 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~1\MICROS~3\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 10/27/2006 12:48:42 AM
Date (last access): 12/5/2007 2:34:56 PM
Date (last write): 10/27/2006 12:48:42 AM
Filesize: 2210608
Attributes: archive
MD5: 786DD1892B553EFE5A004AC39775C851
CRC32: AAD965C9
Version: 12.0.4518.1014

{BDF3E430-B101-42AD-A544-FADC6B084872} ()
BHO name:
CLSID name:
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein



--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/ ... ontrol.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 7/12/2005 6:04:22 PM
Date (last access): 12/4/2007 6:49:04 PM
Date (last write): 2/15/2007 6:01:04 PM
Filesize: 1476992
Attributes: archive
MD5: 6299685540C149FED6DBFD2CD587D1F4
CRC32: 6C1D4BDA
Version: 1.7.17.0

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/Shar ... vSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 5/17/2006 2:32:30 PM
Date (last access): 12/4/2007 6:49:04 PM
Date (last write): 5/17/2006 2:32:30 PM
Filesize: 231072
Attributes: archive
MD5: A5E06A91CF82D97985C90B12FEE33A01
CRC32: 5AC66733
Version: 2006.2.22.58

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/Shar ... /cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 5/17/2006 2:32:42 PM
Date (last access): 12/4/2007 6:49:06 PM
Date (last write): 5/17/2006 2:32:42 PM
Filesize: 161480
Attributes: archive
MD5: D9021B7C1D765851774FD9A753AEC435
CRC32: 6D65423F
Version: 2006.2.15.43

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftup ... 4485819567
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 12/4/2007 6:49:06 PM
Date (last write): 7/30/2007 7:19:04 PM
Filesize: 207736
Attributes: archive
MD5: 2DEE560CCEF55353EB62FDA870446393
CRC32: 5AA71F7B
Version: 7.0.6000.381

{7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class)
DPF name:
CLSID name: ICSScanner Class
Installer: C:\WINDOWS\Downloaded Program Files\ICSScanner.inf
Codebase: http://download.zonelabs.com/bin/promot ... r37800.cab
description:
classification: Legitimate
known filename: ICSSCAN.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ICSScan.dll
Short name:
Date (created): 5/10/2006 1:51:22 PM
Date (last access): 12/4/2007 6:49:08 PM
Date (last write): 5/10/2006 1:51:22 PM
Filesize: 1492728
Attributes: archive
MD5: 65CB51937BFC08B8E76420400FF2B35E
CRC32: D1B45B1C
Version: 3.7.80.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2005 4:09:54 AM
Date (last access): 12/4/2007 6:49:08 PM
Date (last write): 6/3/2005 4:09:54 AM
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan ... asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 4/11/2006 5:10:10 PM
Date (last access): 12/4/2007 6:49:08 PM
Date (last write): 4/11/2006 5:10:10 PM
Filesize: 135168
Attributes: archive
MD5: 7267AE9C8DF527C30885DC29687D2A9B
CRC32: 1B1733A3
Version: 58.5.0.0

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi150_04.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2005 4:09:54 AM
Date (last access): 12/5/2007 2:45:52 PM
Date (last write): 6/3/2005 4:09:54 AM
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: SymAData.dll
info link:
info source: Safer Networking Ltd.



--- Process list ---
PID: 0 ( 0) [System]
PID: 752 ( 4) \SystemRoot\System32\smss.exe
PID: 824 ( 752) \??\C:\WINDOWS\system32\csrss.exe
PID: 848 ( 752) \??\C:\WINDOWS\system32\winlogon.exe
PID: 892 ( 848) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 904 ( 848) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1076 ( 892) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1144 ( 892) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1264 ( 892) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1352 ( 892) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1560 ( 892) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1952 ( 892) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1996 ( 892) c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
size: 99888
MD5: 44B3B997E25C5D9A81D6C501451A96D7
PID: 200 ( 172) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 644 ( 892) C:\Acer\eManager\anbmServ.exe
size: 1287168
MD5: C10D0FAE427EA464EDEA2EE5DC40F056
PID: 800 ( 892) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 952 ( 892) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
size: 163840
MD5: 05D21AD56EA309597864393D3D4A14F7
PID: 1092 ( 892) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 214376
MD5: 85C9E3559E84ED675DE856E5A45880D6
PID: 1108 ( 892) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 109160
MD5: F66E892DA958C02B624B4A127CC32F6E
PID: 1284 ( 892) C:\WINDOWS\system32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1832 ( 892) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 335872
MD5: 7CF1B716372B89568AE4C0FE769F5869
PID: 2032 ( 200) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 116328
MD5: 452E910F4ADE5117394024591BD8ED6E
PID: 180 ( 200) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 102491
MD5: 402541819CA99CD10E730E80F73CD7ED
PID: 164 ( 200) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 692315
MD5: 6F0AA1F6467793B7651AF71C8508D69A
PID: 1024 ( 200) C:\PROGRA~1\LAUNCH~1\LManager.exe
size: 483328
MD5: 31A06FA4ACABDC5C511C42E2602E528C
PID: 264 ( 200) C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
size: 396288
MD5: CA7E45A7572F5FF3ED0BEB219B727144
PID: 344 ( 200) C:\WINDOWS\system32\WLTRAY.exe
size: 647272
MD5: E06B0348867FE3E741CBC2C814ACBB88
PID: 416 ( 200) C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: 8A265BBCF604292ED59FF823BB99E49B
PID: 424 ( 200) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 436 ( 200) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1318912
MD5: 225E41F95D0F33148D264746087017D4
PID: 572 ( 200) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 565309
MD5: 97CF3EC1582005C2D354B708F0960B63
PID: 556 ( 200) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 98632
MD5: D91AFB6D2A0DA7539B74FB5838775D94
PID: 596 ( 892) C:\Program Files\Seagate\Sync\SeaSyncServices.exe
size: 24120
MD5: 3505926FB3651D134CF413A3296B4FEB
PID: 1412 ( 892) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1304 ( 892) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1174664
MD5: 43CFCA936D211BF7F1CDE1DDF807CB76
PID: 1588 ( 892) C:\WINDOWS\System32\wltrysvc.exe
size: 65536
MD5: 9FBF2700968E8BDA9901201A34832143
PID: 1716 (1588) C:\WINDOWS\System32\bcmwltry.exe
size: 827499
MD5: 7262F62C5C302420B9A427870FC666B9
PID: 3640 ( 892) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3452 ( 892) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 2620 (3452) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 3768 (3452) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 3284 ( 848) C:\WINDOWS\system32\taskmgr.exe
size: 135680
MD5: FC160ACE21C81837692B339D230DD4BE
PID: 3120 (1264) C:\WINDOWS\system32\wuauclt.exe
size: 53080
MD5: F3E9065EB617A7E3A832A7976BFA021B
PID: 3916 ( 200) C:\Program Files\Outlook Express\msimn.exe
size: 60416
MD5: 091C14F4C71328D4316248A2421190DE
PID: 256 ( 892) C:\WINDOWS\system32\msiexec.exe
size: 77312
MD5: 4236AE241F193F58ADAB141CECCFD5F4
PID: 652 ( 200) C:\Program Files\internet explorer\iexplore.exe
size: 620032
MD5: C69585A5C1CC4509171C14E09AE185B5
PID: 2232 ( 200) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C99D0032-598B-46A6-9F79-26FE1F5B4BB6}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C99D0032-598B-46A6-9F79-26FE1F5B4BB6}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D70DCE13-6F33-4436-AEB6-9EC9663A6808}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D70DCE13-6F33-4436-AEB6-9EC9663A6808}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F632ABD2-A0ED-4ED1-97E4-05DEE6A0FB42}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F632ABD2-A0ED-4ED1-97E4-05DEE6A0FB42}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E273375-42CE-4992-B3E7-4885B1BA7597}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E273375-42CE-4992-B3E7-4885B1BA7597}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4458FA5-AEB1-4E88-9BD4-B89096A0DBFA}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4458FA5-AEB1-4E88-9BD4-B89096A0DBFA}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E86AA35-E0A0-4FC7-BE64-20EF9B3246B2}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E86AA35-E0A0-4FC7-BE64-20EF9B3246B2}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D5719057-4429-4C2E-92A4-6B614BCCD14A}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D5719057-4429-4C2E-92A4-6B614BCCD14A}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{512B7BC1-B57F-455E-BDA5-D99703B5C217}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{512B7BC1-B57F-455E-BDA5-D99703B5C217}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{94B5FB4D-C81C-4C6C-BBF5-6200F9CF7EAD}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{94B5FB4D-C81C-4C6C-BBF5-6200F9CF7EAD}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8FE73089-DC0B-4474-9918-141BED1103F9}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8FE73089-DC0B-4474-9918-141BED1103F9}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*



--- Uninstall list ---
1Click DVD Copy 4.2.9.2 (1Click DVD Copy_is1)
install location: C:\Program Files\LG Software Innovations\1Click DVD Copy 4.2\
uninstall cmd: "C:\Program Files\LG Software Innovations\1Click DVD Copy 4.2\unins000.exe"
publisher: LG Software Innovations
help link: http://www.1clickdvdcopy.com

Ad-aware 6 Professional 6.0.1.158 (Ad-aware 6 Professional)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft Sweden
comments: Ad-aware VI Professional
help link: http://www.lavasoftusa.com

(AddressBook)

Adobe Photoshop 6.0 6.0 (Adobe Photoshop 6.0)
version (major): 6
install location: C:\Program Files\Adobe\Photoshop 6.0
install source: E:\Adobe PhotoShop 6.0\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
publisher: Adobe Systems, Inc.

Agere Systems AC'97 Modem (Agere Systems Soft Modem)
uninstall cmd: agrsmdel

(Branding)

Broadcom 802.11 Network Adapter (Broadcom 802.11b Network Adapter)
uninstall cmd: C:\WINDOWS\system32\BCMWLU00.exe verbose

(Connection Manager)

Creative PlayCenter (Creative PlayCenter 2.0)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\Setup.exe" -l0x9 /remove

Creative WaveStudio (Creative WaveStudio)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\Setup.exe" -l0x9 /remove

(DirectAnimation)

(DirectDrawEx)

DVD43 v3.9.0 (DVD43_is1)
install location: C:\Program Files\dvd43\
uninstall cmd: "C:\Program Files\dvd43\unins000.exe"

(DXM_Runtime)

Microsoft Office Enterprise 2007 12.0.4518.1014 (ENTERPRISE)
install location: C:\Program Files\Microsoft Office
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
publisher: Microsoft Corporation

FFTD Screensaver (FFTD Screensaver)
uninstall cmd: C:\WINDOWS\system32\FFTD Screensaver.scr /u

(Fontcore)

Free Mp3 Wma Converter V 1.4.0 (Free Mp3 Wma Converter_is1)
install location: C:\Program Files\Free Audio Pack\
uninstall cmd: "C:\Program Files\Free Audio Pack\unins000.exe"
publisher: Renan Broquin
help link: http://koyotstar.free.fr

SEMC DSS SyncStation Driver (FTDICOMM)
uninstall cmd: C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini

GetRight (GetRight)
uninstall cmd: C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\HijackThis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp deskjet 5550 series (Remove only) (hp deskjet 5550 series)
uninstall cmd: C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall

hp LaserJet-all-in-one (hp LaserJet-all-in-one)
uninstall cmd: C:\Program Files\hp\Digital Imaging\{1B4B2D13-BA87-4c7c-8B67-0EE7CE698415}\setup\hpzscr01.exe -datfile hpbscr01.dat
publisher: hp
help link: http://www.hp.com

hp print screen utility (hp print screen utility)
uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20071126
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20060823.002922 (ie7)
install date: 20071204
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

(InstallShield Uninstall Information)

Broadcom 440x 10/100 Integrated Controller 5.52.03 (InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61})
version: 87293955
version (major): 5
version (minor): 52
estimated size: 252
install date: 20071122
install source: C:\WINDOWS\Downloaded Installations\{C327C337-AC0B-4075-BFD1-385B156BBEBC}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
publisher: Broadcom
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: C:\Program Files\Broadcom\DrvInst\Readme.txt

Acer eManager for Notebook 1.0.29.44 (InstallShield_{827289F5-B44F-4E49-9993-840741585A62})
version: 16777245
version (major): 1
estimated size: 9124
install date: 20060212
install location: C:\Acer\eManager\
install source: C:\WINDOWS\Downloaded Installations\{3B3120B7-D2F0-4C4C-8F31-10B7ADE51492}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
publisher: Acer Inc.
comments: Thank you for using this product
contact: Customer Support Department
help link: http://www.acer.com
help telephone: Please locate your local service center on our website

FreeAgent Go Tools 1.00.0032 (InstallShield_{ECD43B7A-CB3B-4AF8-91F6-C460A575E411})
version: 16777248
version (major): 1
estimated size: 143695
install date: 20071122
install location: C:\Program Files\Seagate\
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\{FFFED0D9-AF0C-4BA8-B083-293217B1BB1B}\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}\setup.exe -runfromtemp -l0x0409
publisher: Seagate
help link: http://www.seagate.com/www/en-us/support/freeagent

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB889858)

(KB891122)

(KB892313)

(KB893240)

(KB893241)

(KB893803)

(KB895181)

(KB895316)

(KB895572)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB907658)

(KB911565)

(KB911854)

Hotfix for Windows XP (KB915865) 10 (KB915865)
install date: 20071126
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=915865

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20071128
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239

Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931906

Kundli for Windows (Lite Edition) (Kundli for Windows (Lite Edition))
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Computer Zone\Kundli for Windows (Lite Edition)\DeIsL1.isu" -c"C:\Program Files\Computer Zone\Kundli for Windows (Lite Edition)\_ISREG32.DLL"

LimeWire PRO 4.12.6 4.12.6 (LimeWire)
uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

LiveUpdate 3.2 (Symantec Corporation) 3.2.0.68 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
publisher: Symantec Corporation

Launch Manager (LManager)
uninstall cmd: C:\WINDOWS\UnInst32.exe LManager.UNI

(Logitech VideoCall)

Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(MobileOptionPack)

mpegable X4 live 2.2 (mpegable X4 live)
uninstall cmd: C:\WINDOWS\AKDeInstall.exe "/C:\Program Files\mpegable\"

(MPlayer2)

(mRouterRuntime)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20071128
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

(NeroBackItUp!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20071126
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

OrderReminder hp LaserJet 3015/3020/3030/3380 1.0 (OrderReminder hp LaserJet 3015/3020/3030/3380)
install location: "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder"
uninstall cmd: "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\Uninstall-hpLJ_3015-3020-3030-3380\installerhelper.exe" "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\Uninstall-hpLJ_3015-3020-3030-3380\installerhelper.properties" -from-addremove

(OutlookExpress)

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Picasa 2 2.0 (Picasa2)
uninstall cmd: "C:\Program Files\Picasa2\Uninstall.exe"
publisher: Google, Inc.
help link: http://www.picasa.com/

PodUtil 2.7.1 (PodUtil_is1)
install location: C:\Program Files\PodUtil\
uninstall cmd: "C:\Program Files\PodUtil\unins000.exe"
publisher: KennettNet.co.uk
help link: http://www.kennettnet.co.uk/

Power MP3 WMA Converter 2005, (ver 2.0) 2.0.0.6 (Power MP3 WMA Converter_is1)
install location: C:\Program Files\Power MP3 WMA Converter\
uninstall cmd: "C:\Program Files\Power MP3 WMA Converter\unins000.exe"
publisher: CooolSoft, Inc.
help link: http://www.cooolsoft.com

Logitech® Camera Driver (QcDrv)
install location: C:\Program Files\Common Files\Logitech\QCDRV
install source: E:\Drivers\Bin\
uninstall cmd: "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

(RemoteP800)

(SchedulingAgent)

(Sevinst)

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Sony Ericsson Themes Creator 3.15 3.15 (Sony Ericsson Themes Creator)
uninstall cmd: C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
publisher: Sony Ericsson Mobile Communications AB

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Superman Returns Screen Saver (Superman Returns)
uninstall cmd: C:\WINDOWS\system32\Superman Returns.scr /u

Norton 360 (Symantec Corporation) 1.0.0.184 (SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777})
install location: C:\Program Files\Norton 360
install source: F:\Norton 360\N360R1U1Y_184 (F)
uninstall cmd: "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
publisher: Symantec Corporation

Norton Add-on Pack (Symantec Corporation) 1.1.0.38 (SymSetup.{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC})
install location: C:\Program Files\Bonus
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38
uninstall cmd: "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_1_0_38\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}.exe" /X
publisher: Symantec Corporation

Synaptics Pointing Device Driver 7.12.13.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

(tmpSifyBroadband_is1)

Update Service 2.7.6.8-1 (Update Service)
uninstall cmd: C:\Program Files\Sony Ericsson\Update Service\uninst.exe
publisher: Sony Ericsson Mobile Communications AB

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20060307
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.7.0017.0 (WgaNotify)
install date: 20060630
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070206
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070206
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

WordWeb 4 (WordWeb)
uninstall cmd: C:\Program Files\WordWeb\uninst.exe
publisher: Antony Lewis

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

ZTE CDMA1X CARD (ZTE_CDMA1X_CARD_is1)
install location: C:\Program Files\ZTE CDMA1X CARD\
uninstall cmd: "C:\Program Files\ZTE CDMA1X CARD\unins000.exe"

SuppSoft 1 ({022DA2C3-81C7-4003-A6BC-1BB147B20097})
version: 16777216
version (major): 1
estimated size: 1105
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\Support\SuppSoft\
uninstall cmd: MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
publisher: Symantec Corporation

Macromedia Flash Player 7.0.19.0 ({0456ebd7-5f67-4ab6-852e-63781e3f389c})
version: 117440531
version (major): 7
estimated size: 1006
install date: 20060327
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\{3C3F24B0-288E-4689-B65D-292280576A20}\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\
uninstall cmd: MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
publisher: Macromedia, Inc.

QuickTime 7.1.6.200 ({08094E03-AFE4-4853-9D31-6D0743DF5328})
version: 117506054
version (major): 7
version (minor): 1
estimated size: 72255
install date: 20070502
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\IXP408.TMP\
uninstall cmd: MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Security Update for CAPICOM (KB931906) 2.1.0.2 ({0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 770
install date: 20070728
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation

1.00.0000 ({1C32666E-3F65-4A9A-BC4D-FE293015FE7B})
version: 16777216
version (major): 1
estimated size: 191558
install date: 20060531
install source: E:\
uninstall cmd: msiexec /x{1C32666E-3F65-4A9A-BC4D-FE293015FE7B}
publisher: Hewlett-Packard
help link: http://www.hp.com

Norton 360 Help 1.0.0 ({1CA941F1-5006-487E-9FD4-09F812A7D6B8})
version: 16777216
version (major): 1
estimated size: 640
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\Support\Help\
uninstall cmd: MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
publisher: Symantec Corporation

CuteFTP 7 Professional 7.10.0000 ({1CCBCF78-EF12-4137-B3CA-99F30A2E7D21})
version (major): 7
version (minor): 1
install location: C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9
publisher: GlobalSCAPE
comments: Uninstalling? Please tell us why at http://www.globalscape.com/support/mail3.asp
contact: GlobalSCAPE Support Department
help link: http://www.globalscape.com/support/
help telephone: 1-210-308-8267

Picture Package 1.06.003 ({1E2F8AE3-3437-44E6-BB75-E95751D6B83F})
version: 17170435
install location: C:\Program Files\Sony Corporation\Picture Package
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL

Norton 360 1.0.0.184 ({21829177-4DED-4209-AD08-490B3AC9C01A})
version: 16777216
version (major): 1
estimated size: 1863
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\N360\
uninstall cmd: MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
publisher: Symantec Corporation

Google Talk (remove only) ({226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk)
uninstall cmd: "C:\Program Files\Google\Google Talk\uninstall.exe"

GearDrvs 1 ({228F6876-A313-40A3-91C0-C3CBE6997D09})
version: 16777216
version (major): 1
estimated size: 104
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\Support\GearDrvs\
uninstall cmd: MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
publisher: Symantec Corporation

Opera 9.01 9.01 ({256808AA-7E9E-4DB5-8A27-A26268864747})
version: 151060480
version (major): 9
version (minor): 1
estimated size: 4871
install date: 20060919
install location: C:\Program Files\Opera\
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\_is3E5\
uninstall cmd: MsiExec.exe /X{256808AA-7E9E-4DB5-8A27-A26268864747}
publisher: Opera Software ASA
help link: http://www.opera.com/support

Scan 3.5.0.0 ({257EC58E-03FD-472B-A9B6-93F23A3C4CB0})
version: 50659328
version (major): 3
version (minor): 5
estimated size: 8036
install date: 20060304
install source: E:\Setup\scan\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

Norton 360 1.0.0.184 ({2D617065-1C52-4240-B5BC-C0AE12157777})
version: 16777216
version (major): 1
estimated size: 93029
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\N360\
uninstall cmd: MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
publisher: Symantec Corporation

SymNet 7.2.0.15 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 117571584
version (major): 7
version (minor): 2
estimated size: 3118
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation

Macromedia Flash MX 2004 7 ({2F353D44-73BB-4971-B31D-F7642E9E9531})
install location: C:\Program Files\Macromedia\Flash MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/go/flash_support

Norton Confidential Web Authentification Component 1.5.1.4 ({3074EB89-1BCA-4AEF-AFF4-EFB4634C1923})
version: 17104897
version (major): 1
version (minor): 5
estimated size: 8141
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\N360\
uninstall cmd: MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
publisher: Symantec Corporation

J2SE Runtime Environment 5.0 Update 4 1.5.0.40 ({3248F0A8-6813-11D6-A77B-00B0D0150040})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 121261
install date: 20060212
install source: C:\Documents and Settings\Vinay_Acer\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_04\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20060212
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

iTunes 7.1.1.5 ({3592F5CB-B524-43AA-92F2-2377268199CC})
version: 117506049
version (major): 7
version (minor): 1
estimated size: 51658
install date: 20070502
install location: C:\Program Files\iTunes\
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\IXP408.TMP\
uninstall cmd: MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Norton AntiSpam 2007.1.1.19 ({3B29A786-5803-4E9E-9B58-3014A5B4E519})
version (major): 2007
version (minor): 1
estimated size: 1487
install date: 20071101
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38\Support\AdBlocking\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
publisher: Symantec Corporation

ccCommon 106.3.0.10 ({3CCAD2EF-CFF2-4637-82AA-AABF370282D3})
version: 1778581504
version (major): 106
version (minor): 3
estimated size: 7010
install date: 20071101
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
publisher: Symantec

Bonus 1.1.0.38 ({420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 2252
install date: 20071101
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38\Bonus\
uninstall cmd: MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
publisher: Symantec Corporation

({435E969D-867E-4364-8E74-3DC8A69C5BDB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\Setup.exe" -l0x9

ccPxyCore 106.3.0.10 ({47A86BDE-6871-4A8A-BB49-21FAF754E00E})
version: 1778581504
version (major): 106
version (minor): 3
estimated size: 2646
install date: 20071101
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38\Support\Proxy\
uninstall cmd: MsiExec.exe /I{47A86BDE-6871-4A8A-BB49-21FAF754E00E}
publisher: Symantec

Norton Confidential Browser Component 1.5.1.4 ({4843B611-8FCB-4428-8C23-31D0A5EAE164})
version: 17104897
version (major): 1
version (minor): 5
estimated size: 3397
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\N360\
uninstall cmd: MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
publisher: Symantec Corporation

({48E3A9E6-FA13-11D5-8CC9-00A0C98192B6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\Setup.exe" -l0x9

CC_ccProxyExt 106.3.0.10 ({4AAD206E-0557-440F-8A98-94921A64BF4B})
version: 1778581504
version (major): 106
version (minor): 3
estimated size: 720
install date: 20071101
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38\Support\Proxy\
uninstall cmd: MsiExec.exe /I{4AAD206E-0557-440F-8A98-94921A64BF4B}
publisher: Symantec

Photo Story 3 for Windows 3.0.1115.11 ({4F41AD68-89F2-4262-A32C-2F70B01FCE9E})
version: 50332763
version (major): 3
estimated size: 20290
install date: 20061007
install source: C:\Documents and Settings\Vinay_Acer\Desktop\
uninstall cmd: MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
publisher: Microsoft Corporation
contact: support@microsoft.com
help link: http://support.microsoft.com
help telephone: (425) 882-8080

CorelDRAW Graphics Suite 12 12.0.0.458 ({505AFDC0-5E72-4928-8368-5DEA385E3647})
version: 201326592
version (major): 12
estimated size: 333445
install date: 20071121
install location: C:\Program Files\Corel\Corel Graphics 12\
install source: F:\Softwares\CORAL 12\
uninstall cmd: MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
publisher: Corel Corporation
comments:
contact: Corel Customer Service
help link: http://www.corel.com
help telephone: U.S. 1-800-772-6735 Outside U.S. +441628 581601, UK: 0870 774 0202
readme: Readme.html

Broadcom 440x 10/100 Integrated Controller 5.52.03 ({52504CE6-E909-4113-B232-4AFEC6543A61})
version: 87293955
version (major): 5
version (minor): 52
estimated size: 252
install date: 20071122
install source: C:\WINDOWS\Downloaded Installations\{C327C337-AC0B-4075-BFD1-385B156BBEBC}\
publisher: Broadcom
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: C:\Program Files\Broadcom\DrvInst\Readme.txt

Norton AntiSpam 2007.1.1.30 ({5677563D-0CB1-485F-9E18-C5025306BB3F})
version (major): 2007
version (minor): 1
estimated size: 8288
install date: 20071101
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38\Support\AntiSpam\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
publisher: Symantec Corporation

Sony USB Driver ({5C29CB8B-AC1E-4114-8D68-9CD080140D4A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

({5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB})
install location: C:\Program Files\Disc2Phone\

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20060213
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downlo ... .aspx/help
help telephone: 1-425.882.8080

Norton 360 1.0.0.184 ({63A6E9A9-A190-46D4-9430-2DB28654AFD8})
version: 16777216
version (major): 1
estimated size: 1622
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\Support\MSRedist\
uninstall cmd: MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
publisher: Symantec Corporation

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Disc2Phone 1.3.0.106 ({6E65247F-58F9-41CA-BE69-0316F7907170})
version: 16973824
version (major): 1
version (minor): 3
estimated size: 10201
install date: 20060929
install location: C:\Program Files\Disc2Phone\
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\_is4\
uninstall cmd: MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
publisher: Sony Media Software
help link: http://www.sonyericsson.com/support

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 218792
install date: 20070221
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

MSXML 4.0 SP2 Parser and SDK 4.20.9818.0 ({716E0306-8318-4364-8B8F-0CC4E9376BAC})
version: 68429402
version (major): 4
version (minor): 20
estimated size: 36
install date: 20071127
install source: C:\Documents and Settings\Vinay_Acer\Desktop\
uninstall cmd: MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
publisher: Microsoft Corporation
help link: http://www.msdn.microsoft.com/xml

SPBBC 32bit 3.2.1.3 ({77772678-817F-4401-9301-ED1D01A8DA56})
version: 50462721
version (major): 3
version (minor): 2
estimated size: 3808
install date: 20071115
install location: C:\Program Files\Norton 360\
install source: F:\Norton 360\N360R1U1Y_184 (F)\Support\SPBBC\
uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
publisher: Symantec Corporation

Acer eManager for Notebook 1.0.29.44 ({827289F5-B44F-4E49-9993-840741585A62})
version: 16777245
version (major): 1
estimated size: 9124
install date: 20060212
install location: C:\Acer\eManager\
install source: C:\WINDOWS\Downloaded Installations\{3B3120B7-D2F0-4C4C-8F31-10B7ADE51492}\
publisher: Acer Inc.
comments: Thank you for using this product
contact: Customer Support Department
help link: http://www.acer.com
help telephone: Please locate your local service center on our website

Nero 7 Demo 7.00.1461 ({84B2CF01-194D-2284-B313-F2E0D78D1033})
version: 117441973
version (major): 7
estimated size: 218057
install date: 20060223
install location: C:\Program Files\Nero\Nero 7\
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\Nero7.tmp\
uninstall cmd: MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
publisher: Nero AG
comments: Nero AG
contact: techsupport@nero.com
help link: http://www.nero.com/

QFolder 1.00.0000 ({8777AC6D-89F9-4793-8266-DE406F343E89})
version: 16777216
version (major): 1
estimated size: 177
install date: 20060304
install source: E:\setup\QFolder\
publisher: Hewlett-Packard

Microsoft Visual C Runtime 8.0.0 ({8A5F34E2-37CF-4AD4-808C-2D413786E31A})
version: 134217728
version (major): 8
estimated size: 1778
install date: 20071127
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\is-DNIV0.tmp\
publisher: Microsoft

Intel(R) Graphics Media Accelerator Driver for Mobile ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592

UMVPLStandalone 10.00.1439 ({8AC049F7-1383-45C3-9E7D-F93CA667F9E1})
version: 167773599
version (major): 10
estimated size: 3328
install date: 20070926
install location: C:\Program Files\My Company Name\My Product Name\
install source: E:\Drivers\Bin\
uninstall cmd: MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
publisher: Logitech Inc.

Microsoft Software Update for Web Folders (English) 12 12.0.4518.1014 ({90120000-0010-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 2227
install date: 20070811
install source: C:\MSOCache\All Users\{90120000-0010-0409-0000-0000000FF1CE}-C\
publisher: Microsoft Corporation

Microsoft Office Access MUI (English) 2007 12.0.4518.1014 ({90120000-0015-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 31916
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\
uninstall cmd: MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Excel MUI (English) 2007 12.0.4518.1014 ({90120000-0016-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 16272
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office PowerPoint MUI (English) 2007 12.0.4518.1014 ({90120000-0018-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 15521
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Publisher MUI (English) 2007 12.0.4518.1014 ({90120000-0019-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 24282
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Outlook MUI (English) 2007 12.0.4518.1014 ({90120000-001A-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 22840
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Word MUI (English) 2007 12.0.4518.1014 ({90120000-001B-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 18657
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-001B-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (English) 2007 12.0.4518.1014 ({90120000-001F-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 51191
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.en\
uninstall cmd: MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (French) 2007 12.0.4518.1014 ({90120000-001F-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 23416
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\
uninstall cmd: MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (Spanish) 2007 12.0.4518.1014 ({90120000-001F-0C0A-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 38197
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.es\
uninstall cmd: MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proofing (English) 2007 12.0.4518.1014 ({90120000-002C-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 506
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Enterprise 2007 12.0.4518.1014 ({90120000-0030-0000-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 764752
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office InfoPath MUI (English) 2007 12.0.4518.1014 ({90120000-0044-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 73514
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0044-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Shared MUI (English) 2007 12.0.4518.1014 ({90120000-006E-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 67082
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office OneNote MUI (English) 2007 12.0.4518.1014 ({90120000-00A1-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 37842
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-00A1-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Groove MUI (English) 2007 12.0.4518.1014 ({90120000-00BA-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 4438
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\Groove.en-us\
uninstall cmd: MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Groove Setup Metadata MUI (English) 2007 12.0.4518.1014 ({90120000-0114-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 502
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Shared Setup Metadata MUI (English) 2007 12.0.4518.1014 ({90120000-0115-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 494
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Access Setup Metadata MUI (English) 2007 12.0.4518.1014 ({90120000-0117-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 502
install date: 20070811
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office FrontPage 2003 11.0.5614.0 ({90170409-6000-11D3-8CFE-0150048383C9})
version: 184554990
version (major): 11
estimated size: 380702
install date: 20060212
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

Microsoft Office Visio Professional 2003 11.0.3216.5614 ({90510409-6000-11D3-8CFE-0150048383C9})
version: 184552592
version (major): 11
estimated size: 399274
install date: 20060212
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Visio11\1033\VIREADME.HTM

WIDCOMM Bluetooth Software 3.0.1.904 ({90535871-81B9-4D99-8A13-A7EE97F2D7FE})
version: 50331649
version (major): 3
estimated size: 18022
install date: 20060212
install source: E:\Drivers\BTW\
uninstall cmd: MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
publisher:
help link:
help telephone:
readme: 0

Symantec Technical Support Controls 1.0.0 ({92B1B3CC-EC78-45B8-96D0-8B3F11495864})
version: 16777216
version (major): 1
estimated size: 4904
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\Support\SuppSoft\
uninstall cmd: MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
publisher: Symantec Corporation

3.1.028 ({A2092B2A-A4FB-4464-A4C0-023D2C9993F8})
version: 50397212
install location: c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9

Windows Defender Signatures 1.20.0.0 ({A5CC2A09-E9D3-49EC-923D-03874BBD4C2C})
version: 18087936
version (major): 1
version (minor): 20
estimated size: 2892
install date: 20061007
install source: C:\Program Files\Windows Defender\
uninstall cmd: MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
publisher: Microsoft Corporation

Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 62959
install date: 20060212
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Broadcom Gigabit Integrated Controller 8.06.01 ({B7F54262-AB66-44B3-88BF-9FC69941B643})
version: 134610945
version (major): 8
version (minor): 6
estimated size: 508
install date: 20060212
install location: C:\Program Files\Broadcom\drvinst\
install source: E:\Drivers\Lan\Giga\DrvInst\IA32\
uninstall cmd: MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
publisher: Broadcom Corporation
contact: Broadcom Support
help link: http://www.broadcom.com
readme: C:\Program Files\Broadcom\drvinst\Readme.txt

selection program 2.2.1 ({BA754419-CD7E-4F8A-A367-BFF9E3E8F688})
version: 33685505
version (major): 2
version (minor): 2
estimated size: 11129
install date: 20070928
install location: C:\Program Files\Tecumseh Europe\selection program\
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\_is1C3\
uninstall cmd: MsiExec.exe /X{BA754419-CD7E-4F8A-A367-BFF9E3E8F688}
publisher: Tecumseh Europe

Logitech Audio Echo Cancellation Component 10.00.1439 ({BEF726DD-4037-4214-8C6A-E625C02D2870})
version: 167773599
version (major): 10
estimated size: 1768
install date: 20070926
install location: C:\Program Files\My Company Name\My Product Name\
install source: E:\Drivers\Bin\
uninstall cmd: MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
publisher: Logitech Inc.

LG USB Modem driver ({C3ABE126-2BB2-4246-BFE1-6797679B3579})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 75313
install date: 20070730
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\7zS553.tmp\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Symantec Real Time Storage Protection Component 10.2.2.6 ({CB78A78C-21D7-48AE-8D86-3C60FB8075A8})
version: 167903234
version (major): 10
version (minor): 2
estimated size: 1595
install date: 20071205
install location: C:\Program Files\Common Files\Symantec Shared\SRTSP\
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt775\
publisher: Symantec Corporation

SUPERAntiSpyware Free Edition 3.9.0.1008 ({CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA})
version: 50921472
version (major): 3
version (minor): 9
estimated size: 12601
install date: 20071128
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
publisher: SUPERAntiSpyware.com
help link: http://www.superantispyware.com/support.html

MSN Messenger 7.5 7.5.0306.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
version: 117768498
version (major): 7
version (minor): 5
estimated size: 15501
install date: 20060802
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation

Norton Confidential Web Protection Component 1.5.1.4 ({D353CC51-430D-4C6F-9B7E-52003DA1E05A})
version: 17104897
version (major): 1
version (minor): 5
estimated size: 965
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\N360\
uninstall cmd: MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
publisher: Symantec Corporation

Norton Internet Security Bonus Pack 10.0.0 ({D4BB907A-623E-4F07-8787-041ABAE088E4})
version: 167772160
version (major): 10
estimated size: 400
install date: 20071101
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38\Support\HTMLHelp\
uninstall cmd: MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
publisher: Symantec Corp.

LiveUpdate Notice (Symantec Corporation) 1.2.0 ({DBA4DB9D-EE51-4944-A419-98AB1F1249C8})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 4607
install date: 20071101
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt826\
uninstall cmd: MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
publisher: Symantec Corporation

LaserAIO 1.00.0000 ({DD23CAA4-8872-4B95-B263-EA46FD82CF19})
version: 16777216
version (major): 1
estimated size: 137
install date: 20060304
install source: E:\Setup\LaserAIO\
uninstall cmd: MsiExec.exe /I{DD23CAA4-8872-4B95-B263-EA46FD82CF19}
publisher: Hewlett-Packard
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 123-4567

HP Software Update 2.0.37.20031205 ({DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12})
version: 33554469
version (major): 2
estimated size: 862
install date: 20060531
install source: C:\WINDOWS\Hewlett-Packard\Setup Files\HP Software Update\{27C85A57-FD9C-4013-AD1F-585C7D9E2751}\
uninstall cmd: MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}
publisher: Hewlett-Packard
help link: http://www.hp.com/support

({E1252473-6306-4d5d-904D-B06AA7F38161})

CIB 1.1.0.38 ({E8176C35-0C2D-4142-9ED4-81861ECAB403})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 400
install date: 20071101
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\BP1.1.0.38\Support\CIB\
uninstall cmd: MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
publisher: Symantec Corporation

Logitech Video Enumerator 10.00.1439 ({EA516024-D84D-41F1-814F-83175A6188F2})
version: 167773599
version (major): 10
estimated size: 1479
install date: 20070926
install location: C:\Program Files\My Company Name\My Product Name\
install source: E:\Drivers\Bin\
uninstall cmd: MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
publisher: Logitech Inc.

Symbian Developer Certificate Request 2.0 ({EA6C1A80-D188-427C-8102-226CF9E35AF4})
version: 33554432
install date: 20070512
install location: C:\Program Files\Symbian OS Tools\Developer Certificate Request
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\byeA.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA6C1A80-D188-427C-8102-226CF9E35AF4}\setup.exe" -l0x9 -removeonly
publisher: Symbian Software Ltd
contact: developercertificates@symbian.com
help link: https://www.symbiansigned.com/
help telephone:
readme: C:\Program Files\Symbian OS Tools\Developer Certificate Request\DevCertRequest User Guide.pdf

Logitech QuickCam 10.00.1439 ({EC42ED6A-751D-45C0-A4F9-8CD00E4690FC})
version: 167773599
version (major): 10
estimated size: 36980
install date: 20070926
install location: C:\Program Files\Logitech\QuickCam10\
install source: E:\QuickCam\x32\
uninstall cmd: MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
publisher: Logitech Inc.
contact: Logitech Customer Support
help link: http://www.logitech.com/support
help telephone: USA: (702) 269-3457 UK: +44 (0) 1344-894301
readme: C:\Program Files\Logitech\QuickCam10\Readme.htm

FreeAgent Go Tools 1.00.0032 ({ECD43B7A-CB3B-4AF8-91F6-C460A575E411})
version: 16777248
version (major): 1
estimated size: 143695
install date: 20071122
install location: C:\Program Files\Seagate\
install source: C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp\{FFFED0D9-AF0C-4BA8-B083-293217B1BB1B}\
publisher: Seagate
help link: http://www.seagate.com/www/en-us/support/freeagent

AppCore 1 ({EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B})
version: 16777216
version (major): 1
estimated size: 412
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\N360\
uninstall cmd: MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
publisher: Symantec Corporation

PL-2303 USB-to-Serial ({EFE0F631-6748-4A2F-A409-FA1A287D8075})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE0F631-6748-4A2F-A409-FA1A287D8075}\Setup.exe" -l0x9

SMSC IrCC V5.1.3600.5 SP2 r1.01 ({F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2})
version: 65536
install location: C:\WINDOWS\SMSC\IRDA\V5_1_3600_5
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\Setup.EXE" -l0x9 UNINSTALL

AV 1 ({F4DB525F-A986-4249-B98B-42A8066251CA})
version: 16777216
version (major): 1
estimated size: 5063
install date: 20071115
install source: F:\Norton 360\N360R1U1Y_184 (F)\Support\AV\
uninstall cmd: MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
publisher: Symantec Corporation

ImageMixer VCD2 2.01.002.3 ({F8C6BABF-0837-4EA0-AD6C-8E5A392A7538})
version: 33619970
install location: C:\Program Files\PIXELA\ImageMixer
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL

Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

Sony Ericsson PC Suite 3.1.0 3.1.0 ({FC18114B-05A0-11D6-8140-000102E745A6})
install location: C:\Program Files\Sony Ericsson\Mobile
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC18114B-05A0-11D6-8140-000102E745A6}\Setup.exe" -l0x9



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Aavmker4
Start: 1
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Display name: Microsoft Embedded Controller Driver
Image path: system32\DRIVERS\ACPIEC.sys
Image size: 11648
Image MD5: 9859C0F6936E723E4892D7141B1327D5
Start: 0
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1

Service (registry key): AegisP
Display name: AEGIS Protocol (IEEE 802.1x) v3.2.0.3
Description: AEGIS Protocol (IEEE 802.1x) v3.2.0.3
Image path: system32\DRIVERS\AegisP.sys
Image size: 17801
Image MD5: 2C5C22990156A1063E19AD162191DC1D
Start: 2
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): AgereSoftModem
Display name: Agere Systems Soft Modem
Image path: system32\DRIVERS\AGRSM.sys
Image size: 1073375
Image MD5: 7725414FC319DD4EE6D6A6A01A6BE4C0
Start: 3
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALCXWDM
Display name: Service for Realtek AC97 Audio (WDM)
Image path: system32\drivers\ALCXWDM.SYS
Image size: 2300928
Image MD5: 4E0ACA5290B2966F24C45250A56C2DA1
Start: 3
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): anbmService
Display name: Notebook Manager Service
Object name: LocalSystem
Image path: C:\Acer\eManager\anbmServ.exe
Image size: 1287168
Image MD5: C10D0FAE427EA464EDEA2EE5DC40F056
Start: 2
Type: 272
Error Control: 0

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: system32\DRIVERS\arp1394.sys
Image size: 60800
Image MD5: F0D692B0BFFB46E30EB3CEA168BBC49F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_2.0.50727
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 29896
Image MD5: D33C507942299753868204CC7642FA27
Start: 3
Type: 16
Error Control: 1

Service (registry key): aswMon2
Start: 2
Type: 2
Error Control: 1

Service (registry key): aswRdr
Display name: aswRdr
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswTdi
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswUpdSv
Object name: LocalSystem
Start: 2
Type: 272
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): bcm4sbxp
Display name: Broadcom 440x 10/100 Integrated Controller XP Driver
Image path: system32\DRIVERS\bcm4sbxp.sys
Image size: 45056
Image MD5: 625DF8F8F415B3153E7BAE44A2C29359
Start: 3
Type: 1
Error Control: 1

Service (registry key): BCMLogon
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): btaudio
Display name: Bluetooth Audio Device
Image path: system32\drivers\btaudio.sys
Image size: 16896
Image MD5: 0A5D4300A8EA29F67ABBBABB58DD5456
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTDriver
Display name: Bluetooth Virtual Communications Driver
Image path: system32\DRIVERS\btport.sys
Image size: 30235
Image MD5: 6D9D146B116B0C3F09A9AB9F6F805093
Start: 3
Type: 1
Error Control: 0

Service (registry key): BthEnum
Display name: Bluetooth Request Block Driver
Image path: system32\DRIVERS\BthEnum.sys
Image size: 17024
Image MD5: D24B8D1784C68A25060FFFBE8ED34B76
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthPan
Display name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Image path: system32\DRIVERS\bthpan.sys
Image size: 100992
Image MD5: 10355270BE12641B9764235DA39DCF0F
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Display name: Bluetooth Port Driver
Image path: System32\Drivers\BTHport.sys
Image size: 274304
Image MD5: 30B76EC553B202890E90A93A4E1A27B5
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthServ
Display name: Bluetooth Support Service
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): BTHUSB
Display name: Bluetooth Radio USB Driver
Image path: System32\Drivers\BTHUSB.sys
Image size: 18944
Image MD5: F06D4CB9918B462A84D9AC00027EFC30
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTKRNL
Display name: Bluetooth Protocol Stack
Image path: system32\drivers\btkrnl.sys
Image size: 1240938
Image MD5: 7249EF21D6F70D971BDA3ED0AF16D340
Start: 0
Type: 1
Error Control: 1

Service (registry key): BTSERIAL
Display name: Bluetooth Serial Driver
Image path: \??\C:\WINDOWS\system32\drivers\btserial.sys
Image size: 23239
Image MD5: 3E98D2550A6222CD6D278425FBB21C3E
Start: 2
Type: 1
Error Control: 1

Service (registry key): BTSLBCSP
Display name: Bluetooth Port Client Driver
Image path: \??\C:\WINDOWS\system32\drivers\btslbcsp.sys
Image size: 222844
Image MD5: 48B9AD7437FF5BFB8F13CAB03179FE72
Start: 2
Type: 1
Error Control: 1

Service (registry key): btwdins
Display name: Bluetooth Service
Description: Handles installation and removal of Bluetooth devices.
Object name: LocalSystem
Image path: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Image size: 163840
Image MD5: 05D21AD56EA309597864393D3D4A14F7
Start: 2
Type: 16
Error Control: 1

Service (registry key): BTWDNDIS
Display name: Bluetooth LAN Access Server
Image path: system32\DRIVERS\btwdndis.sys
Image size: 147864
Image MD5: F5418F5B86BF9610AF445F7884087F9E
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTWUSB
Display name: WIDCOMM USB Bluetooth Driver
Image path: System32\Drivers\btwusb.sys
Image size: 53816
Image MD5: 853784C393F655B4E839E3E9E3B65796
Start: 3
Type: 1
Error Control: 1

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Display name: Closed Caption Decoder
Image path: system32\DRIVERS\CCDECODE.sys
Image size: 17024
Image MD5: 6163ED60B684BAB19D3352AB22FC48B2
Start: 3
Type: 1
Error Control: 1

Service (registry key): ccEvtMgr
Display name: Symantec Event Manager
Description: Event propagation and logging service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Image size: 109160
Image MD5: F66E892DA958C02B624B4A127CC32F6E
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS,ccSetMgr

Service (registry key): ccProxy
Display name: Symantec Network Proxy
Description: Symantec Proxy Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
Image size: 214376
Image MD5: 85C9E3559E84ED675DE856E5A45880D6
Start: 2
Type: 272
Error Control: 0

Service (registry key): ccSetMgr
Display name: Symantec Settings Manager
Description: Settings storage and management service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Image size: 109160
Image MD5: F66E892DA958C02B624B4A127CC32F6E
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrbsdrv
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 2
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): clr_optimization_v2.0.50727_32
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66240
Image MD5: 3C4D595E7F9B747325AEF28B4ADCAAE5
Start: 3
Type: 16
Error Control: 0

Service (registry key): CLTNetCnService
Display name: Symantec Lic NetConnect service
Description: Symantec Lic NetConnect Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Image size: 109160
Image MD5: F66E892DA958C02B624B4A127CC32F6E
Start: 2
Type: 32
Error Control: 0

Service (registry key): CmBatt
Display name: Microsoft ACPI Control Method Battery Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 14080
Image MD5: 4266BE808F85826AEDF3C64C1E240203
Start: 3
Type: 1
Error Control: 1

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): CO80211
Start: 0
Type: 0
Error Control: 0

Service (registry key): comHost
Display name: COM Host
Description: COM aggregation host service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
Image size: 49248
Image MD5: 3B38F3DEFD61DB294421993F969BC88F
Start: 3
Type: 16
Error Control: 0
Depends On services: RpcSs

Service (registry key): Compbatt
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 9344
Image MD5: DF1B1A24BF52D0EBC01ED4ECE8979F50
Start: 0
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): Creative Service for CDROM Access
Display name: Creative Service for CDROM Access
Object name: LocalSystem
Image path: C:\WINDOWS\system32\CTsvcCDA.exe
Image size: 44032
Image MD5: 3C8B6609712F4FF78E521F6DCFC4032B
Start: 2
Type: 16
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): DKbFltr
Display name: Dritek Keyboard Filter Driver
Image path: system32\DRIVERS\DKbFltr.sys
Image size: 16896
Image MD5: 08D30AF92C270F2E76787C81589DBAD6
Start: 3
Type: 1
Error Control: 0

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmload
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): Dot4
Display name: MS IEEE-1284.4 Driver
Image path: system32\DRIVERS\Dot4.sys
Image size: 207360
Image MD5: AD7FC1963B152B3728E3C4F83554A576
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dot4Print
Display name: Print Class Driver for IEEE-1284.4
Image path: system32\DRIVERS\Dot4Prt.sys
Image size: 12928
Image MD5: 77CE63A8A34AE23D9FE4C7896D1DEBE7
Start: 3
Type: 1
Error Control: 1

Service (registry key): dot4usb
Display name: MS Dot4USB Filter Dot4USB Filter
Image path: system32\DRIVERS\dot4usb.sys
Image size: 23808
Image MD5: 6EC3AF6BB5B30E488A0C559921F012E1
Start: 3
Type: 1
Error Control: 0

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): DritekPortIO
Display name: Dritek General Port I/O
Image path: \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
Image size: 10240
Image MD5: CCDF6452C754BFA168176E9479F4B283
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1

Service (registry key): dvd43llh
Display name: dvd43llh
Image path: System32\DRIVERS\dvd43llh.sys
Image size: 18816
Image MD5: 1FC1EED3EA0C3A0ECF8A95B97E1B4831
Start: 3
Type: 1
Error Control: 1

Service (registry key): eeCtrl
Display name: Symantec Eraser Control driver
Image path: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Image size: 395312
Image MD5: 31C959319EF45B548D2111E338412270
Start: 1
Type: 1
Error Control: 1
Depends On services: FltMgr

Service (registry key): EMSCR
Image path: system32\DRIVERS\EMS7SK.sys
Image size: 57984
Image MD5: D3D0EF132EB8F7351E0F6E8072E26331
Start: 3
Type: 1
Error Control: 0

Service (registry key): EpmPsd
Display name: Acer EPM Power Scheme Driver
Image path: \??\C:\WINDOWS\system32\drivers\epm-psd.sys
Image size: 4096
Image MD5: D68564FCFBDFC04280CDBBB37CF7EF7F
Start: 2
Type: 1
Error Control: 1

Service (registry key): EpmShd
Display name: Acer EPM System Hardware Driver
Image path: \??\C:\WINDOWS\system32\drivers\epm-shd.sys
Image size: 78208
Image MD5: 50425CBD80468BF53BA90F0D7CC61805
Start: 2
Type: 1
Error Control: 1

Service (registry key): EraserUtilRebootDrv
Display name: EraserUtilRebootDrv
Image path: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Image size: 112688
Image MD5: 0EAD5DB7508E126A2495D6FF64626C92
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): ESDCR
Image path: system32\DRIVERS\ESD7SK.sys
Image size: 36992
Image MD5: A2EFFC588A8DF44F45AA75528C5D2E9C
Start: 3
Type: 1
Error Control: 0

Service (registry key): ESMCR
Image path: system32\DRIVERS\ESM7SK.sys
Image size: 330368
Image MD5: F7BDD947074D092CBFEBFEC9817CC8A0
Start: 3
Type: 1
Error Control: 0

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Start: 1
Type: 1
Error Control: 0

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 124800
Image MD5: 157754F0DF355A9E0A6F54721914F9C6
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): FTDIBUS
Display name: SEMC DSS SyncStation Serial Converter Driver
Image path: system32\drivers\ftdibus.sys
Image size: 19153
Image MD5: 8672947AEEC467DC5907BA024BAF06EF
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): FTLUND
Display name: Lundinova Filter Driver
Image path: system32\drivers\ftlund.sys
Image size: 6828
Image MD5: E51EC9D232494C0713E0A0938DD9C893
Start: 3
Type: 1
Error Control: 1

Service (registry key): FTSER2K
Display name: SEMC DSS SyncStation Driver
Image path: system32\drivers\ftser2k.sys
Image size: 50396
Image MD5: 1BAEA6F4A629ABCBD87267C2C732C982
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Display name: GEARAspiWDM
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 15664
Image MD5: 4AC51459805264AFFD5F6FDFB9D9235F
Start: 3
Type: 1
Error Control: 1

Service (registry key): ggsemc
Display name: Sony Ericsson USB Flash Driver
Image path: system32\DRIVERS\ggsemc.sys
Image size: 8704
Image MD5: 52ADA45F60D6382C9B3C52826CDB9D26
Start: 3
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1

Service (registry key): gusvc
Display name: Google Updater Service
Object name: LocalSystem
Image path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 136120
Image MD5: C1B577B2169900F4CF7190C39F085794
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hidusb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0

Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 263040
Image MD5: C19B522A9AE0BBC3293397F3055E80A1
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1

Service (registry key): ialm
Image path: system32\DRIVERS\ialmnt5.sys
Image size: 827196
Image MD5: D68339F8CDE3C00B3FC12AB97E36AA30
Start: 3
Type: 1
Error Control: 0

Service (registry key): IDriverT
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: DAF66902F08796F9C694901660E5A64A
Start: 3
Type: 16
Error Control: 0

Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Image path: system32\DRIVERS\intelide.sys
Image size: 5504
Image MD5: 2D722B2B54AB55B2FA475EB58D7B2AAD
Start: 0
Type: 1
Error Control: 1

Service (registry key): intelppm
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 36096
Image MD5: 279FB78702454DFF2BB445F238C048D2
Start: 1
Type: 1
Error Control: 1

Service (registry key): Ip6Fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\DRIVERS\Ip6Fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: B5A8E215AC29D24D60B4D1250EF05ACE
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iPod Service
Display name: iPod Service
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 500800
Image MD5: 661194608009B558DE1925C7EBE1A4BA
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1

Service (registry key): irda
Display name: IrDA Protocol
Description: IrDA Protocol
Image path: system32\DRIVERS\irda.sys
Image size: 87424
Image MD5: 86C204836FEEC22510D434982D4221B8
Start: 2
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1

Service (registry key): Irmon
Display name: Infrared Monitor
Description: Supports infrared devices installed on the computer and detects other devices that are in range.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: irda,RpcSs,TermService

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 171776
Image MD5: D93CAD07C5683DB066B0B2D2D3790EAD
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LiveUpdate
Display name: LiveUpdate
Description: LiveUpdate Core Engine
Object name: LocalSystem
Image path: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
Image size: 2999664
Image MD5: A97EEB81F05BCE3D7AA6C81F04EF39A4
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): LiveUpdate Notice Ex
Display name: LiveUpdate Notice Service Ex
Description: Manages Norton product notices.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Image size: 109160
Image MD5: F66E892DA958C02B624B4A127CC32F6E
Start: 2
Type: 32
Error Control: 0

Service (registry key): LiveUpdate Notice Service
Display name: LiveUpdate Notice Service
Description: Manages Norton product notices
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
Image size: 517768
Image MD5: C837D17DE0B349539AA527EE750EBE2A
Start: 2
Type: 16
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): LVcKap
Display name: Logitech AEC Driver
Image path: system32\DRIVERS\LVcKap.sys
Image size: 1587632
Image MD5: 2D0AB9D29E6B0C42CCE955B5A8E0D62D
Start: 3
Type: 1
Error Control: 1

Service (registry key): LVMVDrv
Display name: Logitech Machine Vision Engine Loader
Image path: system32\DRIVERS\LVMVDrv.sys
Image size: 1952816
Image MD5: A3963E3D997C3646E1D3338EB88A48E9
Start: 3
Type: 1
Error Control: 1

Service (registry key): LVPr2Mon
Display name: Logitech LVPr2Mon Driver
Image path: system32\drivers\LVPr2Mon.sys
Image size: 23472
Image MD5: 39C767BD6D99C23D28E71B6E0CBA3129
Start: 3
Type: 1
Error Control: 1

Service (registry key): LVPrcSrv
Display name: Logitech Process Monitor
Description: Webcam Effects Helper.
Object name: LocalSystem
Image path: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
Image size: 99888
Image MD5: 44B3B997E25C5D9A81D6C501451A96D7
Start: 2
Type: 16
Error Control: 1

Service (registry key): LVSrvLauncher
Display name: LVSrvLauncher
Description: Launcher for Logitech Video Components.
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
Image size: 91696
Image MD5: 7B4607C0C664DA98753508F85BB10694
Start: 2
Type: 272
Error Control: 1

Service (registry key): LVUSBSta
Display name: Logitech USB Monitor Filter
Image path: system32\drivers\lvusbsta.sys
Image size: 38960
Image MD5: 6AD3F5275F117F08C12EAB2233A9E3FB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Macromedia Licensing Service
Display name: Macromedia Licensing Service
Description: Provides authentication services for Macromedia applications.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
Image size: 68096
Image MD5: A8382713F5870E4AF1DE4E8F7AF9D882
Start: 3
Type: 16
Error Control: 1

Service (registry key): MDM
Display name: Machine Debug Manager
Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Image size: 335872
Image MD5: 7CF1B716372B89568AE4C0FE769F5869
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): Microsoft Office Groove Audit Service
Display name: Microsoft Office Groove Audit Service
Object name: NT AUTHORITY\LocalService
Image path: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
Image size: 65824
Image MD5: FAFE367D032ED82E9332B4C741A20216
Start: 3
Type: 16
Error Control: 1

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 451456
Image MD5: 1FD607FC67F7F7C633C3DA65BFC53D18
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 77312
Image MD5: 4236AE241F193F58ADAB141CECCFD5F4
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1

Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 5504
Image MD5: BF13612142995096AB084F2DB7F40F77
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): NABTSFEC
Display name: NABTS/FEC VBI Codec
Image path: system32\DRIVERS\NABTSFEC.sys
Image size: 85376
Image MD5: 5C8DC6429C43DC6177C1FA5B76290D1A
Start: 3
Type: 1
Error Control: 1

Service (registry key): NAVENG
Display name: NAVENG
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071204.003\NAVENG.SYS
Image size: 81232
Image MD5: B6C1825FCCCF6D981627C983E16DFC29
Start: 3
Type: 1
Error Control: 1

Service (registry key): NAVEX15
Display name: NAVEX15
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071204.003\NAVEX15.SYS
Image size: 865904
Image MD5: 8E54570B4DFD8E1F0B7A5266737BFEE5
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisIP
Display name: Microsoft TV/Video Connection
Image path: system32\DRIVERS\NdisIP.sys
Image size: 10880
Image MD5: 520CE427A8B298F54112857BCF6BDE15
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): NIC1394
Display name: 1394 Net Driver
Image path: system32\DRIVERS\nic1394.sys
Image size: 61824
Image MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NTIDrvr
Display name: Upper Class Filter Driver
Image path: system32\DRIVERS\NTIDrvr.sys
Image size: 6144
Image MD5: 7F1C1F78D709C4A54CBB46EDE7E0B48D
Start: 3
Type: 1
Error Control: 0

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): odserv
Display name: Microsoft Office Diagnostics Service
Description: Run portions of Microsoft Office Diagnostics.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Image size: 441136
Image MD5: 84DE1DD996B48B05ACE31AD015FA108A
Start: 3
Type: 16
Error Control: 1

Service (registry key): ohci1394
Display name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Image path: system32\DRIVERS\ohci1394.sys
Image size: 61056
Image MD5: 0951DB8E5823EA366B0E408D71E1BA2A
Start: 0
Type: 1
Error Control: 1

Service (registry key): osaio
Display name: osaio
Image path: \SystemRoot\system32\drivers\osaio.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): osanbm
Display name: osanbm
Image path: \SystemRoot\system32\drivers\osanbm.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): ose
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 145184
Image MD5: 5A432A042DAE460ABE7199B758E8606C
Start: 3
Type: 16
Error Control: 1

Service (registry key): Outlook
Start: 0
Type: 0
Error Control: 0

Service (registry key): oxser
Display name: OX16C95x Serial port driver
Image path: system32\DRIVERS\oxser.sys
Image size: 49792
Image MD5: F3DFAA16B43941CCC01B3A366A2003B0
Start: 1
Type: 1
Error Control: 0

Service (registry key): Parport
Start: 3
Type: 1
Error Control: 0

Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Image path: system32\DRIVERS\pcmcia.sys
Image size: 119936
Image MD5: 82A087207DECEC8456FBE8537947D579
Start: 0
Type: 1
Error Control: 1

Service (registry key): pcouffin
Display name: Low level access layer for CD devices
Image path: System32\Drivers\pcouffin.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): pepifilter
Display name: Volume Adapter
Image path: system32\DRIVERS\lv302af.sys
Image size: 12080
Image MD5: 4350CB255AD546F4668C8B8AFD6A00A4
Start: 3
Type: 1
Error Control: 1

Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PfModNT
Image path: \??\C:\WINDOWS\system32\PfModNT.sys
Image size: 6752
Image MD5: 2F5532F9B0F903B26847DA674B4F55B2
Start: 2
Type: 1
Error Control: 1

Service (registry key): PID_08A0
Display name: Logitech QuickCam IM(PID_08A0)
Image path: system32\DRIVERS\LV302AV.SYS
Image size: 720176
Image MD5: 6B310DE726E1A0DEFD66718A7F79B5D2
Start: 3
Type: 1
Error Control: 1

Service (registry key): PID_0928
Display name: Labtec WebCam(PID_0928)
Image path: system32\DRIVERS\LV561AV.SYS
Start: 3
Type: 1
Error Control: 1

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): Pml Driver HPZ12
Display name: Pml Driver HPZ12
Object name: LocalSystem
Image path: C:\WINDOWS\system32\HPZipm12.exe
Image size: 65536
Image MD5: F9D3BB81BDF8B279E1F37282CD52A9B5
Start: 3
Type: 16
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 36560
Image MD5: F7BB4E7A7C02AB4A2672937E124E306E
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasirda
Display name: WAN Miniport (IrDA)
Description: WAN Miniport (IrDA)
Image path: system32\DRIVERS\rasirda.sys
Image size: 19584
Image MD5: 0207D26DDF796A193CCD9F83047BB5FC
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 176512
Image MD5: 29D66245ADBA878FFF574CD66ABD2884
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RFCOMM
Display name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Image path: system32\DRIVERS\rfcomm.sys
Image size: 59648
Image MD5: 99C4B74981A1413F142A3903130088CB
Start: 3
Type: 1
Error Control: 1

Service (registry key): ROOTMODEM
Display name: Microsoft Legacy Modem Driver
Image path: System32\Drivers\RootMdm.sys
Image size: 5888
Image MD5: D8B0B4ADE32574B2D9C5CC34DC0DBBE7
Start: 3
Type: 1
Error Control: 0

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): s24trans
Display name: WLAN Transport
Description: WLAN Transport
Image path: system32\DRIVERS\s24trans.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SASDIFSV
Display name: SASDIFSV
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Image size: 5632
Image MD5: D96686FCA1F9F6B06F7490553CBDA6DE
Start: 1
Type: 1
Error Control: 1

Service (registry key): SASENUM
Display name: SASENUM
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Image size: 4096
Image MD5: 7F1085895E499907F68DF7731924122B
Start: 3
Type: 1
Error Control: 1

Service (registry key): SASKUTIL
Display name: SASKUTIL
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Image size: 32256
Image MD5: 2E0E10B8B547A39CDCC1B105239A43A4
Start: 1
Type: 1
Error Control: 1

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): sdbus
Image path: system32\DRIVERS\sdbus.sys
Image size: 67584
Image MD5: 02FC71B020EC8700EE8A46C58BC6F276
Start: 3
Type: 1
Error Control: 1

Service (registry key): Seagate Sync Service
Display name: Seagate Sync Service
Description: Seagate Sync Service for Hardware Detection
Object name: LocalSystem
Image path: "C:\Program Files\Seagate\Sync\SeaSyncServices.exe"
Image size: 24120
Image MD5: 3505926FB3651D134CF413A3296B4FEB
Start: 2
Type: 272
Error Control: 0

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 27440
Image MD5: D26E26EA516450AF9D072635C60387F4
Start: 3
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): Ser2pl
Display name: Prolific Serial port driver
Image path: system32\DRIVERS\ser2pl.sys
Image size: 39552
Image MD5: 95EEB5A6843238C829AAA9C05168C09C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serenum
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15488
Image MD5: A2D868AEEFF612E70E213C451A70CAFB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Start: 2
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt

Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): SLIP
Display name: BDA Slip De-Framer
Image path: system32\DRIVERS\SLIP.sys
Image size: 11136
Image MD5: 5CAEED86821FA2C6139E32E9E05CCDC9
Start: 3
Type: 1
Error Control: 1

Service (registry key): SMCIRDA
Display name: SMSC IrCC Miniport Device Driver
Image path: system32\DRIVERS\smcirda.sys
Image size: 46080
Image MD5: A8EB0AA07632A4C936FF6F8EDA5BDEAD
Start: 3
Type: 1
Error Control: 1

Service (registry key): sonypvs1
Display name: Sony Digital Imaging Video2
Image path: system32\DRIVERS\sonypvs1.sys
Image size: 102220
Image MD5: DFADFC2C86662F40759BF02ADD27D569
Start: 3
Type: 1
Error Control: 1

Service (registry key): SONYPVU1
Display name: Sony USB Filter Driver (SONYPVU1)
Image path: system32\DRIVERS\SONYPVU1.SYS
Image size: 7552
Image MD5: A1ECEEAA5C5E74B2499EB51D38185B84
Start: 3
Type: 1
Error Control: 1

Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1

Service (registry key): SPBBCDrv
Display name: SPBBCDrv
Image path: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Image size: 418104
Image MD5: CDEA9A0A0E547FEF4C44CCAE35A9B09C
Start: 1
Type: 1
Error Control: 1

Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 8E186B8F23295D1E42C573B82B80D548
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: 7435B108B935E42EA92CA94F59C8E717
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): sr
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Start: 0
Type: 2
Error Control: 1

Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): SRTSP
Display name: SRTSP
Image path: System32\Drivers\SRTSP.SYS
Image size: 279088
Image MD5: 655773F2F1A3730C6CF20280A49F4EE1
Start: 3
Type: 2
Error Control: 1
Depends On services: SRTSPX,FltMgr

Service (registry key): SRTSPL
Display name: SRTSPL
Image path: System32\Drivers\SRTSPL.SYS
Image size: 317616
Image MD5: 2A0AAF370D4C6574A34AE2F4A0709CAE
Start: 3
Type: 1
Error Control: 1
Depends On services: SRTSPX

Service (registry key): SRTSPX
Display name: SRTSPX
Image path: System32\Drivers\SRTSPX.SYS
Image size: 43696
Image MD5: 3104BDCEACE2D5710776DD05E6A286C1
Start: 1
Type: 1
Error Control: 1

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 336256
Image MD5: 20B7E396720353E4117D64D9DCB926CA
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): StillCam
Display name: Still Serial Digital Camera Driver
Image path: system32\DRIVERS\serscan.sys
Image size: 6784
Image MD5: A9573045BAA16EAB9B1085205B82F1ED
Start: 3
Type: 1
Error Control: 1

Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): streamip
Display name: BDA IPSink
Image path: system32\DRIVERS\StreamIP.sys
Image size: 15360
Image MD5: 284C57DF5DC7ABCA656BC2B96A667AFB
Start: 3
Type: 1
Error Control: 1

Service (registry key): swenum
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{2C2D10EA-C67A-4C4F-B993-EDB8C3115143}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): Symantec Core LC
Display name: Symantec Core LC
Description: Symantec Core LC
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Image size: 1174664
Image MD5: 43CFCA936D211BF7F1CDE1DDF807CB76
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): SYMDNS
Image path: \SystemRoot\System32\Drivers\SYMDNS.SYS
Start: 3
Type: 1
Error Control: 0

Service (registry key): SymEvent
Image path: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Image size: 123952
Image MD5: 9E4188476848B2EF86F9C44D5164E724
Start: 3
Type: 1
Error Control: 1

Service (registry key): SYMFW
Image path: \SystemRoot\System32\Drivers\SYMFW.SYS
Start: 3
Type: 1
Error Control: 0

Service (registry key): SYMIDS
Image path: \SystemRoot\System32\Drivers\SYMIDS.SYS
Start: 3
Type: 1
Error Control: 0

Service (registry key): SYMIDSCO
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20071127.001\SymIDSCo.sys
Image size: 158064
Image MD5: 5EA7A6B3F5BCFE67097F059AA36DDF60
Start: 3
Type: 1
Error Control: 0

Service (registry key): SYMNDIS
Image path: \SystemRoot\System32\Drivers\SYMNDIS.SYS
Start: 3
Type: 1
Error Control: 0
Depends On services: SymTDI,SYMFW,SYMIDS

Service (registry key): SYMREDRV
Image path: \SystemRoot\System32\Drivers\SYMREDRV.SYS
Start: 3
Type: 1
Error Control: 0

Service (registry key): SYMTDI
Display name: SYMTDI
Image path: \SystemRoot\System32\Drivers\SYMTDI.SYS
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1

Service (registry key): SynTP
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 191456
Image MD5: A63401D180863A2CEFCE51798542AE5F
Start: 3
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 359040
Image MD5: 9F4B36614A0FC234525BA224957DE55C
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): UBHelper
Start: 0
Type: 0
Error Control: 0

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1

Service (registry key): Update
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 209408
Image MD5: AFF2E5045961BBC0A602BB6F95EB1345
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbaudio
Display name: USB Audio Driver (WDM)
Image path: system32\drivers\usbaudio.sys
Image size: 59264
Image MD5: 45A0D14B26C35497AD93BCE7E15C9941
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbbus
Display name: LGE CDMA Composite USB Device
Image path: system32\DRIVERS\lgusbbus.sys
Image size: 20156
Image MD5: 0678C457F49F20666AB16EDDA4D1391D
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbccgp
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 31616
Image MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79
Start: 3
Type: 1
Error Control: 1

Service (registry key): UsbDiag
Display name: LGE CDMA USB Serial Port
Description: LGE CDMA USB Serial Port
Image path: system32\DRIVERS\lgusbdiag.sys
Image size: 39328
Image MD5: BC8B39FC8782A954AF119BFBE8A77414
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 26624
Image MD5: 15E993BA2F6946B2BFBBFCD30398621E
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBModem
Display name: LGE CDMA USB Modem
Description: LGE CDMA Modem Support
Image path: system32\DRIVERS\lgusbmodem.sys
Image size: 39672
Image MD5: 290914C187C25B42E1C64D7CFAD8B2FC
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 25856
Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 15104
Image MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 20480
Image MD5: F8FD1400092E23C8F2F31406EF06167B
Start: 3
Type: 1
Error Control: 1

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): ViaIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): w29n51
Display name: Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP
Image path: system32\DRIVERS\w29n51.sys
Image size: 3222784
Image MD5: C89DA341FCC883A3D79DC11727484FC2
Start: 3
Type: 1
Error Control: 1

Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): w550bus
Display name: Sony Ericsson W550 driver (WDM)
Image path: system32\DRIVERS\w550bus.sys
Image size: 60928
Image MD5: D9232C52E2C7B7CD26054A81310615FF
Start: 3
Type: 1
Error Control: 1

Service (registry key): w550mdfl
Display name: Sony Ericsson W550 USB WMC Modem Filter
Description: Sony Ericsson W550 USB WMC Modem Filter
Image path: system32\DRIVERS\w550mdfl.sys
Image size: 8336
Image MD5: 8CF6AE2C9D08C6950912B28FD3AC19E4
Start: 3
Type: 1
Error Control: 1

Service (registry key): w550mdm
Display name: Sony Ericsson W550 USB WMC Modem Drivers
Description: Sony Ericsson W550 USB WMC Modem Drivers
Image path: system32\DRIVERS\w550mdm.sys
Image size: 96672
Image MD5: 73E2933110D3CF48EABC6265924D1B5F
Start: 3
Type: 1
Error Control: 1

Service (registry key): w550mgmt
Display name: Sony Ericsson W550 USB WMC Device Management Drivers
Description: Sony Ericsson W550 USB WMC Device Management Drivers
Image path: system32\DRIVERS\w550mgmt.sys
Image size: 88080
Image MD5: 57843DC7584BD243688761939BC28177
Start: 3
Type: 1
Error Control: 1

Service (registry key): w550obex
Display name: Sony Ericsson W550 USB WMC OBEX Interface Drivers
Description: Sony Ericsson W550 USB WMC OBEX Interface Drivers
Image path: system32\DRIVERS\w550obex.sys
Image size: 85952
Image MD5: 46FE721A406EEBCB484FDF9C82A71CA2
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: 2797F33EBF50466020C430EE4F037933
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): wltrysvc
Display name: Broadcom Wireless LAN Tray Service
Description: Provides 802.11 network connection during system startup
Object name: LocalSystem
Image path: %SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe
Image size: 65536
Image MD5: 9FBF2700968E8BDA9901201A34832143
Start: 2
Type: 272
Error Control: 1

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WMPNetworkSvc
Display name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Image size: 913408
Image MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
Start: 3
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter

Service (registry key): WS2IFSL
Start: 1
Type: 0
Error Control: 0

Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): WSTCODEC
Display name: World Standard Teletext Codec
Image path: system32\DRIVERS\WSTCODEC.SYS
Image size: 19328
Image MD5: D5842484F05E12121C511AA93F6439EC
Start: 3
Type: 1
Error Control: 1

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): WudfPf
Display name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Provide communciation services for UMDF components.
Image path: system32\DRIVERS\WudfPf.sys
Image size: 77568
Image MD5: F15FEAFFFBB3644CCC80C5DA584E6311
Start: 3
Type: 1
Error Control: 1

Service (registry key): WudfRd
Display name: Windows Driver Foundation - User-mode Driver Framework Reflector
Description: Reflect device requests to user-mode driver drivers
Image path: system32\DRIVERS\wudfrd.sys
Image size: 82944
Image MD5: 28B524262BCE6DE1F7EF9F510BA3985B
Start: 3
Type: 1
Error Control: 1

Service (registry key): WudfSvc
Display name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): {5E273375-42CE-4992-B3E7-4885B1BA7597}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {9E86AA35-E0A0-4FC7-BE64-20EF9B3246B2}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {A4458FA5-AEB1-4E88-9BD4-B89096A0DBFA}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {C99D0032-598B-46A6-9F79-26FE1F5B4BB6}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {D70DCE13-6F33-4436-AEB6-9EC9663A6808}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {F632ABD2-A0ED-4ED1-97E4-05DEE6A0FB42}
Start: 0
Type: 0
Error Control: 0
vinaymieux
Regular Member
 
Posts: 31
Joined: November 27th, 2007, 10:41 am

Re: BurstMedia attack HELP!!

Unread postby ndmmxiaomayi » December 7th, 2007, 9:21 am

Hi vinaymieux,

Sorry for the delay.

Do you know the model of your laptop? If so, you could reinstall the wireless drivers for your laptop.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BurstMedia attack HELP!!

Unread postby vinaymieux » December 13th, 2007, 4:26 am

Hi ndmmxiaomayi,

I'm also sorry for the delay this time. I was out of town.

I've already tried uninstalling and reinstalling the LAN and WLAN drives, but it didn't work.
vinaymieux
Regular Member
 
Posts: 31
Joined: November 27th, 2007, 10:41 am

Re: BurstMedia attack HELP!!

Unread postby ndmmxiaomayi » December 13th, 2007, 6:13 am

Hi vinaymieux,

Step 1

  1. Download FileFind.zip by Atribune and save it to your desktop.
  2. Locate the FileFind.zip that you've downloaded earlier.
  3. Right click on FileFind.zip and select Extract All....
  4. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  5. Click on the Browse button. Click on Desktop. Then click OK.
  6. Once done, check (tick) the Show extracted files box and click Finish.
  7. Double click on FileFind.exe to run it.
  8. Enter winghy32.dll into the File: box.
  9. Click on the Search button.
  10. After a while a list of file locations will appear in the List of Files: box.
  11. Click on the Export button.
  12. This will create a Notepad file named Export.txt located in C drive.
  13. Please copy and paste it to your next reply.

Step 2

  1. Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
  2. Save all your work and close all opened programs.
  3. Double click on dss.exe to run it. Follow the prompts.
  4. When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
  5. Please post the contents of the 2 log files in your next reply. 1 log per reply please.

In your next reply, please post:

  1. Deckard's System Scanner logs
  2. FileFind results
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BurstMedia attack HELP!!

Unread postby vinaymieux » December 18th, 2007, 5:58 am

Hi ndmmxiaomayi,

1. The FileFind.zip could not find any files. This is the message i got: '0 Files found in 6225 Directories'

2. Here's the main.txt for Deckard's System Scanner:

Deckard's System Scanner v20071014.68
Run by Vinay_Acer on 2007-12-18 15:06:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2007-12-18 09:36:57 UTC - RP39 - Deckard's System Scanner Restore Point
38: 2007-12-12 14:09:35 UTC - RP38 - Software Distribution Service 3.0
37: 2007-12-12 11:25:40 UTC - RP37 - System Checkpoint
36: 2007-12-05 12:04:24 UTC - RP36 - Software Distribution Service 3.0
35: 2007-12-05 11:43:37 UTC - RP35 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-23 07:56:57 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Vinay_Acer.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-18 15:11:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5700.6)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Vinay_Acer\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.1.1/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4485819567
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37800.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{C99D0032-598B-46A6-9F79-26FE1F5B4BB6}: NameServer = 172.16.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 10271 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Avocent/OSA Technologies Inc.; Windows (R) Server 2003 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R4 DritekPortIO (Dritek General Port I/O) - c:\program files\launch manager\dportio.sys <Not Verified; Dritek System Inc.; DPortIO>

S1 oxser (OX16C95x Serial port driver) - c:\windows\system32\drivers\oxser.sys <Not Verified; OEM; OX16C95x>
S3 ggsemc (Sony Ericsson USB Flash Driver) - c:\windows\system32\drivers\ggsemc.sys <Not Verified; Sony Ericsson Mobile Communications; Gordon's Gate>
S3 pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 PID_0928 (Labtec WebCam(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 usbbus (LGE CDMA Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Multi function Driver>
S3 UsbDiag (LGE CDMA USB Serial Port) - c:\windows\system32\drivers\lgusbdiag.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Diagnostics Driver>
S3 USBModem (LGE CDMA USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Modem Driver>
S4 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_104C&DEV_8026&SUBSYS_007A1025&REV_00\4&1D3F0FBB&0&00F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
PNP Device ID: PCI\VEN_104C&DEV_8026&SUBSYS_007A1025&REV_00\4&1D3F0FBB&0&00F0
Service: ohci1394

Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Description: SMSC IrCC - Fast Infrared Port
Device ID: ACPI\SMCF010\5&5C35D8D&0
Manufacturer: SMSC
Name: SMSC IrCC - Fast Infrared Port
PNP Device ID: ACPI\SMCF010\5&5C35D8D&0
Service: SMCIRDA

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: hp LaserJet 3380
Device ID: ROOT\IMAGE\0000
Manufacturer: Hewlett-Packard
Name: hp LaserJet 3380
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: ROOT\NET\0000
Manufacturer: WIDCOMM, Inc.
Name: Bluetooth LAN Access Server Driver
PNP Device ID: ROOT\NET\0000
Service: BTWDNDIS


-- Files created between 2007-11-18 and 2007-12-18 -----------------------------

2007-12-12 13:19:07 0 d-------- C:\Program Files\Enigma Software Group
2007-12-04 18:53:44 0 d-------- C:\432f26790410d1fa574fd516
2007-12-04 18:51:46 0 d-------- C:\d6eefe125be5a07a48c861ba6fd8e0
2007-11-28 16:12:30 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-11-28 12:10:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 12:09:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 12:09:50 0 d-------- C:\Documents and Settings\Vinay_Acer\Application Data\SUPERAntiSpyware.com
2007-11-28 12:07:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 18:33:44 0 d-------- C:\Downloads
2007-11-27 15:41:10 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-27 15:40:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-11-26 16:06:59 0 d-------- C:\5163dd9b7a7dca329ee0
2007-11-26 16:03:00 0 d-------- C:\28d8d3e8d8ebf9b0b7
2007-11-26 15:46:13 0 d-------- C:\Sony T9
2007-11-26 15:44:51 0 d-------- C:\Documents and Settings\Test\Desktop
2007-11-26 15:44:51 0 dr-h----- C:\Documents and Settings\Test\Application Data
2007-11-26 15:44:51 0 d---s---- C:\Documents and Settings\Test\Application Data\Microsoft
2007-11-26 15:44:51 0 d-------- C:\Documents and Settings\Test\Application Data\Identities
2007-11-26 15:44:51 0 d-------- C:\Documents and Settings\Test\Application Data\Corel
2007-11-26 15:44:50 0 d--h----- C:\Documents and Settings\Test\PrintHood
2007-11-26 15:44:50 0 d--h----- C:\Documents and Settings\Test\Local Settings
2007-11-26 15:44:49 0 dr-h----- C:\Documents and Settings\Test\SendTo
2007-11-26 15:44:49 0 dr-h----- C:\Documents and Settings\Test\Recent
2007-11-26 15:44:48 0 dr------- C:\Documents and Settings\Test\Start Menu
2007-11-26 15:44:47 0 d--h----- C:\Documents and Settings\Test\Templates
2007-11-23 13:47:29 0 d-------- C:\cb3a2a0cac08ac59fc9da005
2007-11-23 13:45:35 0 d-------- C:\400386a297d165dee0
2007-11-23 13:26:36 9175040 --a------ C:\Documents and Settings\Vinay_Acer\ntuser.dat
2007-11-23 13:26:32 1363968 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-23 13:19:41 0 d-------- C:\WINDOWS\Prefetch
2007-11-23 13:05:36 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-23 12:14:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-23 11:56:28 0 d-------- C:\I386
2007-11-23 11:47:07 0 d-------- C:\5031eb8b01fdf244c4
2007-11-23 11:45:52 0 d-------- C:\9626161c6a45f0bea3e660c6a9accd
2007-11-22 19:10:11 0 d-------- C:\b516cc9cf524e26e587dde0c5240
2007-11-22 18:29:10 0 d-------- C:\Program Files\Seagate
2007-11-22 18:05:35 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2007-11-22 17:08:04 1048576 --ah----- C:\Documents and Settings\Test\ntuser.dat
2007-11-21 16:12:48 0 d-------- C:\Program Files\Common Files\Corel
2007-11-21 16:11:39 0 d-------- C:\Program Files\Corel
2007-11-21 11:59:33 20684644 --a------ C:\winregback.reg


-- Find3M Report ---------------------------------------------------------------

2007-12-18 15:11:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-05 14:33:21 0 d-------- C:\Program Files\Symantec
2007-12-04 17:27:23 0 d-------- C:\Program Files\Online Services
2007-11-28 12:07:35 0 d-------- C:\Program Files\Common Files
2007-11-27 18:40:20 0 d-------- C:\Program Files\GetRight
2007-11-26 15:46:22 0 d-------- C:\Program Files\Norton 360
2007-11-23 17:35:48 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-23 13:04:41 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-22 18:31:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-15 14:27:24 86332892 --a------ C:\Backup.reg
2007-11-15 12:59:42 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-11-14 15:48:56 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-11-14 15:42:47 0 d-------- C:\Program Files\Any Video Converter Professional
2007-11-14 15:38:46 0 d-------- C:\Program Files\PIXELA
2007-11-14 15:37:38 0 d-------- C:\Program Files\mpegable
2007-11-14 15:36:25 0 d-------- C:\Program Files\Tecumseh Europe
2007-11-14 15:36:16 0 d--h----- C:\Program Files\Zero G Registry
2007-11-14 15:36:16 0 d-------- C:\Program Files\NewTech Infosystems
2007-11-14 15:36:16 0 d-------- C:\Program Files\Illustrate
2007-11-14 15:36:16 0 d-------- C:\Program Files\Epocware
2007-11-14 15:36:16 0 d-------- C:\Program Files\Boilsoft MP4 Converter
2007-11-14 15:36:00 0 d-------- C:\Program Files\Xilisoft
2007-11-14 15:36:00 0 d-------- C:\Program Files\Intel
2007-11-14 15:35:59 0 d-------- C:\Program Files\Tensons
2007-11-14 15:35:59 0 d-------- C:\Program Files\NCH Swift Sound
2007-11-14 15:35:59 0 d-------- C:\Program Files\MSXML 4.0
2007-11-14 15:35:59 0 d-------- C:\Program Files\InterMute
2007-11-14 15:29:22 0 d-------- C:\Program Files\Symbian OS Tools
2007-11-14 15:27:35 0 d-------- C:\Program Files\Sony Corporation
2007-11-14 13:29:41 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-13 18:11:02 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-13 18:10:49 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-10 22:46:14 0 d-------- C:\Program Files\Java
2007-11-01 16:51:01 118391714 --a------ C:\Backup1.reg
2007-10-23 16:17:04 2528 --a------ C:\Documents and Settings\Vinay_Acer\Application Data\$_hpcst$.hpc
2007-10-23 16:14:04 0 d-------- C:\Program Files\Windows Mobile Device Handbook
2007-10-22 17:59:20 0 d-------- C:\Program Files\Sony Ericsson


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/15/2007 08:40 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [01/08/2005 05:47 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/08/2005 05:46 AM]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [04/28/2005 08:21 AM]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [01/31/2003 09:06 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/22/2005 11:27 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/22/2005 11:23 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:30 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\Vinay_Acer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/25/2004 3:38:42 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Phone Connection Monitor.lnk
backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vinay_Acer^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Vinay_Acer\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vinay_Acer^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Vinay_Acer\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
"C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
C:\Program Files\ThreatFire\TFTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ThreatFire"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{190fb290-401d-11db-b92d-0012f0d623b1}]
AutoRun\command- F:\RavMon.exe
explore\Command- F:\RavMon.exe -e
open\Command- F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}]
AutoRun\command- F:\Autorun.exe /run
Shell00\Command- F:\Autorun.exe /run
Shell01\Command- F:\Autorun.exe /action
Shell02\Command- F:\Autorun.exe /uninstall




-- End of Deckard's System Scanner: finished at 2007-12-18 15:16:47 ------------
vinaymieux
Regular Member
 
Posts: 31
Joined: November 27th, 2007, 10:41 am

Re: BurstMedia attack HELP!!

Unread postby vinaymieux » December 18th, 2007, 6:00 am

Here's the extra.txt for Deckard's System Scanner:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 503.42 MiB / 153.61 MiB
Pagefile Memory (total/avail): 1227.2 MiB / 825.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.46 MiB

C: is Fixed (NTFS) - 29.29 GiB total, 10.74 GiB free.
D: is Fixed (NTFS) - 26.59 GiB total, 0.16 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6025GAS - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 26.59 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: avast! antivirus 4.7.844 [VPS 0633-3] v4.7.844 (ALWIL Software) Disabled
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"E:\\j2re1.4.2_01\\bin\\javaw.exe"="E:\\j2re1.4.2_01\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Disabled:TrueVector Service"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Vinay_Acer\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VINAY
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vinay_Acer
LOGONSERVER=\\VINAY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Teleca Shared;c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1;;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VINAY_~1\LOCALS~1\Temp
USERDOMAIN=VINAY
USERNAME=Vinay_Acer
USERPROFILE=C:\Documents and Settings\Vinay_Acer
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Vinay_Acer (admin)
Test (new local, admin)
Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> msiexec /x{1C32666E-3F65-4A9A-BC4D-FE293015FE7B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 4.2.9.2 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy 4.2\unins000.exe"
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Ad-aware 6 Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems AC'97 Modem --> agrsmdel
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
Broadcom 440x 10/100 Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Broadcom 802.11 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
CC_ccProxyExt --> MsiExec.exe /I{4AAD206E-0557-440F-8A98-94921A64BF4B}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ccPxyCore --> MsiExec.exe /I{47A86BDE-6871-4A8A-BB49-21FAF754E00E}
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Creative PlayCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\Setup.exe" -l0x9 /remove
Creative WaveStudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\Setup.exe" -l0x9 /remove
CuteFTP 7 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DVD43 v3.9.0 --> "C:\Program Files\dvd43\unins000.exe"
FFTD Screensaver --> C:\WINDOWS\system32\FFTD Screensaver.scr /u
Free Mp3 Wma Converter V 1.4.0 --> "C:\Program Files\Free Audio Pack\unins000.exe"
FreeAgent Go Tools --> C:\Program Files\InstallShield Installation Information\{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}\setup.exe -runfromtemp -l0x0409
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
hp deskjet 5550 series (Remove only) --> C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall
hp LaserJet-all-in-one --> C:\Program Files\hp\Digital Imaging\{1B4B2D13-BA87-4c7c-8B67-0EE7CE698415}\setup\hpzscr01.exe -datfile hpbscr01.dat
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Software Update --> MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Kundli for Windows (Lite Edition) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Computer Zone\Kundli for Windows (Lite Edition)\DeIsL1.isu" -c"C:\Program Files\Computer Zone\Kundli for Windows (Lite Edition)\_ISREG32.DLL"
LaserAIO --> MsiExec.exe /I{DD23CAA4-8872-4B95-B263-EA46FD82CF19}
Launch Manager --> C:\WINDOWS\UnInst32.exe LManager.UNI
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
mpegable X4 live --> C:\WINDOWS\AKDeInstall.exe "/C:\Program Files\mpegable\"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Add-on Pack (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_1_0_38\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}.exe" /X
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security Bonus Pack --> MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
Opera 9.01 --> MsiExec.exe /X{256808AA-7E9E-4DB5-8A27-A26268864747}
OrderReminder hp LaserJet 3015/3020/3030/3380 --> "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\Uninstall-hpLJ_3015-3020-3030-3380\installerhelper.exe" "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\Uninstall-hpLJ_3015-3020-3030-3380\installerhelper.properties" -from-addremove
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE0F631-6748-4A2F-A409-FA1A287D8075}\Setup.exe" -l0x9
PodUtil 2.7.1 --> "C:\Program Files\PodUtil\unins000.exe"
Power MP3 WMA Converter 2005, (ver 2.0) --> "C:\Program Files\Power MP3 WMA Converter\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
selection program --> MsiExec.exe /X{BA754419-CD7E-4F8A-A367-BFF9E3E8F688}
SEMC DSS SyncStation Driver --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
SMSC IrCC V5.1.3600.5 SP2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\Setup.EXE" -l0x9 UNINSTALL
Sony Ericsson PC Suite 3.1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC18114B-05A0-11D6-8140-000102E745A6}\Setup.exe" -l0x9
Sony Ericsson Themes Creator 3.15 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Superman Returns Screen Saver --> C:\WINDOWS\system32\Superman Returns.scr /u
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
Symbian Developer Certificate Request --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA6C1A80-D188-427C-8102-226CF9E35AF4}\setup.exe" -l0x9 -removeonly
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UMVPLStandalone --> MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordWeb --> C:\Program Files\WordWeb\uninst.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZTE CDMA1X CARD --> "C:\Program Files\ZTE CDMA1X CARD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type24865 / Error
Event Submitted/Written: 12/13/2007 03:14:08 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\documents and settings\all users\application data\microsoft\visio\catalog.wci could not be initialized. Error 3221225529.

Event Record #/Type24847 / Error
Event Submitted/Written: 12/13/2007 03:04:19 PM
Event ID/Source: 4118 / Ci
Event Description:
A content scan could not be completed on c:\program files\microsoft office\visio11\.

Event Record #/Type24826 / Error
Event Submitted/Written: 12/12/2007 03:07:57 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\documents and settings\all users\application data\microsoft\visio\catalog.wci could not be initialized. Error 3221225529.

Event Record #/Type24808 / Error
Event Submitted/Written: 12/09/2007 07:32:18 PM
Event ID/Source: 4118 / Ci
Event Description:
A content scan could not be completed on c:\program files\microsoft office\visio11\.

Event Record #/Type24789 / Error
Event Submitted/Written: 12/05/2007 04:42:58 PM
Event ID/Source: 4118 / Ci
Event Description:
A content scan could not be completed on c:\program files\microsoft office\visio11\.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type94756 / Error
Event Submitted/Written: 12/13/2007 03:07:08 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The aswUpdSv service failed to start due to the following error:
%%3

Event Record #/Type94747 / Error
Event Submitted/Written: 12/13/2007 03:01:59 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Logitech Process Monitor service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type94727 / Error
Event Submitted/Written: 12/13/2007 02:57:08 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The aswUpdSv service failed to start due to the following error:
%%3

Event Record #/Type94726 / Error
Event Submitted/Written: 12/13/2007 02:57:05 PM
Event ID/Source: 19 / Print
Event Description:
Sharing printer failed + 1722, Printer hp LaserJet 3020 PCL 6 share name Printer3.

Event Record #/Type94717 / Warning
Event Submitted/Written: 12/13/2007 04:40:22 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2007-12-18 15:16:47 ------------
vinaymieux
Regular Member
 
Posts: 31
Joined: November 27th, 2007, 10:41 am

Re: BurstMedia attack HELP!!

Unread postby ndmmxiaomayi » December 18th, 2007, 7:22 am

Hi vinaymieux,

Try this first:

  1. Right click on My Computer and select Properties.
  2. Select the Hardware tab.
  3. Click on the Device Manager button.
  4. Device Manager will open. Under the Network Adapters section, click on + sign to expand it.
  5. Locate Bluetooth LAN Access Server Driver. Right click on it and select Enable.

Also enable these via MSConfig

1. AGRSMMSG
2. IntelWireless
3. Symantec NetDriver Monitor
4. Automatic LiveUpdate Scheduler (under Services tab)
____________________

Disable Adwatch temporarily

1. Right click on the Ad-Watch icon in the system tray.
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically

3. Uncheck both of those boxes.
____________________

Please download Flash_Disinfector.exe and save it to your desktop.

Double click to run it. You will be prompted to plug in your flash drive. Plug in your flash drive and continue. Your desktop will disappear temporarily when the fix is running. When done, a popup box will open. Click OK. You should be able to see your desktop now.

If you can't see your desktop, press Ctrl + Shift + Esc to open Task Manager. Click on File > New Task (Run...). Type in explorer.exe and press Enter.

Open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
if exist C:\peek*.txt del /q C:\peek*.txt
if exist C:\startup.txt del /q C:\startup.txt
regedit /e C:\peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
regedit /e C:\peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"
regedit /e C:\peek3.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services"
regedit /e C:\peek4.txt "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2"
type C:\peek*.txt >> C:\startup.txt
del /q C:\peek*.txt
start notepad C:\startup.txt


Click on File > Save As....

In the File Name box, copy and paste in mountpoints.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on mountpoints.bat to run it. Command Prompt will open and close quickly; this is normal. Notepad will open shortly afterwards. Please post the contents of this Notepad file in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BurstMedia attack HELP!!

Unread postby vinaymieux » December 21st, 2007, 7:35 am

Hi ndmmxiaomayi,

Firstly, I could not find the following in msconfig:

3. Symantec NetDriver Monitor
4. Automatic LiveUpdate Scheduler (under Services tab)

Here's the startup text file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EOUApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EOUWiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gcasServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelWireless]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ifrmewrk"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StatusClient 2.6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StatusClient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\StatusClient\\StatusClient.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StxTrayMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StxMenuMgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Seagate\\SystemTray\\StxMenuMgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ThreatFire]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TFTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\ThreatFire\\TFTray.exe"
"inimapping"="0"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GetRight - Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GetRight\\getright.exe "
"item"="GetRight - Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office OneNote 2003 Quick Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTEM.EXE /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Phone Connection Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Phone Connection Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYER~1\\Mobile\\AUDEVI~1.EXE "
"item"="Phone Connection Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package Menu.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~4\\SonyTray.exe "
"item"="Picture Package Menu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package VCD Maker.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h"
"item"="Picture Package VCD Maker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Vinay_Acer^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
"path"="C:\\Documents and Settings\\Vinay_Acer\\Start Menu\\Programs\\Startup\\Microsoft Office Groove.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office Groove.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office12\\GROOVE.EXE -background"
"item"="Microsoft Office Groove"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Vinay_Acer^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
"path"="C:\\Documents and Settings\\Vinay_Acer\\Start Menu\\Programs\\Startup\\OneNote 2007 Screen Clipper and Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\OneNote 2007 Screen Clipper and Launcher.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office12\\ONENOTEM.EXE /tsr"
"item"="OneNote 2007 Screen Clipper and Launcher"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=dword:00000002
"ThreatFire"=dword:00000002
"AVG Anti-Spyware Guard"=dword:00000002

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun\DefaultIcon]
@="E:\\setup.exe,0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4b50bd-a898-11dc-ba68-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4b50bd-a898-11dc-ba68-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4b50bd-a898-11dc-ba68-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4b50bd-a898-11dc-ba68-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ddaf6a-f9c0-11da-b8e6-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{190fb290-401d-11db-b92d-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4faf7841-4be0-11db-b940-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4faf7841-4be0-11db-b940-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4faf7841-4be0-11db-b940-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4faf7841-4be0-11db-b940-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f54f613-bcce-11db-b9a0-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f54f613-bcce-11db-b9a0-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f54f613-bcce-11db-b9a0-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f54f613-bcce-11db-b9a0-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{686725c2-a20b-11da-b87c-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{686725ca-a20b-11da-b87c-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00
"_CommentFromDesktopINI"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{686725ca-a20b-11da-b87c-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{686725ca-a20b-11da-b87c-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{686725ca-a20b-11da-b87c-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
"_LabelFromReg"="Seagate Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\EULA]
@="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell]
@="Shell01"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\AutoRun\command]
@="F:\\Autorun.exe /run"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\Shell00]
@="Start Ceedo"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\Shell00\Command]
@="F:\\Autorun.exe /run"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\Shell01]
@="Open Ceedo Action Window"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\Shell01\Command]
@="F:\\Autorun.exe /action"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\Shell02]
@="Uninstall Ceedo"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Shell\Shell02\Command]
@="F:\\Autorun.exe /uninstall"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\Title]
@="Ceedo"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\_Autorun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\_Autorun\Action]
@="Start Ceedo"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7334b28a-9813-11dc-ba48-0012f0d623b1}\_Autorun\DefaultIcon]
@="F:\\Ceedo\\Ceedo\\CeedoRes.dll,-4107"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{747577e4-6e43-11db-b96a-0012f0d623b1}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{747577e4-6e43-11db-b96a-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{747577e4-6e43-11db-b96a-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{747577e4-6e43-11db-b96a-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a3b5ee-3e4a-11db-b92b-000000000000}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a3b5ee-3e4a-11db-b92b-000000000000}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a3b5ee-3e4a-11db-b92b-000000000000}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a3b5ee-3e4a-11db-b92b-000000000000}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84487bb0-a26d-11dc-ba64-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84487bb0-a26d-11dc-ba64-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84487bb0-a26d-11dc-ba64-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84487bb0-a26d-11dc-ba64-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890c2242-e70b-11da-b8c6-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3082d56-554e-11db-b94f-0012f0d623b1}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae25dede-bd6b-11da-b89a-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae25dede-bd6b-11da-b89a-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae25dede-bd6b-11da-b89a-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae25dede-bd6b-11da-b89a-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e0-833e-11db-b97a-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e0-833e-11db-b97a-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e0-833e-11db-b97a-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e0-833e-11db-b97a-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e1-833e-11db-b97a-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e1-833e-11db-b97a-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e1-833e-11db-b97a-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e1-833e-11db-b97a-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e2-833e-11db-b97a-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e2-833e-11db-b97a-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e2-833e-11db-b97a-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e2-833e-11db-b97a-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e3-833e-11db-b97a-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e3-833e-11db-b97a-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e3-833e-11db-b97a-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea8b4e3-833e-11db-b97a-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2c62bc5-f892-11db-b9d4-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c364ff46-acda-11da-b88e-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c364ff46-acda-11da-b88e-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c364ff46-acda-11da-b88e-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c364ff46-acda-11da-b88e-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c364ff4e-acda-11da-b88e-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f470a8-e643-11da-b8c5-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d01c12-6901-11dc-ba1c-0012f0d623b1}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d01c13-6901-11dc-ba1c-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,06,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d01c13-6901-11dc-ba1c-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d01c13-6901-11dc-ba1c-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d01c13-6901-11dc-ba1c-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d965af20-9b5b-11da-ab37-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,df,\
df,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,08,02,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d965af20-9b5b-11da-ab37-806d6172696f}\_Autorun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d965af20-9b5b-11da-ab37-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\autorun.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d965af22-9b5b-11da-ab37-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d965af24-9b5b-11da-ab37-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf9421f-e7c6-11da-b8c7-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1ce9842-b860-11db-b99b-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1ce9842-b860-11db-b99b-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1ce9842-b860-11db-b99b-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1ce9842-b860-11db-b99b-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d230cb-9737-11dc-ba3f-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,06,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d230cb-9737-11dc-ba3f-0012f0d623b1}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d230cb-9737-11dc-ba3f-0012f0d623b1}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d230cb-9737-11dc-ba3f-0012f0d623b1}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d230cb-9737-11dc-ba3f-0012f0d623b1}\_Autorun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d230cb-9737-11dc-ba3f-0012f0d623b1}\_Autorun\DefaultIcon]
@="F:\\AUTORUN\\WDLOGO.ICO"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f861900c-c3af-11da-b89f-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbcb9226-c8b7-11da-b8a5-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbcb9227-c8b7-11da-b8a5-0012f0d623b1}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feed8464-d07c-11db-b9b5-000fb0815394}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feed8464-d07c-11db-b9b5-000fb0815394}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feed8464-d07c-11db-b9b5-000fb0815394}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feed8464-d07c-11db-b9b5-000fb0815394}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{d965af20-9b5b-11da-ab37-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
00,52,00,57,00,23,00,44,00,56,00,44,00,5f,00,47,00,43,00,43,00,2d,00,34,00,\
32,00,34,00,34,00,4e,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,31,00,2e,00,30,00,30,00,5f,00,5f,00,\
5f,00,5f,00,23,00,35,00,26,00,64,00,65,00,33,00,36,00,39,00,65,00,35,00,26,\
00,30,00,26,00,30,00,2e,00,31,00,2e,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,64,00,39,00,36,00,35,00,61,00,66,00,32,00,30,00,2d,00,39,00,62,\
00,35,00,62,00,2d,00,31,00,31,00,64,00,61,00,2d,00,61,00,62,00,33,00,37,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,1f,01,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{d965af22-9b5b-11da-ab37-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,33,00,34,00,38,00,39,00,33,00,34,\
00,38,00,38,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,35,00,32,00,43,00,\
36,00,35,00,45,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,36,00,41,\
00,35,00,42,00,35,00,32,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,64,00,39,00,36,00,35,00,61,00,66,00,32,00,32,00,2d,00,39,00,62,\
00,35,00,62,00,2d,00,31,00,31,00,64,00,61,00,2d,00,61,00,62,00,33,00,37,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,05,00,ff,00,00,00,16,00,00,00,4b,bc,92,34,00,00,00,00,00,00,00,30,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{d965af24-9b5b-11da-ab37-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,33,00,34,00,38,00,39,00,33,00,34,\
00,38,00,38,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,\
4c,00,65,00,6e,00,67,00,74,00,68,00,37,00,35,00,32,00,43,00,35,00,36,00,32,\
00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,\
2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,\
00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,\
62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,64,00,39,00,36,00,35,00,61,00,66,00,32,00,34,00,2d,00,39,00,62,\
00,35,00,62,00,2d,00,31,00,31,00,64,00,61,00,2d,00,61,00,62,00,33,00,37,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,05,00,ff,00,00,00,16,00,00,00,db,1a,bc,bc,00,00,00,00,00,00,00,30,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000002
vinaymieux
Regular Member
 
Posts: 31
Joined: November 27th, 2007, 10:41 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 16 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware